Hi
I'm testing OpenLDAP 2.3.27 (RPM) on Centos 5.2, used as a reverse proxy to AD. When slapd is run with debugging disabled (or set to 0), search requests throw the following error:
DSID-0C090627: In order to perform this operation a successful bind must be completed on the connection.
When run with any other debug value, it returns the results correctly. In both cases, the logs show a successful bind with the acl-bind user, the search finds the correct result, and acl's show access granted to read. The only difference is what is returned
Non-working: Feb 19 11:17:20 localhost slapd[2916]: conn=0 op=1 ENTRY dn="cn=neil garratt,ou=admins,ou=users,ou=cape town,ou=networks unlimited,dc=nu,dc=local" Feb 19 11:17:20 localhost slapd[2916]: <= send_search_entry: conn 0 exit. Feb 19 11:17:20 localhost slapd[2916]: send_ldap_result: conn=0 op=1 p=3 Feb 19 11:17:20 localhost slapd[2916]: send_ldap_result: err=1 matched="" text="00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece" Feb 19 11:17:20 localhost slapd[2916]: send_ldap_response: msgid=2 tag=101 err=1 Feb 19 11:17:20 localhost slapd[2916]: conn=0 op=1 SEARCH RESULT tag=101 err=1 nentries=1 text=00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
Working: Feb 19 11:18:42 localhost slapd[2949]: conn=0 op=1 ENTRY dn="cn=neil garratt,ou=admins,ou=users,ou=cape town,ou=networks unlimited,dc=nu,dc=local" Feb 19 11:18:42 localhost slapd[2949]: <= send_search_entry: conn 0 exit. Feb 19 11:18:42 localhost slapd[2949]: send_ldap_result: conn=0 op=1 p=3 Feb 19 11:18:42 localhost slapd[2949]: send_ldap_result: err=0 matched="" text="" Feb 19 11:18:42 localhost slapd[2949]: send_ldap_response: msgid=2 tag=101 err=0 Feb 19 11:18:42 localhost slapd[2949]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd.conf: access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to * by self write by users read by anonymous auth
loglevel any
database ldap suffix "dc=nu,dc=local" uri "ldap://cptdc1.nu.local" acl-bind bindmethod=simple binddn="CN=LDAP,OU=Service Accounts,DC=nu,DC=local" credentials="xxxxxxxxxxxx"
--On Thursday, February 19, 2009 10:23 AM +0200 Neil Garratt ngarratt@gmail.com wrote:
Hi
I'm testing OpenLDAP 2.3.27 (RPM) on Centos 5.2, used as a reverse proxy to AD. When slapd is run with debugging disabled (or set to 0), search requests throw the following error:
OpenLDAP 2.3.27 is ancient. OpenLDAP 2.3.43 was the final OpenLDAP 2.3 release.
The current release is OpenLDAP 2.4.14. I suggest you retry with a modern version of OpenLDAP, as numerous issues have been fixed since 2.3.27.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-
Neil Garratt -
Quanah Gibson-Mount