Xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.
-
Hi,
When synchronising from master to slave, the slave reports an LDAP error multiple times. As far as I know LDAP works fine. I can go into Diagnostics โ Authentication and do LDAP auth on both the master and slave. What does the error mean?
Feb 13 09:54:43 pfsense-02 php-fpm[89552]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found. Feb 13 09:54:46 pfsense-02 php-fpm[89552]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found. Feb 13 09:54:57 pfsense-02 check_reload_status: Syncing firewall Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found. Feb 13 09:54:57 pfsense-02 check_reload_status: Reloading filter Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: ROUTING: setting default route to 130.226.230.1 Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: Resyncing OpenVPN instances. Feb 13 09:54:57 pfsense-02 kernel: ovpns1: link state changed to DOWN Feb 13 09:54:57 pfsense-02 check_reload_status: Reloading filter Feb 13 09:54:58 pfsense-02 kernel: ovpns1: link state changed to UP Feb 13 09:54:58 pfsense-02 check_reload_status: rc.newwanip starting ovpns1 Feb 13 09:54:59 pfsense-02 xinetd[33035]: Starting reconfiguration Feb 13 09:54:59 pfsense-02 xinetd[33035]: Swapping defaults Feb 13 09:54:59 pfsense-02 xinetd[33035]: readjusting service 6969-udp Feb 13 09:54:59 pfsense-02 xinetd[33035]: Reconfigured: new=0 old=1 dropped=0 (services) Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip: Info: starting on ovpns1. Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip: on (IP address: 10.106.100.1) (interface: []) (real interface: ovpns1). Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip called with empty interface. Feb 13 09:54:59 pfsense-02 check_reload_status: Reloading filter Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection -ย ->ย 10.106.100.1 - Restarting packages. Feb 13 09:54:59 pfsense-02 check_reload_status: Starting packages Feb 13 09:54:59 pfsense-02 xinetd[33035]: Starting reconfiguration Feb 13 09:54:59 pfsense-02 xinetd[33035]: Swapping defaults Feb 13 09:54:59 pfsense-02 xinetd[33035]: readjusting service 6969-udp Feb 13 09:54:59 pfsense-02 xinetd[33035]: Reconfigured: new=0 old=1 dropped=0 (services) Feb 13 09:55:00 pfsense-02 php-fpm[89552]: /rc.start_packages: Restarting/Starting all packages.
-
It's probably trying to verify the sync user (e.g. admin) password. Since it doesn't match LDAP, it falls back to local auth and succeeds.
On 2.4 you can use a custom username there, once you are on 2.4 you should be able to make that sync user in LDAP and it should be happy that way.
-
Thanks, that makes sense. Would that also explain the 15-20 second wait for a sync to complete?
Oh, wait. I'm on 2.3.2 and I already have the ability to specify a sync user-name (attached, I hope). Can I specify an LDAP user here, or should I wait for 2.4?
-
On 2.3.x that field does nothing meaningful. 'admin' is hardcoded in the backend and assumed in a couple places. Have to wait for 2.4 for that.