openldap-bugs April 2013

openldap-bugs@openldap.org

27 participants
76 discussions

Re: (ITS#7560) ldappasword issue
by quanah＠zimbra.com 03 Apr '13

03 Apr '13

--On Wednesday, April 03, 2013 3:05 PM +0000 aman_bista(a)hotmail.com wrote: > Full_Name: amanbista > Version: 2.4.34 > OS: redhat linux 6.4 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (70.122.251.187) The ITS system is for filing bug reports only. Please direct your usage question to openldap-technical(a)openldap.org. This ITS will be closed. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7560) ldappasword issue
by aman_bista＠hotmail.com 03 Apr '13

03 Apr '13

Full_Name: amanbista Version: 2.4.34 OS: redhat linux 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (70.122.251.187) sir , i configured slapd.conf file, ran slapppaswd, eneted this password in slapd.conf file,i edited /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}bdb.ldif and added olcRootPW: {SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem after i specified monitoring privilleges /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}monitor.ldif changed the default domain name to our domain name updated db edited /etc/sysconfig/ldap SLAPD_LDAPS=yes after that i created certicate and tested configuration, it was successfull. i started ldap server created base domain as vi base.ldif to import base information to ldap directory. i ran command to dapadd -x -W -D cn=Manager,dc=yourdomain,dc=com -f base.ldif this is where it asked me ldappassword. it showed me error. what do i do next. please help. Thank you

1 0

Re: (ITS#7537) ppolicy hangs slapd on 64bit version debian
by marek.platta＠blstream.com 03 Apr '13

03 Apr '13

Hi, my config is: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args loglevel none modulepath /root/openldap-2.4.34/libraries/libldap/ moduleload back_hdb moduleload ppolicy.la sizelimit 99999999 tool-threads 1 backend hdb database monitor database hdb suffix "dc=example,dc=com" overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=example,dc=com" rootdn "cn=Directory Manager,dc=example,dc=com" rootpw {SSHA}5jMwnEvS+5cgKVtQVieEYScUjEQvhSkQ directory "/usr/local/var/openldap-data" dbconfig set_cachesize 0 209715200 0 dbconfig set_lk_max_objects 150000 dbconfig set_lk_max_locks 150000 dbconfig set_lk_max_lockers 150000 index objectClass eq index uid eq index businessUnit eq index cn eq index lead eq index ishidden eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=Directory Manager" write by dn="cn=admin-ro,dc=example,dc=com" read by anonymous auth by self write by * none access to * by dn="cn=Directory Manager" write by * read

1 0

Re: (ITS#7537) ppolicy hangs slapd on 64bit version debian
by hyc＠symas.com 03 Apr '13

03 Apr '13

Howard Chu wrote: > marek.platta(a)blstream.com wrote: >> Hi, >> >> I'm getting same error on 2.4.34 version > > Post your config. Also post a gdb backtrace from slapd when it's in this state. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7537) ppolicy hangs slapd on 64bit version debian
by hyc＠symas.com 03 Apr '13

03 Apr '13

marek.platta(a)blstream.com wrote: > Hi, > > I'm getting same error on 2.4.34 version Post your config. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7537) ppolicy hangs slapd on 64bit version debian
by marek.platta＠blstream.com 03 Apr '13

03 Apr '13

Hi, I'm getting same error on 2.4.34 version slapd says: 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 515bf1bf slap_listener_activate(7): 515bf1bf daemon: epoll: listen=7 busy 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf >>> slap_listener(ldap:///) 515bf1bf daemon: listen=7, new connection on 12 515bf1bf daemon: added 12r (active) listener=(nil) 515bf1bf conn=1003 fd=12 ACCEPT from IP=192.168.6.212:53225 (IP=0.0.0.0:389) 515bf1bf daemon: activity on 2 descriptors 515bf1bf daemon: activity on:515bf1bf 12r515bf1bf 515bf1bf daemon: read active on 12 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf connection_get(12) 515bf1bf connection_get(12): got connid=1003 515bf1bf connection_read(12): checking for input on id=1003 ber_get_next ldap_read: want=8, got=8 0000: 30 37 02 01 01 60 32 02 07...`2. ldap_read: want=49, got=49 0000: 01 03 04 26 63 6e 3d 44 69 72 65 63 74 6f 72 79 ...&cn=Directory 0010: 20 6d 61 6e 61 67 65 72 2c 64 63 3d 65 78 61 6d manager,dc=exam 0020: 70 6c 65 2c 64 63 3d 63 6f 6d 80 05 74 65 73 74 ple,dc=com..test 0030: 31 1 ber_get_next: tag 0x30 len 55 contents: ber_dump: buf=0x1cea6f0 ptr=0x1cea6f0 end=0x1cea727 len=55 0000: 02 01 01 60 32 02 01 03 04 26 63 6e 3d 44 69 72 ...`2....&cn=Dir 0010: 65 63 74 6f 72 79 20 6d 61 6e 61 67 65 72 2c 64 ectory manager,d 0020: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d c=example,dc=com 0030: 80 05 74 65 73 74 31 ..test1 515bf1bf op tag 0x60, time 1364980159 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 515bf1bf conn=1003 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x1cea6f0 ptr=0x1cea6f3 end=0x1cea727 len=52 0000: 60 32 02 01 03 04 26 63 6e 3d 44 69 72 65 63 74 `2....&cn=Direct 0010: 6f 72 79 20 6d 61 6e 61 67 65 72 2c 64 63 3d 65 ory manager,dc=e 0020: 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 80 05 74 xample,dc=com..t 0030: 65 73 74 31 est1 ber_scanf fmt (m}) ber: ber_dump: buf=0x1cea6f0 ptr=0x1cea720 end=0x1cea727 len=7 0000: 00 05 74 65 73 74 31 ..test1 515bf1bf >>> dnPrettyNormal: <cn=Directory manager,dc=example,dc=com> => ldap_bv2dn(cn=Directory manager,dc=example,dc=com,0) <= ldap_bv2dn(cn=Directory manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Directory manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=directory manager,dc=example,dc=com)=0 515bf1bf <<< dnPrettyNormal: <cn=Directory manager,dc=example,dc=com>, <cn=directory manager,dc=example,dc=com> 515bf1bf conn=1003 op=0 BIND dn="cn=Directory manager,dc=example,dc=com" method=128 515bf1bf do_bind: version=3 dn="cn=Directory manager,dc=example,dc=com" method=128 515bf1bf ==> hdb_bind: dn: cn=Directory manager,dc=example,dc=com 515bf1bf conn=1003 op=0 BIND dn="cn=Directory manager,dc=example,dc=com" mech=SIMPLE ssf=0 515bf1bf do_bind: v3 bind: "cn=Directory manager,dc=example,dc=com" to "cn=Directory manager,dc=example,dc=com" 515bf1bf send_ldap_result: conn=1003 op=0 p=3 515bf1bf send_ldap_result: err=0 matched="" text="" 515bf1bf send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ 515bf1bf conn=1003 op=0 RESULT tag=97 err=0 text= 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 12r515bf1bf 515bf1bf daemon: read active on 12 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf connection_get(12) 515bf1bf connection_get(12): got connid=1003 515bf1bf connection_read(12): checking for input on id=1003 ber_get_next ldap_read: want=8, got=8 0000: 30 4d 02 01 02 63 48 04 0M...cH. ldap_read: want=71, got=71 0000: 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f 75 3d 70 (cn=default,ou=p 0010: 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 61 6d 70 olicies,dc=examp 0020: 6c 65 2c 64 63 3d 63 6f 6d 0a 01 00 0a 01 00 02 le,dc=com....... 0030: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0040: 43 6c 61 73 73 30 00 Class0. ber_get_next: tag 0x30 len 77 contents: ber_dump: buf=0x1ceaff0 ptr=0x1ceaff0 end=0x1ceb03d len=77 0000: 02 01 02 63 48 04 28 63 6e 3d 64 65 66 61 75 6c ...cH.(cn=defaul 0010: 74 2c 6f 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 t,ou=policies,dc 0020: 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 0a =example,dc=com. 0030: 01 00 0a 01 00 02 01 00 02 01 00 01 01 00 87 0b ................ 0040: 6f 62 6a 65 63 74 43 6c 61 73 73 30 00 objectClass0. 515bf1bf op tag 0x63, time 1364980159 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 515bf1bf conn=1003 op=1 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x1ceaff0 ptr=0x1ceaff3 end=0x1ceb03d len=74 0000: 63 48 04 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f cH.(cn=default,o 0010: 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 u=policies,dc=ex 0020: 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 0a 01 00 0a ample,dc=com.... 0030: 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a .............obj 0040: 65 63 74 43 6c 61 73 73 30 00 ectClass0. 515bf1bf >>> dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com> => ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com,0) <= ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 515bf1bf <<< dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>, <cn=default,ou=policies,dc=example,dc=com> 515bf1bf SRCH "cn=default,ou=policies,dc=example,dc=com" 0 0515bf1bf 0 0 0 515bf1bf begin get_filter 515bf1bf PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x1ceaff0 ptr=0x1ceb02e end=0x1ceb03d len=15 0000: 87 0b 6f 62 6a 65 63 74 43 6c 61 73 73 30 00 ..objectClass0. 515bf1bf end get_filter 0 515bf1bf filter: (objectClass=*) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x1ceaff0 ptr=0x1ceb03b end=0x1ceb03d len=2 0000: 00 00 .. 515bf1bf attrs:515bf1bf 515bf1bf conn=1003 op=1 SRCH base="cn=default,ou=policies,dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 515bf1bf => hdb_search 515bf1bf bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1bf => access_allowed: search access to "cn=default,ou=policies,dc=example,dc=com" "entry" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: search access granted by manage(=mwrscxd) 515bf1bf base_candidates: base: "cn=default,ou=policies,dc=example,dc=com" (0x000004b5) 515bf1bf => test_filter 515bf1bf PRESENT 515bf1bf => access_allowed: search access to "cn=default,ou=policies,dc=example,dc=com" "objectClass" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: search access granted by manage(=mwrscxd) 515bf1bf <= test_filter 6 515bf1bf => send_search_entry: conn 1003 dn="cn=default,ou=policies,dc=example,dc=com" 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "entry" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (cn) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "cn" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (objectClass) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "objectClass" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result was in cache (objectClass) 515bf1bf => access_allowed: result was in cache (objectClass) 515bf1bf => access_allowed: result was in cache (objectClass) 515bf1bf => access_allowed: result not in cache (pwdAttribute) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdAttribute" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdExpireWarning) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdExpireWarning" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdInHistory) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdInHistory" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMustChange) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMustChange" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdSafeModify) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdSafeModify" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdAllowUserChange) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdAllowUserChange" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdLockout) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdLockout" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdLockoutDuration) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdLockoutDuration" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMaxFailure) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMaxFailure" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMaxAge) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMaxAge" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdCheckQuality) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdCheckQuality" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMinLength) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMinLength" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf conn=1003 op=1 ENTRY dn="cn=default,ou=policies,dc=example,dc=com" ber_flush2: 440 bytes to sd 12 0000: 30 82 01 b4 02 01 02 64 82 01 ad 04 28 63 6e 3d 0......d....(cn= 0010: 64 65 66 61 75 6c 74 2c 6f 75 3d 70 6f 6c 69 63 default,ou=polic 0020: 69 65 73 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 ies,dc=example,d 0030: 63 3d 63 6f 6d 30 82 01 7f 30 0f 04 02 63 6e 31 c=com0...0...cn1 0040: 09 04 07 64 65 66 61 75 6c 74 30 39 04 0b 6f 62 ...default09..ob 0050: 6a 65 63 74 43 6c 61 73 73 31 2a 04 03 74 6f 70 jectClass1*..top 0060: 04 09 70 77 64 50 6f 6c 69 63 79 04 06 70 65 72 ..pwdPolicy..per 0070: 73 6f 6e 04 10 70 77 64 50 6f 6c 69 63 79 43 68 son..pwdPolicyCh 0080: 65 63 6b 65 72 30 1e 04 0c 70 77 64 41 74 74 72 ecker0...pwdAttr 0090: 69 62 75 74 65 31 0e 04 0c 75 73 65 72 50 61 73 ibute1...userPas 00a0: 73 77 6f 72 64 30 1a 04 10 70 77 64 45 78 70 69 sword0...pwdExpi 00b0: 72 65 57 61 72 6e 69 6e 67 31 06 04 04 33 36 30 reWarning1...360 00c0: 30 30 13 04 0c 70 77 64 49 6e 48 69 73 74 6f 72 00...pwdInHistor 00d0: 79 31 03 04 01 31 30 17 04 0d 70 77 64 4d 75 73 y1...10...pwdMus 00e0: 74 43 68 61 6e 67 65 31 06 04 04 54 52 55 45 30 tChange1...TRUE0 00f0: 18 04 0d 70 77 64 53 61 66 65 4d 6f 64 69 66 79 ...pwdSafeModify 0100: 31 07 04 05 46 41 4c 53 45 30 1c 04 12 70 77 64 1...FALSE0...pwd 0110: 41 6c 6c 6f 77 55 73 65 72 43 68 61 6e 67 65 31 AllowUserChange1 0120: 06 04 04 54 52 55 45 30 15 04 0a 70 77 64 4c 6f ...TRUE0...pwdLo 0130: 63 6b 6f 75 74 31 07 04 05 46 41 4c 53 45 30 1a ckout1...FALSE0. 0140: 04 12 70 77 64 4c 6f 63 6b 6f 75 74 44 75 72 61 ..pwdLockoutDura 0150: 74 69 6f 6e 31 04 04 02 31 32 30 14 04 0d 70 77 tion1...120...pw 0160: 64 4d 61 78 46 61 69 6c 75 72 65 31 03 04 01 35 dMaxFailure1...5 0170: 30 19 04 09 70 77 64 4d 61 78 41 67 65 31 0c 04 0...pwdMaxAge1.. 0180: 0a 32 35 39 32 30 30 30 30 30 30 30 16 04 0f 70 .25920000000...p 0190: 77 64 43 68 65 63 6b 51 75 61 6c 69 74 79 31 03 wdCheckQuality1. 01a0: 04 01 32 30 13 04 0c 70 77 64 4d 69 6e 4c 65 6e ..20...pwdMinLen 01b0: 67 74 68 31 03 04 01 37 gth1...7 ldap_write: want=440, written=440 0000: 30 82 01 b4 02 01 02 64 82 01 ad 04 28 63 6e 3d 0......d....(cn= 0010: 64 65 66 61 75 6c 74 2c 6f 75 3d 70 6f 6c 69 63 default,ou=polic 0020: 69 65 73 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 ies,dc=example,d 0030: 63 3d 63 6f 6d 30 82 01 7f 30 0f 04 02 63 6e 31 c=com0...0...cn1 0040: 09 04 07 64 65 66 61 75 6c 74 30 39 04 0b 6f 62 ...default09..ob 0050: 6a 65 63 74 43 6c 61 73 73 31 2a 04 03 74 6f 70 jectClass1*..top 0060: 04 09 70 77 64 50 6f 6c 69 63 79 04 06 70 65 72 ..pwdPolicy..per 0070: 73 6f 6e 04 10 70 77 64 50 6f 6c 69 63 79 43 68 son..pwdPolicyCh 0080: 65 63 6b 65 72 30 1e 04 0c 70 77 64 41 74 74 72 ecker0...pwdAttr 0090: 69 62 75 74 65 31 0e 04 0c 75 73 65 72 50 61 73 ibute1...userPas 00a0: 73 77 6f 72 64 30 1a 04 10 70 77 64 45 78 70 69 sword0...pwdExpi 00b0: 72 65 57 61 72 6e 69 6e 67 31 06 04 04 33 36 30 reWarning1...360 00c0: 30 30 13 04 0c 70 77 64 49 6e 48 69 73 74 6f 72 00...pwdInHistor 00d0: 79 31 03 04 01 31 30 17 04 0d 70 77 64 4d 75 73 y1...10...pwdMus 00e0: 74 43 68 61 6e 67 65 31 06 04 04 54 52 55 45 30 tChange1...TRUE0 00f0: 18 04 0d 70 77 64 53 61 66 65 4d 6f 64 69 66 79 ...pwdSafeModify 0100: 31 07 04 05 46 41 4c 53 45 30 1c 04 12 70 77 64 1...FALSE0...pwd 0110: 41 6c 6c 6f 77 55 73 65 72 43 68 61 6e 67 65 31 AllowUserChange1 0120: 06 04 04 54 52 55 45 30 15 04 0a 70 77 64 4c 6f ...TRUE0...pwdLo 0130: 63 6b 6f 75 74 31 07 04 05 46 41 4c 53 45 30 1a ckout1...FALSE0. 0140: 04 12 70 77 64 4c 6f 63 6b 6f 75 74 44 75 72 61 ..pwdLockoutDura 0150: 74 69 6f 6e 31 04 04 02 31 32 30 14 04 0d 70 77 tion1...120...pw 0160: 64 4d 61 78 46 61 69 6c 75 72 65 31 03 04 01 35 dMaxFailure1...5 0170: 30 19 04 09 70 77 64 4d 61 78 41 67 65 31 0c 04 0...pwdMaxAge1.. 0180: 0a 32 35 39 32 30 30 30 30 30 30 30 16 04 0f 70 .25920000000...p 0190: 77 64 43 68 65 63 6b 51 75 61 6c 69 74 79 31 03 wdCheckQuality1. 01a0: 04 01 32 30 13 04 0c 70 77 64 4d 69 6e 4c 65 6e ..20...pwdMinLen 01b0: 67 74 68 31 03 04 01 37 gth1...7 515bf1bf <= send_search_entry: conn 1003 exit. 515bf1bf send_ldap_result: conn=1003 op=1 p=3 515bf1bf send_ldap_result: err=0 matched="" text="" 515bf1bf send_ldap_response: msgid=2 tag=101 err=0 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ 515bf1bf conn=1003 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1c0 daemon: activity on 1 descriptor 515bf1c0 daemon: activity on:515bf1c0 12r515bf1c0 515bf1c0 daemon: read active on 12 515bf1c0 daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1c0 daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1c0 connection_get(12) 515bf1c0 connection_get(12): got connid=1003 515bf1c0 connection_read(12): checking for input on id=1003 ber_get_next ldap_read: want=8, got=8 0000: 30 62 02 01 03 66 5d 04 0b...f]. ldap_read: want=92, got=92 0000: 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f 75 3d 70 (cn=default,ou=p 0010: 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 61 6d 70 olicies,dc=examp 0020: 6c 65 2c 64 63 3d 63 6f 6d 30 31 30 15 0a 01 01 le,dc=com010.... 0030: 30 10 04 0c 70 77 64 4d 69 6e 4c 65 6e 67 74 68 0...pwdMinLength 0040: 31 00 30 18 0a 01 00 30 13 04 0c 70 77 64 4d 69 1.0....0...pwdMi 0050: 6e 4c 65 6e 67 74 68 31 03 04 01 38 nLength1...8 ber_get_next: tag 0x30 len 98 contents: ber_dump: buf=0x1dec740 ptr=0x1dec740 end=0x1dec7a2 len=98 0000: 02 01 03 66 5d 04 28 63 6e 3d 64 65 66 61 75 6c ...f].(cn=defaul 0010: 74 2c 6f 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 t,ou=policies,dc 0020: 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 30 =example,dc=com0 0030: 31 30 15 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 10....0...pwdMin 0040: 4c 65 6e 67 74 68 31 00 30 18 0a 01 00 30 13 04 Length1.0....0.. 0050: 0c 70 77 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 .pwdMinLength1.. 0060: 01 38 .8 515bf1c0 op tag 0x66, time 1364980160 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 515bf1c0 conn=1003 op=2 do_modify ber_scanf fmt ({m) ber: ber_dump: buf=0x1dec740 ptr=0x1dec743 end=0x1dec7a2 len=95 0000: 66 5d 04 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f f].(cn=default,o 0010: 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 u=policies,dc=ex 0020: 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 30 31 30 15 ample,dc=com010. 0030: 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 4c 65 6e ...0...pwdMinLen 0040: 67 74 68 31 00 30 18 0a 01 00 30 13 04 0c 70 77 gth1.0....0...pw 0050: 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 01 38 dMinLength1...8 515bf1c0 conn=1003 op=2 do_modify: dn (cn=default,ou=policies,dc=example,dc=com) ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x1dec740 ptr=0x1dec771 end=0x1dec7a2 len=49 0000: 30 15 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 4c 0....0...pwdMinL 0010: 65 6e 67 74 68 31 00 30 18 0a 01 00 30 13 04 0c ength1.0....0... 0020: 70 77 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 01 pwdMinLength1... 0030: 38 8 ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x1dec740 ptr=0x1dec788 end=0x1dec7a2 len=26 0000: 30 18 0a 01 00 30 13 04 0c 70 77 64 4d 69 6e 4c 0....0...pwdMinL 0010: 65 6e 67 74 68 31 03 04 01 38 ength1...8 515bf1c0 >>> dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com> => ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com,0) <= ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 515bf1c0 <<< dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>, <cn=default,ou=policies,dc=example,dc=com> 515bf1c0 conn=1003 op=2 modifications: 515bf1c0 delete: pwdMinLength 515bf1c0 no values 515bf1c0 add: pwdMinLength 515bf1c0 one value, length 1 515bf1c0 conn=1003 op=2 MOD dn="cn=default,ou=policies,dc=example,dc=com" 515bf1c0 conn=1003 op=2 MOD attr=pwdMinLength pwdMinLength 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 => bdb_entry_get: oc: "(null)", at: "(null)" 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 => bdb_entry_get: found entry: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 bdb_entry_get: rc=0 515bf1c0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 => bdb_entry_get: oc: "(null)", at: "(null)" 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 => bdb_entry_get: found entry: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 bdb_entry_get: rc=0 515bf1c0 ppolicy_get: using default policy 515bf1c0 hdb_modify: cn=default,ou=policies,dc=example,dc=com 515bf1c0 slap_queue_csn: queing 0x7f460d036240 20130403090920.048272Z#000000#000#000000 515bf1c0 hdb_modify: txn1 id: 80000006 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 hdb_modify: txn2 id: 80000007 515bf1c0 bdb_modify_internal: 0x000004b5: cn=default,ou=policies,dc=example,dc=com 515bf1c0 <= acl_access_allowed: granted to database root 515bf1c0 bdb_modify_internal: delete pwdMinLength 515bf1c0 bdb_modify_internal: add pwdMinLength 515bf1c0 bdb_modify_internal: replace entryCSN 515bf1c0 bdb_modify_internal: replace modifiersName 515bf1c0 bdb_modify_internal: replace modifyTimestamp 515bf1c0 oc_check_required entry (cn=default,ou=policies,dc=example,dc=com), objectClass "pwdPolicy" 515bf1c0 oc_check_required entry (cn=default,ou=policies,dc=example,dc=com), objectClass "person" 515bf1c0 oc_check_required entry (cn=default,ou=policies,dc=example,dc=com), objectClass "pwdPolicyChecker" 515bf1c0 oc_check_allowed type "cn" 515bf1c0 oc_check_allowed type "objectClass" 515bf1c0 oc_check_allowed type "pwdAttribute" 515bf1c0 oc_check_allowed type "pwdExpireWarning" 515bf1c0 oc_check_allowed type "pwdInHistory" 515bf1c0 oc_check_allowed type "pwdMustChange" 515bf1c0 oc_check_allowed type "pwdSafeModify" 515bf1c0 oc_check_allowed type "structuralObjectClass" 515bf1c0 oc_check_allowed type "entryUUID" 515bf1c0 oc_check_allowed type "creatorsName" 515bf1c0 oc_check_allowed type "createTimestamp" 515bf1c0 oc_check_allowed type "pwdAllowUserChange" 515bf1c0 oc_check_allowed type "pwdLockout" 515bf1c0 oc_check_allowed type "pwdLockoutDuration" 515bf1c0 oc_check_allowed type "pwdMaxFailure" 515bf1c0 oc_check_allowed type "pwdMaxAge" 515bf1c0 oc_check_allowed type "pwdCheckQuality" 515bf1c0 oc_check_allowed type "pwdMinLength" 515bf1c0 oc_check_allowed type "entryCSN" 515bf1c0 oc_check_allowed type "modifiersName" 515bf1c0 oc_check_allowed type "modifyTimestamp" 515bf1c0 => entry_encode(0x000004b5): 515bf1c0 <= entry_encode(0x000004b5): 515bf1c0 daemon: activity on 1 descriptor 515bf1c0 daemon: activity on:515bf1c0 515bf1c0 daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1c0 daemon: epoll: listen=8 active_threads=0 tvp=zero and hangs ;/

1 0

Re: (ITS#7559) error in configuring openldap
by quanah＠zimbra.com 02 Apr '13

02 Apr '13

--On Wednesday, April 03, 2013 12:07 AM +0000 amanbista(a)gmail.com wrote: > Full_Name: amanbista > Version: 2.4.34 > OS: redhat linux 6.4 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (70.122.251.187) Please stop filing ITSes. Please use the mailing list as you have already been advised. These are not bug reports. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7559) error in configuring openldap
by amanbista＠gmail.com 02 Apr '13

02 Apr '13

Full_Name: amanbista Version: 2.4.34 OS: redhat linux 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (70.122.251.187) i configured a new openldap server and this is the slapd.conf that i used, but i am getting error when i execute slaptest . can you please review this slapd.conf and let me know if there is an issue ? also can you provide the required documentation for creating this file ? # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include %SYSCONFDIR%/schema/core.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile %LOCALSTATEDIR%/run/slapd.pid argsfile %LOCALSTATEDIR%/run/slapd.args # Load dynamic backend modules: # modulepath %MODULEDIR% # moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=stjoe,dc=org" rootdn "cn=Manager,dc=stjoe,dc=org" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}BcjI7JYzETfKUEYSnrOn7EVPHcF7BhAK # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory %LOCALSTATEDIR%/openldap-data # Indices to maintain index objectClass eq

1 0

Re: (ITS#7558) error in configuring openldap
by quanah＠zimbra.com 02 Apr '13

02 Apr '13

--On Tuesday, April 02, 2013 11:48 PM +0000 amanbista(a)gmail.com wrote: > [root@scrdcvcortst05 openldap]# ldapsearch > SASL/GSSAPI authentication started > ldap_sasl_interactive_bind_s: Local error (-2) > additional info: SASL(-1): generic failure: GSSAPI Error: > Unspecified GSS failure. Minor code may provide more information > (Credentials cache file '/tmp/krb5cc_0' not found) The ITS system is for reporting bugs. You have failed to show the existence of any bug here. Again, please go read the manual pages on how to use ldapsearch. If you are not able to comprehend them, then use the openldap-technical(a)openldap.org list to ask for assistance. This ITS will be closed. Please stop filing new ones until you have an actual bug to report. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7558) error in configuring openldap
by amanbista＠gmail.com 02 Apr '13

02 Apr '13

Full_Name: amanbista Version: 2.4.34 OS: redhat linux 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (70.122.251.187) root@scrdcvcortst05 openldap]# slaptest bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "dc=my-domain,dc=com". config file testing succeeded [root@scrdcvcortst05 openldap]# ldapsearch SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2013