Re: (ITS#7560) ldappasword issue
by quanah@zimbra.com
--On Wednesday, April 03, 2013 3:05 PM +0000 aman_bista(a)hotmail.com wrote:
> Full_Name: amanbista
> Version: 2.4.34
> OS: redhat linux 6.4
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (70.122.251.187)
The ITS system is for filing bug reports only. Please direct your usage
question to openldap-technical(a)openldap.org. This ITS will be closed.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
10 years, 8 months
(ITS#7560) ldappasword issue
by aman_bista@hotmail.com
Full_Name: amanbista
Version: 2.4.34
OS: redhat linux 6.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (70.122.251.187)
sir ,
i configured slapd.conf file, ran slapppaswd, eneted this password in slapd.conf
file,i edited /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}bdb.ldif and
added olcRootPW: {SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV
olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem
after i specified monitoring privilleges
/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}monitor.ldif
changed the default domain name to our domain name
updated db
edited /etc/sysconfig/ldap
SLAPD_LDAPS=yes
after that i created certicate
and tested configuration, it was successfull.
i started ldap server
created base domain as vi base.ldif to import base information to ldap
directory.
i ran command to dapadd -x -W -D cn=Manager,dc=yourdomain,dc=com -f base.ldif
this is where it asked me ldappassword. it showed me error.
what do i do next. please help.
Thank you
10 years, 8 months
Re: (ITS#7537) ppolicy hangs slapd on 64bit version debian
by marek.platta@blstream.com
Hi,
my config is:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
loglevel none
modulepath /root/openldap-2.4.34/libraries/libldap/
moduleload back_hdb
moduleload ppolicy.la
sizelimit 99999999
tool-threads 1
backend hdb
database monitor
database hdb
suffix "dc=example,dc=com"
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=example,dc=com"
rootdn "cn=Directory Manager,dc=example,dc=com"
rootpw {SSHA}5jMwnEvS+5cgKVtQVieEYScUjEQvhSkQ
directory "/usr/local/var/openldap-data"
dbconfig set_cachesize 0 209715200 0
dbconfig set_lk_max_objects 150000
dbconfig set_lk_max_locks 150000
dbconfig set_lk_max_lockers 150000
index objectClass eq
index uid eq
index businessUnit eq
index cn eq
index lead eq
index ishidden eq
lastmod on
checkpoint 512 30
access to
attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword
by dn="cn=Directory Manager" write
by dn="cn=admin-ro,dc=example,dc=com" read
by anonymous auth
by self write
by * none
access to *
by dn="cn=Directory Manager" write
by * read
10 years, 8 months
Re: (ITS#7537) ppolicy hangs slapd on 64bit version debian
by marek.platta@blstream.com
Hi,
I'm getting same error on 2.4.34 version
slapd says:
515bf1bf daemon: activity on 1 descriptor
515bf1bf daemon: activity on:515bf1bf
515bf1bf slap_listener_activate(7):
515bf1bf daemon: epoll: listen=7 busy
515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero
515bf1bf >>> slap_listener(ldap:///)
515bf1bf daemon: listen=7, new connection on 12
515bf1bf daemon: added 12r (active) listener=(nil)
515bf1bf conn=1003 fd=12 ACCEPT from IP=192.168.6.212:53225 (IP=0.0.0.0:389)
515bf1bf daemon: activity on 2 descriptors
515bf1bf daemon: activity on:515bf1bf 12r515bf1bf
515bf1bf daemon: read active on 12
515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero
515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero
515bf1bf connection_get(12)
515bf1bf connection_get(12): got connid=1003
515bf1bf connection_read(12): checking for input on id=1003
ber_get_next
ldap_read: want=8, got=8
0000: 30 37 02 01 01 60 32 02 07...`2.
ldap_read: want=49, got=49
0000: 01 03 04 26 63 6e 3d 44 69 72 65 63 74 6f 72 79 ...&cn=Directory
0010: 20 6d 61 6e 61 67 65 72 2c 64 63 3d 65 78 61 6d manager,dc=exam
0020: 70 6c 65 2c 64 63 3d 63 6f 6d 80 05 74 65 73 74 ple,dc=com..test
0030: 31 1
ber_get_next: tag 0x30 len 55 contents:
ber_dump: buf=0x1cea6f0 ptr=0x1cea6f0 end=0x1cea727 len=55
0000: 02 01 01 60 32 02 01 03 04 26 63 6e 3d 44 69 72 ...`2....&cn=Dir
0010: 65 63 74 6f 72 79 20 6d 61 6e 61 67 65 72 2c 64 ectory
manager,d
0020: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d c=example,dc=com
0030: 80 05 74 65 73 74 31 ..test1
515bf1bf op tag 0x60, time 1364980159
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
515bf1bf conn=1003 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x1cea6f0 ptr=0x1cea6f3 end=0x1cea727 len=52
0000: 60 32 02 01 03 04 26 63 6e 3d 44 69 72 65 63 74 `2....&cn=Direct
0010: 6f 72 79 20 6d 61 6e 61 67 65 72 2c 64 63 3d 65 ory
manager,dc=e
0020: 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 80 05 74 xample,dc=com..t
0030: 65 73 74 31 est1
ber_scanf fmt (m}) ber:
ber_dump: buf=0x1cea6f0 ptr=0x1cea720 end=0x1cea727 len=7
0000: 00 05 74 65 73 74 31 ..test1
515bf1bf >>> dnPrettyNormal: <cn=Directory manager,dc=example,dc=com>
=> ldap_bv2dn(cn=Directory manager,dc=example,dc=com,0)
<= ldap_bv2dn(cn=Directory manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Directory manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=directory manager,dc=example,dc=com)=0
515bf1bf <<< dnPrettyNormal: <cn=Directory manager,dc=example,dc=com>,
<cn=directory manager,dc=example,dc=com>
515bf1bf conn=1003 op=0 BIND dn="cn=Directory manager,dc=example,dc=com"
method=128
515bf1bf do_bind: version=3 dn="cn=Directory manager,dc=example,dc=com"
method=128
515bf1bf ==> hdb_bind: dn: cn=Directory manager,dc=example,dc=com
515bf1bf conn=1003 op=0 BIND dn="cn=Directory manager,dc=example,dc=com"
mech=SIMPLE ssf=0
515bf1bf do_bind: v3 bind: "cn=Directory manager,dc=example,dc=com" to
"cn=Directory manager,dc=example,dc=com"
515bf1bf send_ldap_result: conn=1003 op=0 p=3
515bf1bf send_ldap_result: err=0 matched="" text=""
515bf1bf send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 12
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
515bf1bf conn=1003 op=0 RESULT tag=97 err=0 text=
515bf1bf daemon: activity on 1 descriptor
515bf1bf daemon: activity on:515bf1bf
515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero
515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero
515bf1bf daemon: activity on 1 descriptor
515bf1bf daemon: activity on:515bf1bf 12r515bf1bf
515bf1bf daemon: read active on 12
515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero
515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero
515bf1bf connection_get(12)
515bf1bf connection_get(12): got connid=1003
515bf1bf connection_read(12): checking for input on id=1003
ber_get_next
ldap_read: want=8, got=8
0000: 30 4d 02 01 02 63 48 04 0M...cH.
ldap_read: want=71, got=71
0000: 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f 75 3d 70 (cn=default,ou=p
0010: 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 61 6d 70 olicies,dc=examp
0020: 6c 65 2c 64 63 3d 63 6f 6d 0a 01 00 0a 01 00 02 le,dc=com.......
0030: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0040: 43 6c 61 73 73 30 00 Class0.
ber_get_next: tag 0x30 len 77 contents:
ber_dump: buf=0x1ceaff0 ptr=0x1ceaff0 end=0x1ceb03d len=77
0000: 02 01 02 63 48 04 28 63 6e 3d 64 65 66 61 75 6c ...cH.(cn=defaul
0010: 74 2c 6f 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 t,ou=policies,dc
0020: 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 0a =example,dc=com.
0030: 01 00 0a 01 00 02 01 00 02 01 00 01 01 00 87 0b ................
0040: 6f 62 6a 65 63 74 43 6c 61 73 73 30 00 objectClass0.
515bf1bf op tag 0x63, time 1364980159
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
515bf1bf conn=1003 op=1 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x1ceaff0 ptr=0x1ceaff3 end=0x1ceb03d len=74
0000: 63 48 04 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f cH.(cn=default,o
0010: 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 u=policies,dc=ex
0020: 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 0a 01 00 0a ample,dc=com....
0030: 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a .............obj
0040: 65 63 74 43 6c 61 73 73 30 00 ectClass0.
515bf1bf >>> dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>
=> ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com,0)
<= ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0
515bf1bf <<< dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>,
<cn=default,ou=policies,dc=example,dc=com>
515bf1bf SRCH "cn=default,ou=policies,dc=example,dc=com" 0 0515bf1bf
0 0 0
515bf1bf begin get_filter
515bf1bf PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x1ceaff0 ptr=0x1ceb02e end=0x1ceb03d len=15
0000: 87 0b 6f 62 6a 65 63 74 43 6c 61 73 73 30 00 ..objectClass0.
515bf1bf end get_filter 0
515bf1bf filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x1ceaff0 ptr=0x1ceb03b end=0x1ceb03d len=2
0000: 00 00 ..
515bf1bf attrs:515bf1bf
515bf1bf conn=1003 op=1 SRCH
base="cn=default,ou=policies,dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
515bf1bf => hdb_search
515bf1bf bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com")
515bf1bf => access_allowed: search access to
"cn=default,ou=policies,dc=example,dc=com" "entry" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: search access granted by manage(=mwrscxd)
515bf1bf base_candidates: base:
"cn=default,ou=policies,dc=example,dc=com" (0x000004b5)
515bf1bf => test_filter
515bf1bf PRESENT
515bf1bf => access_allowed: search access to
"cn=default,ou=policies,dc=example,dc=com" "objectClass" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: search access granted by manage(=mwrscxd)
515bf1bf <= test_filter 6
515bf1bf => send_search_entry: conn 1003
dn="cn=default,ou=policies,dc=example,dc=com"
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "entry" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (cn)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "cn" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (objectClass)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "objectClass" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result was in cache (objectClass)
515bf1bf => access_allowed: result was in cache (objectClass)
515bf1bf => access_allowed: result was in cache (objectClass)
515bf1bf => access_allowed: result not in cache (pwdAttribute)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdAttribute" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdExpireWarning)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdExpireWarning" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdInHistory)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdInHistory" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdMustChange)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdMustChange" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdSafeModify)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdSafeModify" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdAllowUserChange)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdAllowUserChange" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdLockout)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdLockout" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdLockoutDuration)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdLockoutDuration" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdMaxFailure)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdMaxFailure" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdMaxAge)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdMaxAge" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdCheckQuality)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdCheckQuality" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf => access_allowed: result not in cache (pwdMinLength)
515bf1bf => access_allowed: read access to
"cn=default,ou=policies,dc=example,dc=com" "pwdMinLength" requested
515bf1bf <= root access granted
515bf1bf => access_allowed: read access granted by manage(=mwrscxd)
515bf1bf conn=1003 op=1 ENTRY dn="cn=default,ou=policies,dc=example,dc=com"
ber_flush2: 440 bytes to sd 12
0000: 30 82 01 b4 02 01 02 64 82 01 ad 04 28 63 6e 3d 0......d....(cn=
0010: 64 65 66 61 75 6c 74 2c 6f 75 3d 70 6f 6c 69 63 default,ou=polic
0020: 69 65 73 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 ies,dc=example,d
0030: 63 3d 63 6f 6d 30 82 01 7f 30 0f 04 02 63 6e 31 c=com0...0...cn1
0040: 09 04 07 64 65 66 61 75 6c 74 30 39 04 0b 6f 62 ...default09..ob
0050: 6a 65 63 74 43 6c 61 73 73 31 2a 04 03 74 6f 70 jectClass1*..top
0060: 04 09 70 77 64 50 6f 6c 69 63 79 04 06 70 65 72 ..pwdPolicy..per
0070: 73 6f 6e 04 10 70 77 64 50 6f 6c 69 63 79 43 68 son..pwdPolicyCh
0080: 65 63 6b 65 72 30 1e 04 0c 70 77 64 41 74 74 72 ecker0...pwdAttr
0090: 69 62 75 74 65 31 0e 04 0c 75 73 65 72 50 61 73 ibute1...userPas
00a0: 73 77 6f 72 64 30 1a 04 10 70 77 64 45 78 70 69 sword0...pwdExpi
00b0: 72 65 57 61 72 6e 69 6e 67 31 06 04 04 33 36 30 reWarning1...360
00c0: 30 30 13 04 0c 70 77 64 49 6e 48 69 73 74 6f 72 00...pwdInHistor
00d0: 79 31 03 04 01 31 30 17 04 0d 70 77 64 4d 75 73 y1...10...pwdMus
00e0: 74 43 68 61 6e 67 65 31 06 04 04 54 52 55 45 30 tChange1...TRUE0
00f0: 18 04 0d 70 77 64 53 61 66 65 4d 6f 64 69 66 79 ...pwdSafeModify
0100: 31 07 04 05 46 41 4c 53 45 30 1c 04 12 70 77 64 1...FALSE0...pwd
0110: 41 6c 6c 6f 77 55 73 65 72 43 68 61 6e 67 65 31 AllowUserChange1
0120: 06 04 04 54 52 55 45 30 15 04 0a 70 77 64 4c 6f ...TRUE0...pwdLo
0130: 63 6b 6f 75 74 31 07 04 05 46 41 4c 53 45 30 1a ckout1...FALSE0.
0140: 04 12 70 77 64 4c 6f 63 6b 6f 75 74 44 75 72 61 ..pwdLockoutDura
0150: 74 69 6f 6e 31 04 04 02 31 32 30 14 04 0d 70 77 tion1...120...pw
0160: 64 4d 61 78 46 61 69 6c 75 72 65 31 03 04 01 35 dMaxFailure1...5
0170: 30 19 04 09 70 77 64 4d 61 78 41 67 65 31 0c 04 0...pwdMaxAge1..
0180: 0a 32 35 39 32 30 30 30 30 30 30 30 16 04 0f 70 .25920000000...p
0190: 77 64 43 68 65 63 6b 51 75 61 6c 69 74 79 31 03 wdCheckQuality1.
01a0: 04 01 32 30 13 04 0c 70 77 64 4d 69 6e 4c 65 6e ..20...pwdMinLen
01b0: 67 74 68 31 03 04 01 37 gth1...7
ldap_write: want=440, written=440
0000: 30 82 01 b4 02 01 02 64 82 01 ad 04 28 63 6e 3d 0......d....(cn=
0010: 64 65 66 61 75 6c 74 2c 6f 75 3d 70 6f 6c 69 63 default,ou=polic
0020: 69 65 73 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 ies,dc=example,d
0030: 63 3d 63 6f 6d 30 82 01 7f 30 0f 04 02 63 6e 31 c=com0...0...cn1
0040: 09 04 07 64 65 66 61 75 6c 74 30 39 04 0b 6f 62 ...default09..ob
0050: 6a 65 63 74 43 6c 61 73 73 31 2a 04 03 74 6f 70 jectClass1*..top
0060: 04 09 70 77 64 50 6f 6c 69 63 79 04 06 70 65 72 ..pwdPolicy..per
0070: 73 6f 6e 04 10 70 77 64 50 6f 6c 69 63 79 43 68 son..pwdPolicyCh
0080: 65 63 6b 65 72 30 1e 04 0c 70 77 64 41 74 74 72 ecker0...pwdAttr
0090: 69 62 75 74 65 31 0e 04 0c 75 73 65 72 50 61 73 ibute1...userPas
00a0: 73 77 6f 72 64 30 1a 04 10 70 77 64 45 78 70 69 sword0...pwdExpi
00b0: 72 65 57 61 72 6e 69 6e 67 31 06 04 04 33 36 30 reWarning1...360
00c0: 30 30 13 04 0c 70 77 64 49 6e 48 69 73 74 6f 72 00...pwdInHistor
00d0: 79 31 03 04 01 31 30 17 04 0d 70 77 64 4d 75 73 y1...10...pwdMus
00e0: 74 43 68 61 6e 67 65 31 06 04 04 54 52 55 45 30 tChange1...TRUE0
00f0: 18 04 0d 70 77 64 53 61 66 65 4d 6f 64 69 66 79 ...pwdSafeModify
0100: 31 07 04 05 46 41 4c 53 45 30 1c 04 12 70 77 64 1...FALSE0...pwd
0110: 41 6c 6c 6f 77 55 73 65 72 43 68 61 6e 67 65 31 AllowUserChange1
0120: 06 04 04 54 52 55 45 30 15 04 0a 70 77 64 4c 6f ...TRUE0...pwdLo
0130: 63 6b 6f 75 74 31 07 04 05 46 41 4c 53 45 30 1a ckout1...FALSE0.
0140: 04 12 70 77 64 4c 6f 63 6b 6f 75 74 44 75 72 61 ..pwdLockoutDura
0150: 74 69 6f 6e 31 04 04 02 31 32 30 14 04 0d 70 77 tion1...120...pw
0160: 64 4d 61 78 46 61 69 6c 75 72 65 31 03 04 01 35 dMaxFailure1...5
0170: 30 19 04 09 70 77 64 4d 61 78 41 67 65 31 0c 04 0...pwdMaxAge1..
0180: 0a 32 35 39 32 30 30 30 30 30 30 30 16 04 0f 70 .25920000000...p
0190: 77 64 43 68 65 63 6b 51 75 61 6c 69 74 79 31 03 wdCheckQuality1.
01a0: 04 01 32 30 13 04 0c 70 77 64 4d 69 6e 4c 65 6e ..20...pwdMinLen
01b0: 67 74 68 31 03 04 01 37 gth1...7
515bf1bf <= send_search_entry: conn 1003 exit.
515bf1bf send_ldap_result: conn=1003 op=1 p=3
515bf1bf send_ldap_result: err=0 matched="" text=""
515bf1bf send_ldap_response: msgid=2 tag=101 err=0
ber_flush2: 14 bytes to sd 12
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
515bf1bf conn=1003 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
515bf1bf daemon: activity on 1 descriptor
515bf1bf daemon: activity on:515bf1bf
515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero
515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero
515bf1c0 daemon: activity on 1 descriptor
515bf1c0 daemon: activity on:515bf1c0 12r515bf1c0
515bf1c0 daemon: read active on 12
515bf1c0 daemon: epoll: listen=7 active_threads=0 tvp=zero
515bf1c0 daemon: epoll: listen=8 active_threads=0 tvp=zero
515bf1c0 connection_get(12)
515bf1c0 connection_get(12): got connid=1003
515bf1c0 connection_read(12): checking for input on id=1003
ber_get_next
ldap_read: want=8, got=8
0000: 30 62 02 01 03 66 5d 04 0b...f].
ldap_read: want=92, got=92
0000: 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f 75 3d 70 (cn=default,ou=p
0010: 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 61 6d 70 olicies,dc=examp
0020: 6c 65 2c 64 63 3d 63 6f 6d 30 31 30 15 0a 01 01 le,dc=com010....
0030: 30 10 04 0c 70 77 64 4d 69 6e 4c 65 6e 67 74 68 0...pwdMinLength
0040: 31 00 30 18 0a 01 00 30 13 04 0c 70 77 64 4d 69 1.0....0...pwdMi
0050: 6e 4c 65 6e 67 74 68 31 03 04 01 38 nLength1...8
ber_get_next: tag 0x30 len 98 contents:
ber_dump: buf=0x1dec740 ptr=0x1dec740 end=0x1dec7a2 len=98
0000: 02 01 03 66 5d 04 28 63 6e 3d 64 65 66 61 75 6c ...f].(cn=defaul
0010: 74 2c 6f 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 t,ou=policies,dc
0020: 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 30 =example,dc=com0
0030: 31 30 15 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 10....0...pwdMin
0040: 4c 65 6e 67 74 68 31 00 30 18 0a 01 00 30 13 04 Length1.0....0..
0050: 0c 70 77 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 .pwdMinLength1..
0060: 01 38 .8
515bf1c0 op tag 0x66, time 1364980160
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
515bf1c0 conn=1003 op=2 do_modify
ber_scanf fmt ({m) ber:
ber_dump: buf=0x1dec740 ptr=0x1dec743 end=0x1dec7a2 len=95
0000: 66 5d 04 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f f].(cn=default,o
0010: 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 u=policies,dc=ex
0020: 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 30 31 30 15 ample,dc=com010.
0030: 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 4c 65 6e ...0...pwdMinLen
0040: 67 74 68 31 00 30 18 0a 01 00 30 13 04 0c 70 77 gth1.0....0...pw
0050: 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 01 38 dMinLength1...8
515bf1c0 conn=1003 op=2 do_modify: dn
(cn=default,ou=policies,dc=example,dc=com)
ber_scanf fmt ({e{m[W]}}) ber:
ber_dump: buf=0x1dec740 ptr=0x1dec771 end=0x1dec7a2 len=49
0000: 30 15 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 4c 0....0...pwdMinL
0010: 65 6e 67 74 68 31 00 30 18 0a 01 00 30 13 04 0c ength1.0....0...
0020: 70 77 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 01 pwdMinLength1...
0030: 38 8
ber_scanf fmt ({e{m[W]}}) ber:
ber_dump: buf=0x1dec740 ptr=0x1dec788 end=0x1dec7a2 len=26
0000: 30 18 0a 01 00 30 13 04 0c 70 77 64 4d 69 6e 4c 0....0...pwdMinL
0010: 65 6e 67 74 68 31 03 04 01 38 ength1...8
515bf1c0 >>> dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>
=> ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com,0)
<= ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0
515bf1c0 <<< dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>,
<cn=default,ou=policies,dc=example,dc=com>
515bf1c0 conn=1003 op=2 modifications:
515bf1c0 delete: pwdMinLength
515bf1c0 no values
515bf1c0 add: pwdMinLength
515bf1c0 one value, length 1
515bf1c0 conn=1003 op=2 MOD dn="cn=default,ou=policies,dc=example,dc=com"
515bf1c0 conn=1003 op=2 MOD attr=pwdMinLength pwdMinLength
515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com")
515bf1c0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=example,dc=com"
515bf1c0 => bdb_entry_get: oc: "(null)", at: "(null)"
515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com")
515bf1c0 => bdb_entry_get: found entry:
"cn=default,ou=policies,dc=example,dc=com"
515bf1c0 bdb_entry_get: rc=0
515bf1c0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=example,dc=com"
515bf1c0 => bdb_entry_get: oc: "(null)", at: "(null)"
515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com")
515bf1c0 => bdb_entry_get: found entry:
"cn=default,ou=policies,dc=example,dc=com"
515bf1c0 bdb_entry_get: rc=0
515bf1c0 ppolicy_get: using default policy
515bf1c0 hdb_modify: cn=default,ou=policies,dc=example,dc=com
515bf1c0 slap_queue_csn: queing 0x7f460d036240
20130403090920.048272Z#000000#000#000000
515bf1c0 hdb_modify: txn1 id: 80000006
515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com")
515bf1c0 hdb_modify: txn2 id: 80000007
515bf1c0 bdb_modify_internal: 0x000004b5:
cn=default,ou=policies,dc=example,dc=com
515bf1c0 <= acl_access_allowed: granted to database root
515bf1c0 bdb_modify_internal: delete pwdMinLength
515bf1c0 bdb_modify_internal: add pwdMinLength
515bf1c0 bdb_modify_internal: replace entryCSN
515bf1c0 bdb_modify_internal: replace modifiersName
515bf1c0 bdb_modify_internal: replace modifyTimestamp
515bf1c0 oc_check_required entry
(cn=default,ou=policies,dc=example,dc=com), objectClass "pwdPolicy"
515bf1c0 oc_check_required entry
(cn=default,ou=policies,dc=example,dc=com), objectClass "person"
515bf1c0 oc_check_required entry
(cn=default,ou=policies,dc=example,dc=com), objectClass "pwdPolicyChecker"
515bf1c0 oc_check_allowed type "cn"
515bf1c0 oc_check_allowed type "objectClass"
515bf1c0 oc_check_allowed type "pwdAttribute"
515bf1c0 oc_check_allowed type "pwdExpireWarning"
515bf1c0 oc_check_allowed type "pwdInHistory"
515bf1c0 oc_check_allowed type "pwdMustChange"
515bf1c0 oc_check_allowed type "pwdSafeModify"
515bf1c0 oc_check_allowed type "structuralObjectClass"
515bf1c0 oc_check_allowed type "entryUUID"
515bf1c0 oc_check_allowed type "creatorsName"
515bf1c0 oc_check_allowed type "createTimestamp"
515bf1c0 oc_check_allowed type "pwdAllowUserChange"
515bf1c0 oc_check_allowed type "pwdLockout"
515bf1c0 oc_check_allowed type "pwdLockoutDuration"
515bf1c0 oc_check_allowed type "pwdMaxFailure"
515bf1c0 oc_check_allowed type "pwdMaxAge"
515bf1c0 oc_check_allowed type "pwdCheckQuality"
515bf1c0 oc_check_allowed type "pwdMinLength"
515bf1c0 oc_check_allowed type "entryCSN"
515bf1c0 oc_check_allowed type "modifiersName"
515bf1c0 oc_check_allowed type "modifyTimestamp"
515bf1c0 => entry_encode(0x000004b5):
515bf1c0 <= entry_encode(0x000004b5):
515bf1c0 daemon: activity on 1 descriptor
515bf1c0 daemon: activity on:515bf1c0
515bf1c0 daemon: epoll: listen=7 active_threads=0 tvp=zero
515bf1c0 daemon: epoll: listen=8 active_threads=0 tvp=zero
and hangs ;/
10 years, 8 months
Re: (ITS#7559) error in configuring openldap
by quanah@zimbra.com
--On Wednesday, April 03, 2013 12:07 AM +0000 amanbista(a)gmail.com wrote:
> Full_Name: amanbista
> Version: 2.4.34
> OS: redhat linux 6.4
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (70.122.251.187)
Please stop filing ITSes. Please use the mailing list as you have already
been advised. These are not bug reports.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
10 years, 8 months
(ITS#7559) error in configuring openldap
by amanbista@gmail.com
Full_Name: amanbista
Version: 2.4.34
OS: redhat linux 6.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (70.122.251.187)
i configured a new openldap server and this is the slapd.conf that i used, but
i am getting error when i execute slaptest . can you please review this
slapd.conf and let me know if there is an issue ?
also can you provide the required documentation for creating this file ?
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include %SYSCONFDIR%/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile %LOCALSTATEDIR%/run/slapd.pid
argsfile %LOCALSTATEDIR%/run/slapd.args
# Load dynamic backend modules:
# modulepath %MODULEDIR%
# moduleload back_bdb.la
# moduleload back_hdb.la
# moduleload back_ldap.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=stjoe,dc=org"
rootdn "cn=Manager,dc=stjoe,dc=org"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}BcjI7JYzETfKUEYSnrOn7EVPHcF7BhAK
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory %LOCALSTATEDIR%/openldap-data
# Indices to maintain
index objectClass eq
10 years, 8 months
Re: (ITS#7558) error in configuring openldap
by quanah@zimbra.com
--On Tuesday, April 02, 2013 11:48 PM +0000 amanbista(a)gmail.com wrote:
> [root@scrdcvcortst05 openldap]# ldapsearch
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Local error (-2)
> additional info: SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure. Minor code may provide more information
> (Credentials cache file '/tmp/krb5cc_0' not found)
The ITS system is for reporting bugs. You have failed to show the
existence of any bug here. Again, please go read the manual pages on how
to use ldapsearch. If you are not able to comprehend them, then use the
openldap-technical(a)openldap.org list to ask for assistance. This ITS will
be closed. Please stop filing new ones until you have an actual bug to
report.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
10 years, 8 months
(ITS#7558) error in configuring openldap
by amanbista@gmail.com
Full_Name: amanbista
Version: 2.4.34
OS: redhat linux 6.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (70.122.251.187)
root@scrdcvcortst05 openldap]# slaptest
bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=my-domain,dc=com".
config file testing succeeded
[root@scrdcvcortst05 openldap]# ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more information (Credentials cache file
'/tmp/krb5cc_0' not found)
10 years, 8 months