FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-09-2011, 04:41 PM
Rich Megginson
 
Default Error finding "Registered server" on DSGW with HTTP auth enabled

On 03/09/2011 10:22 AM, Bowden, Brendan wrote:
> Hello all,
>
> I'm getting an odd error from the admin server after enabling authentication on the DSGW as described here: http://directory.fedoraproject.org/wiki/DSGW#Requiring_Authenticated_Access
>
> At first it wouldn't find any users; I tracked that back to it searching under o=NetscapeRoot instead of the real baseDN where the users are, so I adjusted ldapurl in adm.conf (names slightly changed to protect the innocent):
>
> > From - ldapurl: ldap://ldap-01.example.com:389/o=NetscapeRoot
> To - ldapurl: ldap://ldap-01.example.com:389/dc=example,dc=com
This may break other aspects of admin server and console.
> Now it finds the users OK, but is erroring on this:
>
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd)
>
> I've searched all over for this one and can't find any hints. The source code says it's searching for "dsgwcmd" as a serverID under Server Groups in LDAP somewhere?
>
> Any help would be appreciated, thanks!
I think it's just broken. This was very likely broken when the admin
server was ported to apache some years ago.
> ---------------------------------------------------------------------
>
>
>
> Admin-serv errors log with debug enabled:
>
>
> [Wed Mar 09 09:57:49 2011] [info] Connection to child 9 established (server ldap-01.example.com:443, client 1.2.3.4)
> [Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4, referer: https://password.leve
> l3sa.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuratio
> n, referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2754): [client 1.2.3.4] checking user cache for: testaccount, referer: https://password.example.com/clien
> ts/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2761): [client 1.2.3.4] not in cache, trying DS, referer: https://password.example.com/clients/dsgw/bin/la
> ng?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(1586): [client 1.2.3.4] admserv_check_authz: request for uri [/dsgwcmd/lang], referer: https://password.lev
> el3sa.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd), referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 9 closed (server ldap-01.example.com:443, client 1.2.3.4)
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 10 established (server ldap-01.example.com:443, client 1.2.3.4)
> [Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4
> [Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuration
> [Wed Mar 09 09:57:50 2011] [info] Initial (No.1) HTTPS request received for child 10 (server ldap-01.example.com:443)
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] File does not exist: /usr/share/dirsrv/html/favicon.ico
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 10 closed (server ldap-01.example.com:443, client 1.2.3.4)
>
>
> LDAPd access log for the same access attempt:
>
> [09/Mar/2011:09:57:49 -0500] conn=349 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 BIND dn="" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=testaccount)" attrs="c"
> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 RESULT err=0 tag=101 nentries=1 etime=0
> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=350 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 fd=112 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=351 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 fd=113 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 SRCH base="cn=slapd-ldap-01, cn=389 Directory Server, cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 RESULT err=0 tag=101 nentries=20 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=352 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 fd=112 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 fd=113 closed - U1
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-09-2011, 06:24 PM
"Bowden, Brendan"
 
Default Error finding "Registered server" on DSGW with HTTP auth enabled

Changing the ldapURL didn't seem to affect the admin server or management console, though maybe I just haven't hit any functions that would be affected yet.

Assuming the documented auth method is broken, any suggestions for an equivalent? The idea is to require users to login before they get any access to the DSGW interface; this would let us use ACIs to keep users from seeing directory information outside their own groups/OUs.

Thanks!

-----Original Message-----
From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Wednesday, March 09, 2011 12:41 PM
To: General discussion list for the 389 Directory server project.
Cc: Bowden, Brendan
Subject: Re: [389-users] Error finding "Registered server" on DSGW with HTTP auth enabled

On 03/09/2011 10:22 AM, Bowden, Brendan wrote:
> Hello all,
>
> I'm getting an odd error from the admin server after enabling
> authentication on the DSGW as described here:
> http://directory.fedoraproject.org/wiki/DSGW#Requiring_Authenticated_A
> ccess
>
> At first it wouldn't find any users; I tracked that back to it searching under o=NetscapeRoot instead of the real baseDN where the users are, so I adjusted ldapurl in adm.conf (names slightly changed to protect the innocent):
>
> > From - ldapurl: ldap://ldap-01.example.com:389/o=NetscapeRoot
> To - ldapurl: ldap://ldap-01.example.com:389/dc=example,dc=com
This may break other aspects of admin server and console.
> Now it finds the users OK, but is erroring on this:
>
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4]
> admserv_check_authz(): unable to find registered server (dsgwcmd)
>
> I've searched all over for this one and can't find any hints. The source code says it's searching for "dsgwcmd" as a serverID under Server Groups in LDAP somewhere?
>
> Any help would be appreciated, thanks!
I think it's just broken. This was very likely broken when the admin server was ported to apache some years ago.
> ---------------------------------------------------------------------
>
>
>
> Admin-serv errors log with debug enabled:
>
>
> [Wed Mar 09 09:57:49 2011] [info] Connection to child 9 established
> (server ldap-01.example.com:443, client 1.2.3.4) [Wed Mar 09 09:57:50
> 2011] [notice] [client 1.2.3.4] admserv_host_ip_check:
> ap_get_remote_host could not resolve 1.2.3.4, referer:
> https://password.example.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4]
> admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check
> your host and DNS configuratio n, referer:
> https://password.example.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2754): [client
> 1.2.3.4] checking user cache for: testaccount, referer:
> https://password.example.com/clien
> ts/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2761): [client
> 1.2.3.4] not in cache, trying DS, referer:
> https://password.example.com/clients/dsgw/bin/la
> ng?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(1586): [client
> 1.2.3.4] admserv_check_authz: request for uri [/dsgwcmd/lang],
> referer: https://password.lev
> el3sa.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4]
> admserv_check_authz(): unable to find registered server (dsgwcmd),
> referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 9 closed (server
> ldap-01.example.com:443, client 1.2.3.4) [Wed Mar 09 09:57:50 2011]
> [info] Connection to child 10 established (server
> ldap-01.example.com:443, client 1.2.3.4) [Wed Mar 09 09:57:50 2011]
> [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host
> could not resolve 1.2.3.4 [Wed Mar 09 09:57:50 2011] [warn] [client
> 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr
> [1.2.3.4] - check your host and DNS configuration [Wed Mar 09 09:57:50
> 2011] [info] Initial (No.1) HTTPS request received for child 10
> (server ldap-01.example.com:443) [Wed Mar 09 09:57:50 2011] [error]
> [client 1.2.3.4] File does not exist:
> /usr/share/dirsrv/html/favicon.ico
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 10 closed
> (server ldap-01.example.com:443, client 1.2.3.4)
>
>
> LDAPd access log for the same access attempt:
>
> [09/Mar/2011:09:57:49 -0500] conn=349 fd=112 slot=112 connection from
> 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 BIND dn="" method=128
> version=3
> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=testaccount)" attrs="c"
> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 RESULT err=0 tag=101
> nentries=1 etime=0
> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 BIND
> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
> version=3
> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=350 fd=113 slot=113 connection from
> 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 fd=112 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 BIND
> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
> version=3
> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 SRCH base="cn=Server Group,
> cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2
> filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 RESULT err=0 tag=101
> nentries=62 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=351 fd=112 slot=112 connection from
> 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 fd=113 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 BIND
> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
> version=3
> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 SRCH
> base="cn=slapd-ldap-01, cn=389 Directory Server, cn=Server Group,
> cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2
> filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 RESULT err=0 tag=101
> nentries=20 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=352 fd=113 slot=113 connection from
> 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 fd=112 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 BIND
> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
> version=3
> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 SRCH base="cn=Server Group,
> cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2
> filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 RESULT err=0 tag=101
> nentries=62 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 fd=113 closed - U1
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-09-2011, 06:32 PM
Rich Megginson
 
Default Error finding "Registered server" on DSGW with HTTP auth enabled

On 03/09/2011 12:24 PM, Bowden, Brendan wrote:
> Changing the ldapURL didn't seem to affect the admin server or management console, though maybe I just haven't hit any functions that would be affected yet.
>
> Assuming the documented auth method is broken, any suggestions for an equivalent? The idea is to require users to login before they get any access to the DSGW interface; this would let us use ACIs to keep users from seeing directory information outside their own groups/OUs.
I suppose you could just turn off anonymous access to the directory
server. Then they would have to login through the DSGW login page to
see anything. If that doesn't work, then use a binddn and
http://directory.fedoraproject.org/wiki/DSGW#Configuring_Anonymous_Access and
create an aci that only allows that user to perform enough of a search
to find the user's DN for logging in as that user.
> Thanks!
>
> -----Original Message-----
> From: Rich Megginson [mailto:rmeggins@redhat.com]
> Sent: Wednesday, March 09, 2011 12:41 PM
> To: General discussion list for the 389 Directory server project.
> Cc: Bowden, Brendan
> Subject: Re: [389-users] Error finding "Registered server" on DSGW with HTTP auth enabled
>
> On 03/09/2011 10:22 AM, Bowden, Brendan wrote:
>> Hello all,
>>
>> I'm getting an odd error from the admin server after enabling
>> authentication on the DSGW as described here:
>> http://directory.fedoraproject.org/wiki/DSGW#Requiring_Authenticated_A
>> ccess
>>
>> At first it wouldn't find any users; I tracked that back to it searching under o=NetscapeRoot instead of the real baseDN where the users are, so I adjusted ldapurl in adm.conf (names slightly changed to protect the innocent):
>>
>>> From - ldapurl: ldap://ldap-01.example.com:389/o=NetscapeRoot
>> To - ldapurl: ldap://ldap-01.example.com:389/dc=example,dc=com
> This may break other aspects of admin server and console.
>> Now it finds the users OK, but is erroring on this:
>>
>> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4]
>> admserv_check_authz(): unable to find registered server (dsgwcmd)
>>
>> I've searched all over for this one and can't find any hints. The source code says it's searching for "dsgwcmd" as a serverID under Server Groups in LDAP somewhere?
>>
>> Any help would be appreciated, thanks!
> I think it's just broken. This was very likely broken when the admin server was ported to apache some years ago.
>> ---------------------------------------------------------------------
>>
>>
>>
>> Admin-serv errors log with debug enabled:
>>
>>
>> [Wed Mar 09 09:57:49 2011] [info] Connection to child 9 established
>> (server ldap-01.example.com:443, client 1.2.3.4) [Wed Mar 09 09:57:50
>> 2011] [notice] [client 1.2.3.4] admserv_host_ip_check:
>> ap_get_remote_host could not resolve 1.2.3.4, referer:
>> https://password.example.com/clients/dsgw/bin/lang?context=pb
>> [Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4]
>> admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check
>> your host and DNS configuratio n, referer:
>> https://password.example.com/clients/dsgw/bin/lang?context=pb
>> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2754): [client
>> 1.2.3.4] checking user cache for: testaccount, referer:
>> https://password.example.com/clien
>> ts/dsgw/bin/lang?context=pb
>> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2761): [client
>> 1.2.3.4] not in cache, trying DS, referer:
>> https://password.example.com/clients/dsgw/bin/la
>> ng?context=pb
>> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(1586): [client
>> 1.2.3.4] admserv_check_authz: request for uri [/dsgwcmd/lang],
>> referer: https://password.lev
>> el3sa.com/clients/dsgw/bin/lang?context=pb
>> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4]
>> admserv_check_authz(): unable to find registered server (dsgwcmd),
>> referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
>> [Wed Mar 09 09:57:50 2011] [info] Connection to child 9 closed (server
>> ldap-01.example.com:443, client 1.2.3.4) [Wed Mar 09 09:57:50 2011]
>> [info] Connection to child 10 established (server
>> ldap-01.example.com:443, client 1.2.3.4) [Wed Mar 09 09:57:50 2011]
>> [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host
>> could not resolve 1.2.3.4 [Wed Mar 09 09:57:50 2011] [warn] [client
>> 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr
>> [1.2.3.4] - check your host and DNS configuration [Wed Mar 09 09:57:50
>> 2011] [info] Initial (No.1) HTTPS request received for child 10
>> (server ldap-01.example.com:443) [Wed Mar 09 09:57:50 2011] [error]
>> [client 1.2.3.4] File does not exist:
>> /usr/share/dirsrv/html/favicon.ico
>> [Wed Mar 09 09:57:50 2011] [info] Connection to child 10 closed
>> (server ldap-01.example.com:443, client 1.2.3.4)
>>
>>
>> LDAPd access log for the same access attempt:
>>
>> [09/Mar/2011:09:57:49 -0500] conn=349 fd=112 slot=112 connection from
>> 127.0.0.1 to 127.0.0.1
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 BIND dn="" method=128
>> version=3
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=testaccount)" attrs="c"
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 BIND
>> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
>> version=3
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
>> [09/Mar/2011:09:57:49 -0500] conn=350 fd=113 slot=113 connection from
>> 127.0.0.1 to 127.0.0.1
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 UNBIND
>> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 fd=112 closed - U1
>> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 BIND
>> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
>> version=3
>> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
>> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 SRCH base="cn=Server Group,
>> cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2
>> filter="(objectClass=*)" attrs=ALL
>> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 RESULT err=0 tag=101
>> nentries=62 etime=0 notes=U
>> [09/Mar/2011:09:57:49 -0500] conn=351 fd=112 slot=112 connection from
>> 127.0.0.1 to 127.0.0.1
>> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 UNBIND
>> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 fd=113 closed - U1
>> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 BIND
>> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
>> version=3
>> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
>> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 SRCH
>> base="cn=slapd-ldap-01, cn=389 Directory Server, cn=Server Group,
>> cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2
>> filter="(objectClass=*)" attrs=ALL
>> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 RESULT err=0 tag=101
>> nentries=20 etime=0 notes=U
>> [09/Mar/2011:09:57:49 -0500] conn=352 fd=113 slot=113 connection from
>> 127.0.0.1 to 127.0.0.1
>> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 UNBIND
>> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 fd=112 closed - U1
>> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 BIND
>> dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128
>> version=3
>> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
>> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 SRCH base="cn=Server Group,
>> cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2
>> filter="(objectClass=*)" attrs=ALL
>> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 RESULT err=0 tag=101
>> nentries=62 etime=0 notes=U
>> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 UNBIND
>> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 fd=113 closed - U1
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 10:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org