--_000_BE8E19527611BA409D68FF6EA186AF9002A2799ABEREXMBX19ifc1i_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Dear Howard,
below you will find the slapd.conf of the OpenLDAP Proxy and the slapd.conf= of the OpenLDAP Master where you can see which overlays we are using. The debug symbol core dump we will provide asap, we need first install the = debug packages for that on one host.
OpenLDAP Proxy slapd.conf:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/sudo.schema include /etc/openldap/schema/guacConfigGroup.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap moduleload back_ldap.la moduleload auditlog overlay auditlog auditlog /var/lib/ldap/auditlog/ldap.auditlog
TLSCertificateFile /etc/openldap/ssl.crt/server.crt TLSCertificateKeyFile /etc/openldap/ssl.key/server.key TLSCACertificatePath /etc/openldap/ssl.crt/ TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSVerifyClient allow
security ssf=3D112 update_ssf=3D112 tls=3D56
loglevel stats none
sizelimit unlimited
database ldap
protocol-version 3 tls start suffix "dc=3Dxxxx.xx" uri "ldap://xxxx.xx.xxx.xx.xx:389/" idassert-authzFrom "*"
idle-timeout 1500
idletimeout 2700
And here the OpenLDAP Master slapd.conf
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/sudo.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
TLSCertificateFile /etc/openldap/ssl.crt/server.crt TLSCertificateKeyFile /etc/openldap/ssl.key/server.key TLSCACertificatePath /etc/openldap/ssl.crt/ TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSVerifyClient allow
security ssf=3D112 update_ssf=3D112 tls=3D56
password-hash {SHA}
loglevel stats sync none
include /etc/openldap/slapd.access
sizelimit unlimited
database hdb
readonly off suffix "dc=3Dxxx.xx" rootdn "cn=3DManager,dc=3Dxxx.xx" rootpw {SSHA}xxxxxxxxxx directory /var/lib/ldap/ checkpoint 1024 5 cachesize 100000 idlcachesize 100000
index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid eq index uidNumber pres,eq index gidNumber pres,eq index uniqueMember pres,eq index memberOf pres,eq index sudoUser pres,eq,sub index entryCSN,entryUUID eq index mail pres,eq,sub index userClass pres,eq index ipHostNumber eq
overlay unique unique_uri ldap:///?uid?sub
overlay ppolicy ppolicy_default "cn=3Dxxxx,ou=3Dxxxxx,dc=3Dxxxx,dc=3Dxxxx.xx" ppolicy_use_lockout
overlay memberof memberof-group-oc groupOfUniqueNames memberof-member-ad uniqueMember memberof-refint true memberof-dn cn=3DMemberOfOverlay,dc=3Dxxx.xx
overlay auditlog auditlog /var/lib/ldap/auditlog/ldap.auditlog
database monitor
best Regards Adrian
--_000_BE8E19527611BA409D68FF6EA186AF9002A2799ABEREXMBX19ifc1i_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.E-MailFormatvorlage17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} @page WordSection1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"DE-CH" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">Dear Howard,<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">below you will find the slapd.c= onf of the OpenLDAP Proxy and the slapd.conf of the OpenLDAP Master where y= ou can see which overlays we are using.<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">The debug symbol core dump we w= ill provide asap, we need first install the debug packages for that on one = host. <o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">OpenLDAP Proxy slapd.conf:<o:p>= </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/core.schema<o:p></o:p><= /span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/cosine.schema<o:p></o:p=
</span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/inetorgperson.schema<o:= p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/openldap.schema<o:p></o= :p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/rfc2307bis.schema<o:p><= /o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/ppolicy.schema<o:p></o:= p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/sudo.schema<o:p></o:p><= /span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/guacConfigGroup.schema<= o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">pidfile = /var/run/slapd/slapd.pid<o:p></o:p></span></= p> <p class=3D"MsoNormal"><span lang=3D"EN-US">argsfile  = ; /var/run/slapd/slapd.args<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">modulepath /u= sr/lib/openldap<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">moduleload ba= ck_ldap.la<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">moduleload &nb= sp; auditlog<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">overlay = auditlog<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">auditlog  = ; /var/lib/ldap/auditlog/ldap.auditlog<o:p></o:p></span><= /p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"FR-CH">TLSCertificateFile &= nbsp; /etc/openldap/ssl.crt/server.crt<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"FR-CH">TLSCertificateKeyFile /et= c/openldap/ssl.key/server.key<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"FR-CH">TLSCACertificatePath  = ; /etc/openldap/ssl.crt/<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">TLSCipherSuite  = ; HIGH:MEDIUM:-SSLv2<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">TLSVerifyClient &nbs= p; allow<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">security ssf=3D112 update_ssf= =3D112 tls=3D56<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">loglevel  = ; stats none<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">sizelimit &nbs= p; unlimited<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">database  = ; ldap<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">protocol-version &nb= sp; 3<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">tls &nbs= p; = start<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">suffix &= nbsp; "dc=3Dxxxx.xx&qu= ot;<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">uri &nbs= p; = "ldap://xxxx.xx.xxx.xx.xx:389/"<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">idassert-authzFrom "= *"<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">idle-timeout &= nbsp; 1500<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">idletimeout &n= bsp; 2700<o:p></o:p></span></p> <div style=3D"mso-element:para-border-div;border:none;border-bottom:solid w= indowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm"> <p class=3D"MsoNormal" style=3D"border:none;padding:0cm"><span lang=3D"EN-U= S"><o:p> </o:p></span></p> </div> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">And here the OpenLDAP Master sl= apd.conf<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/core.schema<o:p></o:p><= /span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/cosine.schema<o:p></o:p=
</span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/inetorgperson.schema<o:= p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/openldap.schema<o:p></o= :p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/rfc2307bis.schema<o:p><= /o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/ppolicy.schema<o:p></o:= p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/schema/sudo.schema<o:p></o:p><= /span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">pidfile  = ; /var/run/slapd/slapd.pid<o:p></o:p></span></= p> <p class=3D"MsoNormal"><span lang=3D"EN-US">argsfile  = ; /var/run/slapd/slapd.args<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">modulepath &nb= sp; /usr/lib/openldap/modules<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">TLSCertificateFile &= nbsp; /etc/openldap/ssl.crt/server.crt<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">TLSCertificateKeyFile /et= c/openldap/ssl.key/server.key<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">TLSCACertificatePath  = ; /etc/openldap/ssl.crt/<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">TLSCipherSuite  = ; HIGH:MEDIUM:-SSLv2<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">TLSVerifyClient &nbs= p; allow<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">security ssf=3D112 update_ssf= =3D112 tls=3D56<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">password-hash {SHA}<o:p></o:p><= /span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">loglevel  = ; stats sync none<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">include = /etc/openldap/slapd.access<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">sizelimit &nbs= p; unlimited<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">database  = ; hdb<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">readonly  = ; off<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">suffix &= nbsp; "dc=3Dxxx.xx"<o:p></o:p></spa= n></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">rootdn &= nbsp; "cn=3DManager,dc=3Dxxx.xx"<o:= p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">rootpw &= nbsp; {SSHA}xxxxxxxxxx<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">directory &nbs= p; /var/lib/ldap/<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">checkpoint &nb= sp; 1024 5<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">cachesize &nbs= p; 100000<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">idlcachesize &= nbsp; 100000<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index objectClass &n= bsp; eq<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index cn  = ; &n= bsp; pres,sub,eq<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index sn  = ; &n= bsp; pres,sub,eq<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index uid &nbs= p; &= nbsp; eq<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index uidNumber &nbs= p; pres,eq<o:p></o:p>= </span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index gidNumber &nbs= p; pres,eq<o:p></o:p>= </span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index uniqueMember &= nbsp; pres,eq<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index memberOf  = ; pres,eq<o:p><= /o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index sudoUser  = ; pres,eq,sub<o= :p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index entryCSN,entryUUID &= nbsp; eq<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index mail &nb= sp; = pres,eq,sub<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index userClass &nbs= p; pres,eq<o:p></o:p>= </span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">index ipHostNumber &= nbsp; eq<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">overlay unique<o:p></o:p></span=
</p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">unique_uri ldap:///?uid?sub<o:p=
</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">overlay = ppolicy<o:p></o:p></span><= /p> <p class=3D"MsoNormal"><span lang=3D"EN-US">ppolicy_default &nbs= p; "cn=3Dxxxx,ou=3Dxxxxx,dc=3Dxxxx,dc=3Dxxxx.xx"<o:p></o:p>= </span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">ppolicy_use_lockout<o:p></o:p><= /span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">overlay = memberof<o:p></o:p></span>= </p> <p class=3D"MsoNormal"><span lang=3D"EN-US">memberof-group-oc g= roupOfUniqueNames<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">memberof-member-ad unique= Member<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">memberof-refint &nbs= p; true<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">memberof-dn &n= bsp; cn=3DMemberOfOverlay,dc=3Dxxx.xx<o:p></o:p></s= pan></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">overlay = auditlog<o:p></o:p></span>= </p> <p class=3D"MsoNormal"><span lang=3D"EN-US">auditlog  = ; /var/lib/ldap/auditlog/ldap.aud= itlog<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">database  = ; monitor<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">best Regards<o:p></o:p></span><= /p> <p class=3D"MsoNormal"><span lang=3D"EN-US">Adrian<o:p></o:p></span></p> </div> </body> </html>
--_000_BE8E19527611BA409D68FF6EA186AF9002A2799ABEREXMBX19ifc1i_--
-
Adrian.Raemy@vtg.admin.ch