On Thu, 2007-12-27 at 15:07 -0200, Daniel Cristian Cruz wrote:
[27/Dec/2007:13:37:54 -0200] conn=1 op=20 SRCH base="o=AAA
BBB" scope=2 filter="(&(objectClass=posixAccount)(o=CCC))", failed to
decode LDAP controls
[27/Dec/2007:13:37:54 -0200] conn=1 op=20 RESULT err=12 tag=101 nentries=0 etime=0
Does anyone know what this mean?
It means that the Cisco device tried to use an LDAP control that the
server didn't understand. My next step would be to check the logs on the
Cicso thing to see what it thinks it's trying to do, and whether it got
the information it needed. It's possible that it may simply try one
method, then fall back to something more widely supported when it fails.
That's not really the right way to discover the LDAP server's
capabilities, but it might work. If something is really not working, and
the logs don't make clear what the device is trying to do, I might then
go after packet data with a tool like Wireshark.
Hope that helps.
-Andrew