quanah@zimbra.com wrote:
Full_Name: Quanah Gibson-Mount Version: 2.4.18 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.29.239)
I see the following logged at level 256:
Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 fd=117 ACCEPT from IP=171.67.219.70:51122 (IP=0.0.0.0:389) Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=0 BIND dn="" method=163 Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=0 RESULT tag=97 err=14 text=SASL(0): successful result: Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=1 BIND dn="" method=163 Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=1 RESULT tag=97 err=14 text=SASL(0): successful result: Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=2 BIND dn="" method=163 Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=2 BIND authcid="service/vacation@stanford.edu" authzid="service/vacation@stanford.edu" Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=2 BIND dn="cn=vacation,cn=service,cn=applications,dc=stanford,dc=edu" mech=GSSAPI sasl_ssf=56 ssf=56 Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=2 RESULT tag=97 err=0 text= Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=3 do_search: invalid dn (basedn) Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 op=3 SEARCH RESULT tag=101 err=34 nentries=0 text=invalid DN Sep 28 17:35:23 ldap1 slapd[18015]: conn=409 fd=117 closed (connection lost)
Since the actual search is not logged, there is no way to determine what the invalid DN being used is in this case. This seems faulty. I'd expect to see some additional logging like:
The invalid DN *was* logged, it was "basedn". Sounds like you have a really badly configured client out there somewhere.
Closing this ITS...