Infinity9999
New Member.
290 views

Random -672 no access errors on modifies


We've had long-standing issues where randomly we'll get -672 no access
errors in trace during modify operations which then causes the attribute
changes to fail. The odd thing is that these are all done with a
service ID as part of an application and it's able to modify the vast
majority of things without any problems. I have trace running with
LDAP, NMAS and AUTH and it doesn't really tell me much. The only thing
that I can think of is that the volume on this server is so high that
perhaps it's not able to accurately calculate the access rights that the
ID has. Does that sound like a valid possibility? I haven't been able
to replicate it in the lab, and it happens on random objects, so it's
been annoying to try to troubleshoot. I'm really just trying to get
ideas on what else I can try to do to find a root cause for these, so
any thoughts are appreciated.


--
infinity9999
------------------------------------------------------------------------
infinity9999's Profile: http://forums.novell.com/member.php?userid=29641
View this thread: http://forums.novell.com/showthread.php?t=450878

Labels (1)
0 Likes
5 Replies
Knowledge Partner
Knowledge Partner

Re: Random -672 no access errors on modifies

On Tue, 17 Jan 2012 19:56:01 +0000, infinity9999 wrote:

> We've had long-standing issues where randomly we'll get -672 no access
> errors in trace during modify operations which then causes the attribute
> changes to fail.


eDirectory version?

Probably doesn't matter, but OS (distro and version)?


> The odd thing is that these are all done with a
> service ID as part of an application and it's able to modify the vast
> majority of things without any problems. I have trace running with
> LDAP, NMAS and AUTH and it doesn't really tell me much.


AUTH probably won't help any. Are these changes being made via LDAP? If
so, let's see a snippet of the trace showing the bind and modify.


> The only thing
> that I can think of is that the volume on this server is so high that
> perhaps it's not able to accurately calculate the access rights that the
> ID has.


Unlikely.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Infinity9999
New Member.

Re: Random -672 no access errors on modifies


Ack, sorry, always forget that when I post. It's running on SLES 10.3
either eDir 8.8.5.3, but it's slated to be upgraded to SLES 11.1 and
eDir 8.8.6.2 next month.

They are straight LDAP calls. I'll see if I can get a trace pieced
together to post up here.


--
infinity9999
------------------------------------------------------------------------
infinity9999's Profile: http://forums.novell.com/member.php?userid=29641
View this thread: http://forums.novell.com/showthread.php?t=450878

0 Likes
Knowledge Partner
Knowledge Partner

Re: Random -672 no access errors on modifies

On Tue, 17 Jan 2012 20:46:01 +0000, infinity9999 wrote:

> Ack, sorry, always forget that when I post. It's running on SLES 10.3
> either eDir 8.8.5.3, but it's slated to be upgraded to SLES 11.1 and
> eDir 8.8.6.2 next month.


Hmm. There's a bug (#531644) that *might* be related. It's not a public
bug, so you can't see the details on it. It seems to be related to a
multi-threaded application where each thread is doing bind/modify
operations. Occasionally, the authentication bind fails, so the following
modify fails with -672 / no access because without authentication, the
bind is treated as an anonymous bind.

Does this sound like it might describe your application?

I've also seen some comments that other problems (time not synchronized,
servers down, external reference problems, etc.) could result in -672
errors being returned. These should all be fixed in the current code, so
your upgrade to 8.8.6.2 may help.


> They are straight LDAP calls. I'll see if I can get a trace pieced
> together to post up here.


That might help.



--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Infinity9999
New Member.

Re: Random -672 no access errors on modifies


dgersic;2168602 Wrote:
> On Tue, 17 Jan 2012 20:46:01 +0000, infinity9999 wrote:
> Hmm. There's a bug (#531644) that *might* be related. It's not a
> public
> bug, so you can't see the details on it. It seems to be related to a
> multi-threaded application where each thread is doing bind/modify
> operations. Occasionally, the authentication bind fails, so the
> following
> modify fails with -672 / no access because without authentication, the
> bind is treated as an anonymous bind.
>
> Does this sound like it might describe your application?
>
> I've also seen some comments that other problems (time not
> synchronized,
> servers down, external reference problems, etc.) could result in -672
> errors being returned. These should all be fixed in the current code,
> so
> your upgrade to 8.8.6.2 may help.
>


Actually that bug report sounds like it might have a good possibility
of being related. We have anonymous binds disabled in the directory, so
that would definitely cause an issue. Perhaps what I'll do is to just
wait it out for the next month (we've had this going on for a good year
and a half or so) and see if our rebuild/upgrade changes anything.


--
infinity9999
------------------------------------------------------------------------
infinity9999's Profile: http://forums.novell.com/member.php?userid=29641
View this thread: http://forums.novell.com/showthread.php?t=450878

0 Likes
Knowledge Partner
Knowledge Partner

Re: Random -672 no access errors on modifies

On Tue, 17 Jan 2012 22:16:02 +0000, infinity9999 wrote:

> Actually that bug report sounds like it might have a good possibility of
> being related.


Is your application multi-threaded? That seems to be the trigger for this
bug. Single threaded apps shouldn't, I think, be affected by it.


> We have anonymous binds disabled in the directory, so
> that would definitely cause an issue. Perhaps what I'll do is to just
> wait it out for the next month (we've had this going on for a good year
> and a half or so) and see if our rebuild/upgrade changes anything.


Sounds like a good plan. Let us know what happens.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.