FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 02-19-2009, 08:46 PM
Norberto Bensa
 
Default LDAP+SASL

On Thu, Feb 19, 2009 at 7:26 PM, Michael Peek <peek@tiem.utk.edu> wrote:
> sasl-regexp uid=(.*),cn=.*,cn=auth
> uid=$1,ou=People,dc=nimbios,dc=org

You have at least two problems. The first one is sasl-regexp, AFAIK it
should be authz-regexp. The second problem is ".*" will match
everything and will not work as you expect. You need to tell the
regexp when to stop:

authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
uid=$1,ou=People,dc=nimbios,d=org

Also, remember to add "authz-policy to" too.

If it continues to fail, increase loglevel in slapd.conf


Regards,
Norberto

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-19-2009, 09:49 PM
Michael Peek
 
Default LDAP+SASL

Norberto Bensa wrote:
> On Thu, Feb 19, 2009 at 7:26 PM, Michael Peek <peek@tiem.utk.edu> wrote:
>
>> sasl-regexp uid=(.*),cn=.*,cn=auth
>> uid=$1,ou=People,dc=nimbios,dc=org
>>
>
> You have at least two problems. The first one is sasl-regexp, AFAIK it
> should be authz-regexp. The second problem is ".*" will match
> everything and will not work as you expect. You need to tell the
> regexp when to stop:
>
> authz-regexp
> uid=([^,]*),cn=[^,]*,cn=auth
> uid=$1,ou=People,dc=nimbios,d=org
>
> Also, remember to add "authz-policy to" too.
>
> If it continues to fail, increase loglevel in slapd.conf
>
>
> Regards,
> Norberto
>
>

Thanks Norberto.

I've removed the sasl-regexp and added the following:

authz-regexp uid=(.*),cn=[^,]*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org
authz-policy to

I also set the loglevel to stats.

On the linux host, I can type the following and get LDIF entries back:

ldapsearch -U admin@realm -H 'ldap://ldap.host.org/' -b
"dc=nimbios,dc=org" '(objectClass=*)'

But the mac still fails to bind. I'm telling the mac to bind with
cn=admin,dc=nimbios,dc=org, and giving it the password for the directory
admin. Here's the output from slapd:

slapd[19182]: conn=0 fd=15 ACCEPT from IP=xxx.xxx.xxx.xxx:49533
(IP=0.0.0.0:389)
slapd[19182]: conn=1 fd=16 ACCEPT from IP=xxx.xxx.xxx.xxx:49534
(IP=0.0.0.0:389)
slapd[19182]: conn=1 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=1 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[19182]: conn=1 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=0 fd=15 closed (connection lost)
slapd[19182]: conn=1 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=1 op=1 SRCH attr=subschemasubentry
slapd[19182]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=1 op=2 SRCH base="cn=Subschema" scope=0 deref=0
filter="(objectClass=subschema)"
slapd[19182]: conn=1 op=2 SRCH attr=objectclasses
slapd[19182]: conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=1 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=maco sxodconfig))"
slapd[19182]: conn=1 op=3 SRCH attr=description
slapd[19182]: <= bdb_equality_candidates: (ou) not indexed
slapd[19182]: conn=1 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[19182]: conn=1 op=4 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=1 op=4 SRCH attr=altserver
slapd[19182]: conn=1 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=2 fd=17 ACCEPT from IP=xxx.xxx.xxx.xxx:49535
(IP=0.0.0.0:389)
slapd[19182]: conn=2 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=2 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[19182]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=2 op=1 BIND dn="" method=163
slapd[19182]: conn=2 op=1 RESULT tag=97 err=14 text=SASL(0): successful
result: security flags do not match required
slapd[19182]: conn=2 op=2 BIND dn="" method=163
slapd[19182]: SASL [conn=2] Failure: no secret in database
slapd[19182]: conn=2 op=2 RESULT tag=97 err=49 text=SASL(-13): user not
found: no secret in database
slapd[19182]: conn=2 op=3 BIND dn="cn=admin,dc=nimbios,dc=org" method=128
slapd[19182]: conn=2 op=3 BIND dn="cn=admin,dc=nimbios,dc=org"
mech=SIMPLE ssf=0
slapd[19182]: conn=2 op=3 RESULT tag=97 err=0 text=
slapd[19182]: conn=1 op=5 UNBIND
slapd[19182]: conn=2 op=4 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=i netOrgPerson)(objectClass=shadowAccount))"

slapd[19182]: conn=1 fd=16 closed
slapd[19182]: conn=2 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[19182]: conn=2 op=5 UNBIND
slapd[19182]: conn=2 fd=17 closed
slapd[19182]: conn=3 fd=16 ACCEPT from IP=xxx.xxx.xxx.xxx:59419
(IP=0.0.0.0:389)
slapd[19182]: conn=3 op=0 BIND dn="cn=admin,dc=nimbios,dc=org" method=128
slapd[19182]: conn=3 op=0 BIND dn="cn=admin,dc=nimbios,dc=org"
mech=SIMPLE ssf=0
slapd[19182]: conn=3 op=0 RESULT tag=97 err=0 text=
slapd[19182]: conn=3 op=1 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=5 text=
slapd[19182]: conn=3 fd=16 closed (connection lost)

Any and all help welcomed.

Michael


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-19-2009, 10:20 PM
Norberto Bensa
 
Default LDAP+SASL

On Thu, Feb 19, 2009 at 8:49 PM, Michael Peek <peek@tiem.utk.edu> wrote:
> But the mac still fails to bind. I'm telling the mac to bind with
> cn=admin,dc=nimbios,dc=org, and giving it the password for the directory
> admin. Here's the output from slapd:
>

What mechs are available?

$ ldapsearch -LLL -s base -b ' '(objectClass=*)' supportedSASLMechanisms


Are you sure your Mac looks for the entry:
uid=admin,cn=one-available-mech,cn=auth ? This one will be shown with
"loglevel trace".

This is what "loglevel trace" plus a "grep auth" gives me:

Feb 19 21:13:11 zeddmore slapd[25108]: slap_sasl_getdn: u:id converted
to uid=zoolook,cn=BENSA.AR,cn=GSSAPI,cn=auth

As you can see, the first cn= is the REALM, and the second, the mech.
I remember having problems in a all-Linux network and I added a second
authz-regexp. This is what I have here:

password-hash {CLEARTEXT}

sasl-host ldap.bensa.ar
sasl-realm BENSA.AR
sasl-secprops noplain,noanonymous

authz-policy to
authz-regexp
uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
uid=$1,ou=users,dc=bensa,dc=ar

authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
uid=$1,ou=users,dc=bensa,dc=ar


Regards,
Norberto

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-20-2009, 04:55 AM
Michael Peek
 
Default LDAP+SASL

Norberto Bensa wrote:
> On Thu, Feb 19, 2009 at 8:49 PM, Michael Peek <peek@tiem.utk.edu> wrote:
>
>> But the mac still fails to bind. I'm telling the mac to bind with
>> cn=admin,dc=nimbios,dc=org, and giving it the password for the directory
>> admin. Here's the output from slapd:
>>
>>
>
> What mechs are available?
>
> $ ldapsearch -LLL -s base -b ' '(objectClass=*)' supportedSASLMechanisms
>

# ldapsearch -LLL -s base -b ' '(objectClass=*)' supportedSASLMechanisms
SASL/CRAM-MD5 authentication started
Please enter your password:
SASL username: root
SASL SSF: 0
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: GSSAPI

>
> Are you sure your Mac looks for the entry:
> uid=admin,cn=one-available-mech,cn=auth ? This one will be shown with
> "loglevel trace".
>
> This is what "loglevel trace" plus a "grep auth" gives me:
>
> Feb 19 21:13:11 zeddmore slapd[25108]: slap_sasl_getdn: u:id converted
> to uid=zoolook,cn=BENSA.AR,cn=GSSAPI,cn=auth
>

Here's what I see:

# grep auth /var/log/messages
castor slapd[19684]: slap_sasl_getdn: u:id converted to
uid=admin,cn=CRAM-MD5,cn=auth
castor slapd[19684]: >>> dnNormalize: <uid=admin,cn=CRAM-MD5,cn=auth>
castor slapd[19684]: <<< dnNormalize: <uid=admin,cn=cram-md5,cn=auth>
castor slapd[19684]: ==>slap_sasl2dn: converting SASL name
uid=admin,cn=cram-md5,cn=auth to a DN

My admin entry in LDAP looks like this:

dn: cn=admin,ou=People,dc=nimbios,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
userPassword: {SSHA}<stuff>
cn: admin

I thought maybe the problem was the use of cn= rather than uid=, but my
LDAP editor won't let me change cn=admin to uid=admin, nor will it allow
me to create a new entry with uid=admin. Does that sound like a problem?

> As you can see, the first cn= is the REALM, and the second, the mech.
> I remember having problems in a all-Linux network and I added a second
> authz-regexp. This is what I have here:
>

I added the second regexp as well, thanks for the advice.

Thanks for your help,

Michael


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-20-2009, 06:36 AM
Ray Parrish
 
Default LDAP+SASL

Michael Peek wrote:
> Norberto Bensa wrote:
>
>> On Thu, Feb 19, 2009 at 7:26 PM, Michael Peek <peek@tiem.utk.edu> wrote:
>>
>>
>>> sasl-regexp uid=(.*),cn=.*,cn=auth
>>> uid=$1,ou=People,dc=nimbios,dc=org
>>>
>>>
>> You have at least two problems. The first one is sasl-regexp, AFAIK it
>> should be authz-regexp. The second problem is ".*" will match
>> everything and will not work as you expect. You need to tell the
>> regexp when to stop:
>>
>> authz-regexp
>> uid=([^,]*),cn=[^,]*,cn=auth
>> uid=$1,ou=People,dc=nimbios,d=org
>>
>> Also, remember to add "authz-policy to" too.
>>
>> If it continues to fail, increase loglevel in slapd.conf
>>
>>
>> Regards,
>> Norberto
>>
>>
>>
>
> Thanks Norberto.
>
> I've removed the sasl-regexp and added the following:
>
> authz-regexp uid=(.*),cn=[^,]*,cn=auth
> uid=$1,ou=People,dc=nimbios,dc=org
> authz-policy to
>
> Michael
>
Hello,

You guys are talking way over my head, but I did notice one thing.
Compare these two regexp lines that the both of you are using... I
believe that Michael does not have his entered the same as Norberto'
suggestion, as he has missed the negating ^ mark in the first part of
his declaration.

authz-regexp uid=(.*),cn=[^,]*,cn=auth "Michael's entry"


authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth " and this is what Norberto said to do"


I am noticing that Michael's first entry is missing the ^ and the [ ]
pair around it in the first part of the expression.

Could this be the problem?

Later, Ray Parrish

]--
Human reviewed index of links about the computer
http://www.rayslinks.com
Poetry from the mind of a Schizophrenic
http://www.writingsoftheschizophrenic.com/


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-20-2009, 08:55 AM
Norberto Bensa
 
Default LDAP+SASL

On Fri, Feb 20, 2009 at 5:36 AM, Ray Parrish <crp@cmc.net> wrote:
> Could this be the problem?

Yes. It's one of problems. Thanks for spotting it Ray.

Also, Michael, if you're using cn=admin..., then you need to add:

authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,ou=People,dc=.....


In other words. You translate what your clients ask to what you have
in your database. Note that you can add as many authz-regexp as you
need. You know how many authz-regexp you need by reading your logs :-)

Regards,
Norberto

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-20-2009, 09:33 AM
Norberto Bensa
 
Default LDAP+SASL

On Fri, Feb 20, 2009 at 3:55 AM, Michael Peek <peek@tiem.utk.edu> wrote:
> userPassword: {SSHA}<stuff>

Oh. BTW, if you're going to use mechs like CRAM and/or DIGEST, your
userPassword will not work. You need to store the plaintext password
in your DB.

Regards,
Norberto

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-20-2009, 01:30 PM
Michael Peek
 
Default LDAP+SASL

I feel like I must be close to having this working!

Okay, here's what I've got now:

/etc/ldap/slapd.conf:
-----------------------------------------------------
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

################################################## #####################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
#loglevel none
loglevel stats trace

# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

################################################## #####################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb

################################################## #####################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>

################################################## #####################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb

# The base of your directory in database #1
suffix "dc=nimbios,dc=org"

# rootdn directive for specifying a superuser on the database. This is
needed
# for syncrepl.
# rootdn "cn=admin,dc=nimbios,dc=org"
rootdn "cn=admin,dc=nimbios,dc=org"
rootpw {SSHA}...<stuff>...
#sasl-secprops none
authz-regexp uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,ou=People,dc=nimbios,dc=org
authz-policy to

# Where the database file are physically stored for database #1
directory "/var/lib/ldap"

# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod on

# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30

# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=nimbios,dc=org" write
by anonymous auth
by self write
by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=nimbios,dc=org" write
by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=nimbios,dc=org" write
# by dnattr=owner write

################################################## #####################
# Specific Directives for database #2, of type 'other' (can be hdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>

# The base of your directory for database #2
#suffix "dc=debian,dc=org"
-----------------------------------------------------

Output from:
ldapsearch -U admin@castor -H 'ldap://castor.nimbios.org/' -b
"dc=nimbios,dc=org" '(objectClass=*)'
-----------------------------------------------------
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: admin@castor
SASL SSF: 128
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=nimbios,dc=org> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
#

# nimbios.org
dn: dc=nimbios,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: nimbios.org
dc: nimbios

# admin, nimbios.org
dn: cn=admin,dc=nimbios,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
cn: admin

# People, nimbios.org
dn: ou=People,dc=nimbios,dc=org
objectClass: organizationalUnit
ou: People

# Groups, nimbios.org
dn: ou=Groups,dc=nimbios,dc=org
objectClass: organizationalUnit
ou: Groups

# admin, People, nimbios.org
dn: cn=admin,ou=People,dc=nimbios,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
cn: admin

# search result
search: 4
result: 0 Success

# numResponses: 6
# numEntries: 5
-----------------------------------------------------

The only information missing from the above (I think) is the
userPassword entries:
dn: cn=admin,dc=nimbios,dc=org has userPassword: {SSHA}... and
dn: cn=admin,ou=people,dc=nimbios,dc=org has userPassword: {CLEARTEXT}...

Log output:
-----------------------------------------------------
Feb 20 09:03:17 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:03:17 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:03:17 castor slapd[31189]: conn=12 fd=16 ACCEPT from
IP=160.36.46.71:50112 (IP=0.0.0.0:389)
Feb 20 09:03:17 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:03:17 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:03:17 castor slapd[31189]: conn=13 fd=17 ACCEPT from
IP=160.36.46.71:50113 (IP=0.0.0.0:389)
Feb 20 09:03:17 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:17 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 do_search
Feb 20 09:03:17 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:17 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 SRCH
attr=supportedSASLMechanisms namingContexts dnsHostName krbName
Feb 20 09:03:17 castor slapd[31189]: => send_search_entry: conn 13 dn=""
Feb 20 09:03:17 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:17 castor slapd[31189]: send_ldap_result: conn=13 op=0 p=3
Feb 20 09:03:17 castor slapd[31189]: send_ldap_response: msgid=1 tag=101
err=0
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:17 castor slapd[31189]: connection_get(16): got connid=12
Feb 20 09:03:17 castor slapd[31189]: connection_read(16): checking for
input on id=12
Feb 20 09:03:17 castor slapd[31189]: ber_get_next on fd 16 failed
errno=0 (Success)
Feb 20 09:03:17 castor slapd[31189]: connection_closing: readying
conn=12 sd=16 for close
Feb 20 09:03:17 castor slapd[31189]: connection_close: conn=12 sd=16
Feb 20 09:03:17 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:17 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=1 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=1 SRCH
attr=subschemasubentry
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 13 dn=""
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=1 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=2 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: conn=12 fd=16 closed (connection lost)
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <cn=Subschema>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <cn=Subschema>,
<cn=subschema>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 SRCH
base="cn=Subschema" scope=0 deref=0 filter="(objectClass=subschema)"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 SRCH attr=objectclasses
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 13
dn="cn=Subschema"
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=2 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=3 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal:
<dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal:
<dc=nimbios,dc=org>, <dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 SRCH
base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=maco sxodconfig))"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 SRCH attr=description
Feb 20 09:03:18 castor slapd[31189]: ==> limits_get: conn=13 op=3
dn="[anonymous]"
Feb 20 09:03:18 castor slapd[31189]: => hdb_search
Feb 20 09:03:18 castor slapd[31189]: bdb_dn2entry("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: search_candidates:
base="dc=nimbios,dc=org" (0x00000001) scope=2
Feb 20 09:03:18 castor slapd[31189]: => hdb_dn2idl("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read 2 candidates
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=2,
first=3, last=4
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates (ou)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: (ou)
not indexed
Feb 20 09:03:18 castor slapd[31189]: bdb_search_candidates: id=-1
first=3 last=4
Feb 20 09:03:18 castor slapd[31189]: hdb_search: 3 does not match filter
Feb 20 09:03:18 castor slapd[31189]: hdb_search: 4 does not match filter
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=3 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=4 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 SEARCH RESULT tag=101
err=0 nentries=0 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 SRCH attr=altserver
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 13 dn=""
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=4 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=5 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:03:18 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:03:18 castor slapd[31189]: conn=14 fd=16 ACCEPT from
IP=160.36.46.71:50114 (IP=0.0.0.0:389)
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 SRCH
attr=supportedSASLMechanisms namingContexts dnsHostName krbName
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 14 dn=""
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 14 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=0 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=1 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=1 do_bind
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=1 BIND dn="" method=163
Feb 20 09:03:18 castor slapd[31189]: do_bind: dn () SASL mech CRAM-MD5
Feb 20 09:03:18 castor slapd[31189]: send_ldap_sasl: err=14 len=40
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=2 tag=97
err=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=1 RESULT tag=97 err=14
text=SASL(0): successful result: security flags do not match required
Feb 20 09:03:18 castor slapd[31189]: <== slap_sasl_bind: rc=14
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=2 do_bind
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=2 BIND dn="" method=163
Feb 20 09:03:18 castor slapd[31189]: do_bind: dn () SASL mech CRAM-MD5
Feb 20 09:03:18 castor slapd[31189]: slap_sasl_getdn: u:id converted to
uid=admin,cn=CRAM-MD5,cn=auth
Feb 20 09:03:18 castor slapd[31189]: >>> dnNormalize:
<uid=admin,cn=CRAM-MD5,cn=auth>
Feb 20 09:03:18 castor slapd[31189]: <<< dnNormalize:
<uid=admin,cn=cram-md5,cn=auth>
Feb 20 09:03:18 castor slapd[31189]: ==>slap_sasl2dn: converting SASL
name uid=admin,cn=cram-md5,cn=auth to a DN
Feb 20 09:03:18 castor slapd[31189]: slap_parseURI: parsing
uid=admin,ou=People,dc=nimbios,dc=org
Feb 20 09:03:18 castor slapd[31189]: >>> dnNormalize:
<uid=admin,ou=People,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnNormalize:
<uid=admin,ou=people,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <==slap_sasl2dn: Converted SASL
name to uid=admin,ou=people,dc=nimbios,dc=org
Feb 20 09:03:18 castor slapd[31189]: slap_sasl_getdn: dn:id converted to
uid=admin,ou=people,dc=nimbios,dc=org
Feb 20 09:03:18 castor slapd[31189]: => hdb_search
Feb 20 09:03:18 castor slapd[31189]:
bdb_dn2entry("uid=admin,ou=people,dc=nimbios,dc=or g")
Feb 20 09:03:18 castor slapd[31189]: =>
hdb_dn2id("uid=admin,ou=people,dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: <= hdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30990)
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=2 p=3
Feb 20 09:03:18 castor slapd[31189]: SASL [conn=14] Failure: no secret
in database
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=2 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=3 tag=97
err=49
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=2 RESULT tag=97 err=49
text=SASL(-13): user not found: no secret in database
Feb 20 09:03:18 castor slapd[31189]: <== slap_sasl_bind: rc=49
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 do_bind
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal:
<cn=admin,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal:
<cn=admin,dc=nimbios,dc=org>, <cn=admin,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 BIND
dn="cn=admin,dc=nimbios,dc=org" method=128
Feb 20 09:03:18 castor slapd[31189]: do_bind: version=3
dn="cn=admin,dc=nimbios,dc=org" method=128
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 BIND
dn="cn=admin,dc=nimbios,dc=org" mech=SIMPLE ssf=0
Feb 20 09:03:18 castor slapd[31189]: do_bind: v3 bind:
"cn=admin,dc=nimbios,dc=org" to "cn=admin,dc=nimbios,dc=org"
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=3 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=4 tag=97
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 RESULT tag=97 err=0 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: ber_get_next on fd 17 failed
errno=0 (Success)
Feb 20 09:03:18 castor slapd[31189]: connection_closing: readying
conn=13 sd=17 for close
Feb 20 09:03:18 castor slapd[31189]: connection_close: deferring conn=13
sd=17
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=5 do_unbind
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=5 UNBIND
Feb 20 09:03:18 castor slapd[31189]: connection_resched: attempting
closing conn=13 sd=17
Feb 20 09:03:18 castor slapd[31189]: connection_close: conn=13 sd=17
Feb 20 09:03:18 castor slapd[31189]: conn=13 fd=17 closed
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=4 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal:
<dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal:
<dc=nimbios,dc=org>, <dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=4 SRCH
base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=i netOrgPerson)(objectClass=shadowAccount))"

Feb 20 09:03:18 castor slapd[31189]: => hdb_search
Feb 20 09:03:18 castor slapd[31189]: bdb_dn2entry("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: search_candidates:
base="dc=nimbios,dc=org" (0x00000001) scope=2
Feb 20 09:03:18 castor slapd[31189]: => hdb_dn2idl("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: bdb_search_candidates: id=0 first=1
last=0
Feb 20 09:03:18 castor slapd[31189]: hdb_search: no candidates
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=4 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=5 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: ber_get_next on fd 16 failed
errno=0 (Success)
Feb 20 09:03:18 castor slapd[31189]: connection_closing: readying
conn=14 sd=16 for close
Feb 20 09:03:18 castor slapd[31189]: connection_close: deferring conn=14
sd=16
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=5 do_unbind
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=5 UNBIND
Feb 20 09:03:18 castor slapd[31189]: connection_resched: attempting
closing conn=14 sd=16
Feb 20 09:03:18 castor slapd[31189]: connection_close: deferring conn=14
sd=16
Feb 20 09:03:18 castor slapd[31189]: connection_resched: attempting
closing conn=14 sd=16
Feb 20 09:03:18 castor slapd[31189]: connection_close: conn=14 sd=16
Feb 20 09:03:18 castor slapd[31189]: conn=14 fd=16 closed
Feb 20 09:06:07 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:06:07 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:06:07 castor slapd[31189]: conn=15 fd=16 ACCEPT from
IP=160.36.46.40:45871 (IP=0.0.0.0:389)
Feb 20 09:06:07 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:07 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 do_search
Feb 20 09:06:07 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:06:07 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 SRCH
attr=supportedSASLMechanisms
Feb 20 09:06:07 castor slapd[31189]: => send_search_entry: conn 15 dn=""
Feb 20 09:06:07 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:07 castor slapd[31189]: send_ldap_result: conn=15 op=0 p=3
Feb 20 09:06:07 castor slapd[31189]: send_ldap_response: msgid=1 tag=101
err=0
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:06:07 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:07 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=1 do_bind
Feb 20 09:06:07 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:06:07 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=1 BIND dn="" method=163
Feb 20 09:06:07 castor slapd[31189]: do_bind: dn () SASL mech DIGEST-MD5
Feb 20 09:06:07 castor slapd[31189]: SASL [conn=15] Debug: DIGEST-MD5
server step 1
Feb 20 09:06:07 castor slapd[31189]: send_ldap_sasl: err=14 len=191
Feb 20 09:06:07 castor slapd[31189]: send_ldap_response: msgid=2 tag=97
err=14
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=1 RESULT tag=97 err=14
text=SASL(0): successful result: security flags do not match required
Feb 20 09:06:07 castor ldapsearch: DIGEST-MD5 client step 2
Feb 20 09:06:07 castor slapd[31189]: <== slap_sasl_bind: rc=14
Feb 20 09:06:10 castor ldapsearch: DIGEST-MD5 client step 2
Feb 20 09:06:10 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:10 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 do_bind
Feb 20 09:06:10 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:06:10 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 BIND dn="" method=163
Feb 20 09:06:10 castor slapd[31189]: do_bind: dn () SASL mech DIGEST-MD5
Feb 20 09:06:10 castor slapd[31189]: SASL [conn=15] Debug: DIGEST-MD5
server step 2
Feb 20 09:06:10 castor slapd[31189]: slap_sasl_getdn: u:id converted to
uid=admin@castor,cn=DIGEST-MD5,cn=auth
Feb 20 09:06:10 castor slapd[31189]: >>> dnNormalize:
<uid=admin@castor,cn=DIGEST-MD5,cn=auth>
Feb 20 09:06:10 castor slapd[31189]: <<< dnNormalize:
<uid=admin@castor,cn=digest-md5,cn=auth>
Feb 20 09:06:10 castor slapd[31189]: ==>slap_sasl2dn: converting SASL
name uid=admin@castor,cn=digest-md5,cn=auth to a DN
Feb 20 09:06:10 castor slapd[31189]: slap_parseURI: parsing
uid=admin@castor,ou=People,dc=nimbios,dc=org
Feb 20 09:06:10 castor slapd[31189]: >>> dnNormalize:
<uid=admin@castor,ou=People,dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: <<< dnNormalize:
<uid=admin@castor,ou=people,dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: <==slap_sasl2dn: Converted SASL
name to uid=admin@castor,ou=people,dc=nimbios,dc=org
Feb 20 09:06:10 castor slapd[31189]: slap_sasl_getdn: dn:id converted to
uid=admin@castor,ou=people,dc=nimbios,dc=org
Feb 20 09:06:10 castor slapd[31189]: => hdb_search
Feb 20 09:06:10 castor slapd[31189]:
bdb_dn2entry("uid=admin@castor,ou=people,dc=nimbio s,dc=org")
Feb 20 09:06:10 castor slapd[31189]: =>
hdb_dn2id("uid=admin@castor,ou=people,dc=nimbios,d c=org")
Feb 20 09:06:10 castor slapd[31189]: <= hdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30990)
Feb 20 09:06:10 castor slapd[31189]: send_ldap_result: conn=15 op=2 p=3
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 BIND
authcid="admin@castor" authzid="admin@castor"
Feb 20 09:06:10 castor slapd[31189]: SASL Authorize [conn=15]: proxy
authorization allowed authzDN=""
Feb 20 09:06:10 castor slapd[31189]: send_ldap_sasl: err=0 len=40
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 BIND
dn="uid=admin@castor,ou=people,dc=nimbios,dc=org" mech=DIGEST-MD5
sasl_ssf=128 ssf=128
Feb 20 09:06:10 castor slapd[31189]: do_bind: SASL/DIGEST-MD5 bind:
dn="uid=admin@castor,ou=people,dc=nimbios,dc=org" sasl_ssf=128
Feb 20 09:06:10 castor slapd[31189]: send_ldap_response: msgid=3 tag=97
err=0
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 RESULT tag=97 err=0 text=
Feb 20 09:06:10 castor ldapsearch: DIGEST-MD5 client step 3
Feb 20 09:06:10 castor slapd[31189]: <== slap_sasl_bind: rc=0
Feb 20 09:06:10 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:10 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=3 do_search
Feb 20 09:06:10 castor slapd[31189]: >>> dnPrettyNormal:
<dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: <<< dnPrettyNormal:
<dc=nimbios,dc=org>, <dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=3 SRCH
base="dc=nimbios,dc=org" scope=2 deref=0 filter="(objectClass=*)"
Feb 20 09:06:10 castor slapd[31189]: ==> limits_get: conn=15 op=3
dn="uid=admin@castor,ou=people,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: => hdb_search
Feb 20 09:06:10 castor slapd[31189]: bdb_dn2entry("dc=nimbios,dc=org")
Feb 20 09:06:10 castor slapd[31189]: search_candidates:
base="dc=nimbios,dc=org" (0x00000001) scope=2
Feb 20 09:06:10 castor slapd[31189]: => hdb_dn2idl("dc=nimbios,dc=org")
Feb 20 09:06:10 castor slapd[31189]: => bdb_presence_candidates
(objectClass)
Feb 20 09:06:10 castor slapd[31189]: bdb_search_candidates: id=-1
first=1 last=6
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: entry_decode: ""
Feb 20 09:06:10 castor slapd[31189]: <= entry_decode()
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="cn=admin,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="ou=People,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="ou=Groups,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="cn=admin,ou=People,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: send_ldap_result: conn=15 op=3 p=3
Feb 20 09:06:10 castor slapd[31189]: send_ldap_response: msgid=4 tag=101
err=0
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=3 SEARCH RESULT tag=101
err=0 nentries=5 text=
Feb 20 09:06:10 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:10 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:10 castor slapd[31189]: ber_get_next on fd 16 failed
errno=0 (Success)
Feb 20 09:06:10 castor slapd[31189]: connection_closing: readying
conn=15 sd=16 for close
Feb 20 09:06:10 castor slapd[31189]: connection_close: deferring conn=15
sd=16
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=4 do_unbind
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=4 UNBIND
Feb 20 09:06:10 castor slapd[31189]: connection_resched: attempting
closing conn=15 sd=16
Feb 20 09:06:10 castor slapd[31189]: connection_close: deferring conn=15
sd=16
Feb 20 09:06:10 castor slapd[31189]: connection_resched: attempting
closing conn=15 sd=16
Feb 20 09:06:10 castor slapd[31189]: connection_close: conn=15 sd=16
Feb 20 09:06:10 castor slapd[31189]: conn=15 fd=16 closed
-----------------------------------------------------

On the Mac, I have tried telling it to bind with the following dn's:

cn=admin,dc=nimbios,dc=org
cn=admin,ou=people,dc=nimbios,dc=org
cn=admin,cn=CRAM-MD5,cn=auth
uid=admin,dc=nimbios,dc=org
uid=admin,ou=people,dc=nimbios,dc=org
uid=admin,cn=CRAM-MD5,cn=auth

I'm not really sure which one I'm /supposed/ to use, these are just the
variants that I've thought to try.

Michael

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-20-2009, 05:33 PM
Norberto Bensa
 
Default LDAP+SASL

On Fri, Feb 20, 2009 at 12:30 PM, Michael Peek <peek@tiem.utk.edu> wrote:
> The only information missing from the above (I think) is the
> userPassword entries:
> dn: cn=admin,dc=nimbios,dc=org has userPassword: {SSHA}... and
> dn: cn=admin,ou=people,dc=nimbios,dc=org has userPassword: {CLEARTEXT}...

Nothing is missing. You bind as admin@castor, not as cn=admin,dc=...
And you have:

access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=nimbios,dc=org" write
by anonymous auth
by self write
by * none


So nothing is missing. You explicitly asked access to userPassword to
be available only to self and cn=admin,dc=... Everyone else must
authenticate.


> On the Mac, I have tried telling it to bind with the following dn's:
>
> cn=admin,dc=nimbios,dc=org
> cn=admin,ou=people,dc=nimbios,dc=org
> cn=admin,cn=CRAM-MD5,cn=auth
> uid=admin,dc=nimbios,dc=org
> uid=admin,ou=people,dc=nimbios,dc=org
> uid=admin,cn=CRAM-MD5,cn=auth
>
> I'm not really sure which one I'm /supposed/ to use, these are just the
> variants that I've thought to try.

Hmmm... From slapd.conf, you could try: "cn=admin,dc=nimbios,dc=org" ;-)

*But* (unless I'm overlooking something) you have no authz-regexp
returning cn=admin....

Something like this should work:

authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,dc=nimbios.dc=org


Regards,
Norberto

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-20-2009, 06:23 PM
Michael Peek
 
Default LDAP+SASL

Norberto Bensa wrote:
> On Fri, Feb 20, 2009 at 12:30 PM, Michael Peek <peek@tiem.utk.edu> wrote:
>
>> The only information missing from the above (I think) is the
>> userPassword entries:
>> dn: cn=admin,dc=nimbios,dc=org has userPassword: {SSHA}... and
>> dn: cn=admin,ou=people,dc=nimbios,dc=org has userPassword: {CLEARTEXT}...
>>
>
> Nothing is missing. You bind as admin@castor, not as cn=admin,dc=...
> And you have:
>
> access to attrs=userPassword,shadowLastChange
> by dn="cn=admin,dc=nimbios,dc=org" write
> by anonymous auth
> by self write
> by * none
>
>
> So nothing is missing. You explicitly asked access to userPassword to
> be available only to self and cn=admin,dc=... Everyone else must
> authenticate.
>
>
>
>> On the Mac, I have tried telling it to bind with the following dn's:
>>
>> cn=admin,dc=nimbios,dc=org
>> cn=admin,ou=people,dc=nimbios,dc=org
>> cn=admin,cn=CRAM-MD5,cn=auth
>> uid=admin,dc=nimbios,dc=org
>> uid=admin,ou=people,dc=nimbios,dc=org
>> uid=admin,cn=CRAM-MD5,cn=auth
>>
>> I'm not really sure which one I'm /supposed/ to use, these are just the
>> variants that I've thought to try.
>>
>
> Hmmm... From slapd.conf, you could try: "cn=admin,dc=nimbios,dc=org" ;-)
>
> *But* (unless I'm overlooking something) you have no authz-regexp
> returning cn=admin....
>
> Something like this should work:
>
> authz-regexp
> uid=([^,]*),cn=[^,]*,cn=auth
> cn=$1,dc=nimbios.dc=org
>

My current authz-* settings:
------------------------------------------------------------------------------
authz-regexp
uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
cn=$1,ou=People,dc=nimbios,dc=org
authz-regexp
uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
cn=$1,dc=nimbios,dc=org
authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,ou=People,dc=nimbios,dc=org
authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,dc=nimbios,dc=org
authz-policy to
------------------------------------------------------------------------------

Attempt to bind as admin@castor:
------------------------------------------------------------------------------
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=9 fd=16 ACCEPT from IP=xx.xx.xx.xx:50385
(IP=0.0.0.0:389)
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=10 fd=17 ACCEPT from IP=xx.xx.xx.xx:50386
(IP=0.0.0.0:389)
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=10 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=10 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 10 dn=""
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=10 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=9
slapd[31675]: connection_read(16): checking for input on id=9
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=9 sd=16 for close
slapd[31675]: connection_close: conn=9 sd=16
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=1 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=10 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=10 op=1 SRCH attr=subschemasubentry
slapd[31675]: conn=9 fd=16 closed (connection lost)
slapd[31675]: => send_search_entry: conn 10 dn=""
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=1 p=3
slapd[31675]: send_ldap_response: msgid=2 tag=101 err=0
slapd[31675]: conn=10 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=2 do_search
slapd[31675]: >>> dnPrettyNormal: <cn=Subschema>
slapd[31675]: <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
slapd[31675]: conn=10 op=2 SRCH base="cn=Subschema" scope=0 deref=0
filter="(objectClass=subschema)"
slapd[31675]: conn=10 op=2 SRCH attr=objectclasses
slapd[31675]: => send_search_entry: conn 10 dn="cn=Subschema"
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=2 p=3
slapd[31675]: send_ldap_response: msgid=3 tag=101 err=0
slapd[31675]: conn=10 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=10 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=maco sxodconfig))"
slapd[31675]: conn=10 op=3 SRCH attr=description
slapd[31675]: ==> limits_get: conn=10 op=3 dn="[anonymous]"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read 2 candidates
slapd[31675]: <= bdb_equality_candidates: id=2, first=3, last=4
slapd[31675]: => bdb_equality_candidates (ou)
slapd[31675]: <= bdb_equality_candidates: (ou) not indexed
slapd[31675]: bdb_search_candidates: id=-1 first=3 last=4
slapd[31675]: hdb_search: 3 does not match filter
slapd[31675]: hdb_search: 4 does not match filter
slapd[31675]: send_ldap_result: conn=10 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=10 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=4 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=10 op=4 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=10 op=4 SRCH attr=altserver
slapd[31675]: => send_search_entry: conn 10 dn=""
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=4 p=3
slapd[31675]: send_ldap_response: msgid=5 tag=101 err=0
slapd[31675]: conn=10 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=11 fd=16 ACCEPT from IP=xx.xx.xx.xx:50387
(IP=0.0.0.0:389)
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=11 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=11 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 11 dn=""
slapd[31675]: <= send_search_entry: conn 11 exit.
slapd[31675]: send_ldap_result: conn=11 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=11 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=1 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=11 op=1 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: send_ldap_sasl: err=14 len=40
slapd[31675]: send_ldap_response: msgid=2 tag=97 err=14
slapd[31675]: conn=11 op=1 RESULT tag=97 err=14 text=SASL(0): successful
result: security flags do not match required
slapd[31675]: <== slap_sasl_bind: rc=14
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=2 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=11 op=2 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: slap_sasl_getdn: u:id converted to
uid=admin@castor,cn=CRAM-MD5,cn=auth
slapd[31675]: >>> dnNormalize: <uid=admin@castor,cn=CRAM-MD5,cn=auth>
slapd[31675]: <<< dnNormalize: <uid=admin@castor,cn=cram-md5,cn=auth>
slapd[31675]: ==>slap_sasl2dn: converting SASL name
uid=admin@castor,cn=cram-md5,cn=auth to a DN
slapd[31675]: slap_parseURI: parsing
cn=admin@castor,ou=People,dc=nimbios,dc=org
slapd[31675]: >>> dnNormalize:
<cn=admin@castor,ou=People,dc=nimbios,dc=org>
slapd[31675]: <<< dnNormalize:
<cn=admin@castor,ou=people,dc=nimbios,dc=org>
slapd[31675]: <==slap_sasl2dn: Converted SASL name to
cn=admin@castor,ou=people,dc=nimbios,dc=org
slapd[31675]: slap_sasl_getdn: dn:id converted to
cn=admin@castor,ou=people,dc=nimbios,dc=org
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("cn=admin@castor,ou=people,dc=nimbios ,dc=org")
slapd[31675]: => hdb_dn2id("cn=admin@castor,ou=people,dc=nimbios,dc =org")
slapd[31675]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching
key/data pair found (-30990)
slapd[31675]: send_ldap_result: conn=11 op=2 p=3
slapd[31675]: conn=11 op=2 BIND authcid="admin@castor"
authzid="admin@castor"
slapd[31675]: SASL Authorize [conn=11]: proxy authorization allowed
authzDN=""
slapd[31675]: send_ldap_sasl: err=0 len=-1
slapd[31675]: conn=11 op=2 BIND
dn="cn=admin@castor,ou=people,dc=nimbios,dc=org" mech=CRAM-MD5
sasl_ssf=0 ssf=0
slapd[31675]: do_bind: SASL/CRAM-MD5 bind:
dn="cn=admin@castor,ou=people,dc=nimbios,dc=org" sasl_ssf=0
slapd[31675]: send_ldap_response: msgid=3 tag=97 err=0
slapd[31675]: conn=11 op=2 RESULT tag=97 err=0 text=
slapd[31675]: <== slap_sasl_bind: rc=0
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=11 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=i netOrgPerson)(objectClass=shadowAccount))"

slapd[31675]: ==> limits_get: conn=11 op=3
dn="cn=admin@castor,ou=people,dc=nimbios,dc=org"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: bdb_search_candidates: id=0 first=1 last=0
slapd[31675]: hdb_search: no candidates
slapd[31675]: send_ldap_result: conn=11 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=11 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: ber_get_next on fd 17 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=10 sd=17 for close
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=11 sd=16 for close
slapd[31675]: connection_close: deferring conn=11 sd=16
slapd[31675]: conn=11 op=4 do_unbind
slapd[31675]: conn=11 op=4 UNBIND
slapd[31675]: connection_close: deferring conn=10 sd=17
slapd[31675]: connection_resched: attempting closing conn=11 sd=16
slapd[31675]: connection_close: deferring conn=11 sd=16
slapd[31675]: connection_resched: attempting closing conn=11 sd=16
slapd[31675]: connection_close: conn=11 sd=16
slapd[31675]: conn=11 fd=16 closed
slapd[31675]: conn=10 op=5 do_unbind
slapd[31675]: conn=10 op=5 UNBIND
slapd[31675]: connection_resched: attempting closing conn=10 sd=17
slapd[31675]: connection_close: conn=10 sd=17
slapd[31675]: conn=10 fd=17 closed
------------------------------------------------------------------------------

Tried binding as cn=admin,dc=nimbios,dc=org:
------------------------------------------------------------------------------
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=12 fd=16 ACCEPT from IP=xx.xx.xx.xx:50394
(IP=0.0.0.0:389)
slapd[31675]: conn=13 fd=17 ACCEPT from IP=xx.xx.xx.xx:50395
(IP=0.0.0.0:389)
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=13 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=13 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 13 dn=""
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=13 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=12
slapd[31675]: connection_read(16): checking for input on id=12
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=12 sd=16 for close
slapd[31675]: connection_close: conn=12 sd=16
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=1 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=13 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=13 op=1 SRCH attr=subschemasubentry
slapd[31675]: conn=12 fd=16 closed (connection lost)
slapd[31675]: => send_search_entry: conn 13 dn=""
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=1 p=3
slapd[31675]: send_ldap_response: msgid=2 tag=101 err=0
slapd[31675]: conn=13 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=2 do_search
slapd[31675]: >>> dnPrettyNormal: <cn=Subschema>
slapd[31675]: <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
slapd[31675]: conn=13 op=2 SRCH base="cn=Subschema" scope=0 deref=0
filter="(objectClass=subschema)"
slapd[31675]: conn=13 op=2 SRCH attr=objectclasses
slapd[31675]: => send_search_entry: conn 13 dn="cn=Subschema"
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=2 p=3
slapd[31675]: send_ldap_response: msgid=3 tag=101 err=0
slapd[31675]: conn=13 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=13 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=maco sxodconfig))"
slapd[31675]: conn=13 op=3 SRCH attr=description
slapd[31675]: ==> limits_get: conn=13 op=3 dn="[anonymous]"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read 2 candidates
slapd[31675]: <= bdb_equality_candidates: id=2, first=3, last=4
slapd[31675]: => bdb_equality_candidates (ou)
slapd[31675]: <= bdb_equality_candidates: (ou) not indexed
slapd[31675]: bdb_search_candidates: id=-1 first=3 last=4
slapd[31675]: hdb_search: 3 does not match filter
slapd[31675]: hdb_search: 4 does not match filter
slapd[31675]: send_ldap_result: conn=13 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=13 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=4 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=13 op=4 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=13 op=4 SRCH attr=altserver
slapd[31675]: => send_search_entry: conn 13 dn=""
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=4 p=3
slapd[31675]: send_ldap_response: msgid=5 tag=101 err=0
slapd[31675]: conn=13 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=14 fd=16 ACCEPT from IP=xx.xx.xx.xx:50396
(IP=0.0.0.0:389)
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=14 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=14 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 14 dn=""
slapd[31675]: <= send_search_entry: conn 14 exit.
slapd[31675]: send_ldap_result: conn=14 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=14 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=1 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=14 op=1 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: send_ldap_sasl: err=14 len=40
slapd[31675]: send_ldap_response: msgid=2 tag=97 err=14
slapd[31675]: conn=14 op=1 RESULT tag=97 err=14 text=SASL(0): successful
result: security flags do not match required
slapd[31675]: <== slap_sasl_bind: rc=14
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=2 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=14 op=2 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: slap_sasl_getdn: u:id converted to
uid=admin,cn=CRAM-MD5,cn=auth
slapd[31675]: >>> dnNormalize: <uid=admin,cn=CRAM-MD5,cn=auth>
slapd[31675]: <<< dnNormalize: <uid=admin,cn=cram-md5,cn=auth>
slapd[31675]: ==>slap_sasl2dn: converting SASL name
uid=admin,cn=cram-md5,cn=auth to a DN
slapd[31675]: slap_parseURI: parsing cn=admin,ou=People,dc=nimbios,dc=org
slapd[31675]: >>> dnNormalize: <cn=admin,ou=People,dc=nimbios,dc=org>
slapd[31675]: <<< dnNormalize: <cn=admin,ou=people,dc=nimbios,dc=org>
slapd[31675]: <==slap_sasl2dn: Converted SASL name to
cn=admin,ou=people,dc=nimbios,dc=org
slapd[31675]: slap_sasl_getdn: dn:id converted to
cn=admin,ou=people,dc=nimbios,dc=org
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("cn=admin,ou=people,dc=nimbios,dc=org ")
slapd[31675]: slap_ap_lookup: str2ad(cmusaslsecretCRAM-MD5): attribute
type undefined
slapd[31675]: send_ldap_result: conn=14 op=2 p=3
slapd[31675]: conn=14 op=2 BIND authcid="admin" authzid="admin"
slapd[31675]: SASL Authorize [conn=14]: proxy authorization allowed
authzDN=""
slapd[31675]: send_ldap_sasl: err=0 len=-1
slapd[31675]: conn=14 op=2 BIND
dn="cn=admin,ou=people,dc=nimbios,dc=org" mech=CRAM-MD5 sasl_ssf=0 ssf=0
slapd[31675]: do_bind: SASL/CRAM-MD5 bind:
dn="cn=admin,ou=people,dc=nimbios,dc=org" sasl_ssf=0
slapd[31675]: send_ldap_response: msgid=3 tag=97 err=0
slapd[31675]: conn=14 op=2 RESULT tag=97 err=0 text=
slapd[31675]: <== slap_sasl_bind: rc=0
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=14 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=i netOrgPerson)(objectClass=shadowAccount))"

slapd[31675]: ==> limits_get: conn=14 op=3
dn="cn=admin,ou=people,dc=nimbios,dc=org"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: bdb_search_candidates: id=0 first=1 last=0
slapd[31675]: hdb_search: no candidates
slapd[31675]: send_ldap_result: conn=14 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=14 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: ber_get_next on fd 17 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=13 sd=17 for close
slapd[31675]: connection_close: deferring conn=13 sd=17
slapd[31675]: conn=13 op=5 do_unbind
slapd[31675]: conn=13 op=5 UNBIND
slapd[31675]: connection_resched: attempting closing conn=13 sd=17
slapd[31675]: connection_close: conn=13 sd=17
slapd[31675]: conn=13 fd=17 closed
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=14 sd=16 for close
slapd[31675]: connection_close: deferring conn=14 sd=16
slapd[31675]: conn=14 op=4 do_unbind
slapd[31675]: conn=14 op=4 UNBIND
slapd[31675]: connection_resched: attempting closing conn=14 sd=16
slapd[31675]: connection_close: deferring conn=14 sd=16
slapd[31675]: connection_resched: attempting closing conn=14 sd=16
slapd[31675]: connection_close: conn=14 sd=16
slapd[31675]: conn=14 fd=16 closed
------------------------------------------------------------------------------


I really, really, really appreciate your help!

Michael


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:18 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org