2:26 a.m.
--_000_BE8E19527611BA409D68FF6EA186AF9002A2799ABEREXMBX19ifc1i_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Dear Howard,
below you will find the slapd.conf of the OpenLDAP Proxy and the slapd.conf=
of the OpenLDAP Master where you can see which overlays we are using.
The debug symbol core dump we will provide asap, we need first install the =
debug packages for that on one host.
OpenLDAP Proxy slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/guacConfigGroup.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap
moduleload back_ldap.la
moduleload auditlog
overlay auditlog
auditlog /var/lib/ldap/auditlog/ldap.auditlog
TLSCertificateFile /etc/openldap/ssl.crt/server.crt
TLSCertificateKeyFile /etc/openldap/ssl.key/server.key
TLSCACertificatePath /etc/openldap/ssl.crt/
TLSCipherSuite HIGH:MEDIUM:-SSLv2
TLSVerifyClient allow
security ssf=3D112 update_ssf=3D112 tls=3D56
loglevel stats none
sizelimit unlimited
database ldap
protocol-version 3
tls start
suffix "dc=3Dxxxx.xx"
uri "ldap://xxxx.xx.xxx.xx.xx:389/"
idassert-authzFrom "*"
idle-timeout 1500
idletimeout 2700
And here the OpenLDAP Master slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/sudo.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
TLSCertificateFile /etc/openldap/ssl.crt/server.crt
TLSCertificateKeyFile /etc/openldap/ssl.key/server.key
TLSCACertificatePath /etc/openldap/ssl.crt/
TLSCipherSuite HIGH:MEDIUM:-SSLv2
TLSVerifyClient allow
security ssf=3D112 update_ssf=3D112 tls=3D56
password-hash {SHA}
loglevel stats sync none
include /etc/openldap/slapd.access
sizelimit unlimited
database hdb
readonly off
suffix "dc=3Dxxx.xx"
rootdn "cn=3DManager,dc=3Dxxx.xx"
rootpw {SSHA}xxxxxxxxxx
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 100000
idlcachesize 100000
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid eq
index uidNumber pres,eq
index gidNumber pres,eq
index uniqueMember pres,eq
index memberOf pres,eq
index sudoUser pres,eq,sub
index entryCSN,entryUUID eq
index mail pres,eq,sub
index userClass pres,eq
index ipHostNumber eq
overlay unique
unique_uri ldap:///?uid?sub
overlay ppolicy
ppolicy_default "cn=3Dxxxx,ou=3Dxxxxx,dc=3Dxxxx,dc=3Dxxxx.xx"
ppolicy_use_lockout
overlay memberof
memberof-group-oc groupOfUniqueNames
memberof-member-ad uniqueMember
memberof-refint true
memberof-dn cn=3DMemberOfOverlay,dc=3Dxxx.xx
overlay auditlog
auditlog /var/lib/ldap/auditlog/ldap.auditlog
database monitor
best Regards
Adrian
--_000_BE8E19527611BA409D68FF6EA186AF9002A2799ABEREXMBX19ifc1i_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml"
xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word"
=
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"
xmlns=3D"http:=
//www.w3.org/TR/REC-html40" <head <meta http-equiv=3D"Content-Type"
content=3D"text/html; charset=3Dus-ascii"=
<meta name=3D"Generator" content=3D"Microsoft
Word 14 (filtered medium)" <style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" / </xml><![endif]--><!--[if gte mso
9]><xml <o:shapelayout
v:ext=3D"edit" <o:idmap v:ext=3D"edit"
data=3D"1" /
</o:shapelayout></xml><![endif]--
</head <body lang=3D"DE-CH"
link=3D"blue" vlink=3D"purple" <div
class=3D"WordSection1" <p
class=3D"MsoNormal">Dear Howard,<o:p></o:p></p <p
class=3D"MsoNormal"><o:p> </o:p></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">below you will find the slapd.c=
onf of the OpenLDAP Proxy and the slapd.conf of the OpenLDAP Master where y=
ou can see which overlays we are using.<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">The debug symbol core dump we w=
ill provide asap, we need first install the debug packages for that on one =
host.
<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">OpenLDAP Proxy slapd.conf:<o:p>=
</o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/core.schema<o:p></o:p><=
/span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/cosine.schema<o:p></o:p=
></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/inetorgperson.schema<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/openldap.schema<o:p></o=
:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/rfc2307bis.schema<o:p><=
/o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/ppolicy.schema<o:p></o:=
p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/sudo.schema<o:p></o:p><=
/span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/guacConfigGroup.schema<=
o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">pidfile =
/var/run/slapd/slapd.pid<o:p></o:p></span></=
p <p class=3D"MsoNormal"><span
lang=3D"EN-US">argsfile  =
;
/var/run/slapd/slapd.args<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">modulepath /u=
sr/lib/openldap<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">moduleload ba=
ck_ldap.la<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">moduleload &nb=
sp; auditlog<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">overlay =
auditlog<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">auditlog  =
;
/var/lib/ldap/auditlog/ldap.auditlog<o:p></o:p></span><=
/p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"FR-CH">TLSCertificateFile &=
nbsp;
/etc/openldap/ssl.crt/server.crt<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"FR-CH">TLSCertificateKeyFile /et=
c/openldap/ssl.key/server.key<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"FR-CH">TLSCACertificatePath  =
; /etc/openldap/ssl.crt/<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">TLSCipherSuite  =
;
HIGH:MEDIUM:-SSLv2<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">TLSVerifyClient &nbs=
p;
allow<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">security ssf=3D112 update_ssf=
=3D112 tls=3D56<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">loglevel  =
; stats none<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">sizelimit &nbs=
p; unlimited<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">database  =
;
ldap<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">protocol-version &nb=
sp; 3<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">tls &nbs=
p;
=
start<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">suffix &=
nbsp;
"dc=3Dxxxx.xx&qu=
ot;<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">uri &nbs=
p;
=
"ldap://xxxx.xx.xxx.xx.xx:389/"<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">idassert-authzFrom "=
*"<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">idle-timeout &=
nbsp; 1500<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">idletimeout &n=
bsp;
2700<o:p></o:p></span></p <div
style=3D"mso-element:para-border-div;border:none;border-bottom:solid w=
indowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm" <p
class=3D"MsoNormal" style=3D"border:none;padding:0cm"><span
lang=3D"EN-U=
S"><o:p> </o:p></span></p </div <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">And here the OpenLDAP Master sl=
apd.conf<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/core.schema<o:p></o:p><=
/span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/cosine.schema<o:p></o:p=
></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/inetorgperson.schema<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/openldap.schema<o:p></o=
:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/rfc2307bis.schema<o:p><=
/o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/ppolicy.schema<o:p></o:=
p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/schema/sudo.schema<o:p></o:p><=
/span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">pidfile  =
; /var/run/slapd/slapd.pid<o:p></o:p></span></=
p <p class=3D"MsoNormal"><span
lang=3D"EN-US">argsfile  =
;
/var/run/slapd/slapd.args<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">modulepath &nb=
sp;
/usr/lib/openldap/modules<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">TLSCertificateFile &=
nbsp;
/etc/openldap/ssl.crt/server.crt<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">TLSCertificateKeyFile /et=
c/openldap/ssl.key/server.key<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">TLSCACertificatePath  =
; /etc/openldap/ssl.crt/<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">TLSCipherSuite  =
;
HIGH:MEDIUM:-SSLv2<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">TLSVerifyClient &nbs=
p;
allow<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">security ssf=3D112 update_ssf=
=3D112 tls=3D56<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">password-hash {SHA}<o:p></o:p><=
/span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">loglevel  =
; stats sync
none<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">include =
/etc/openldap/slapd.access<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">sizelimit &nbs=
p; unlimited<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">database  =
;
hdb<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">readonly  =
;
off<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">suffix &=
nbsp;
"dc=3Dxxx.xx"<o:p></o:p></spa=
n></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">rootdn &=
nbsp;
"cn=3DManager,dc=3Dxxx.xx"<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">rootpw &=
nbsp;
{SSHA}xxxxxxxxxx<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">directory &nbs=
p;
/var/lib/ldap/<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">checkpoint &nb=
sp; 1024 5<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">cachesize &nbs=
p; 100000<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">idlcachesize &=
nbsp; 100000<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">index objectClass &n=
bsp;
eq<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
cn  =
; &n=
bsp; pres,sub,eq<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">index sn  =
; &n=
bsp; pres,sub,eq<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">index uid &nbs=
p; &=
nbsp; eq<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
uidNumber &nbs=
p;
pres,eq<o:p></o:p>=
</span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
gidNumber &nbs=
p;
pres,eq<o:p></o:p>=
</span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
uniqueMember &=
nbsp;
pres,eq<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
memberOf  =
;
pres,eq<o:p><=
/o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
sudoUser  =
;
pres,eq,sub<o=
:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
entryCSN,entryUUID &=
nbsp; eq<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
mail &nb=
sp; =
pres,eq,sub<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">index userClass &nbs=
p;
pres,eq<o:p></o:p>=
</span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">index
ipHostNumber &=
nbsp;
eq<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">overlay unique<o:p></o:p></span=
></p <p
class=3D"MsoNormal"><span lang=3D"EN-US">unique_uri
ldap:///?uid?sub<o:p=
></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">overlay =
ppolicy<o:p></o:p></span><=
/p <p class=3D"MsoNormal"><span
lang=3D"EN-US">ppolicy_default &nbs=
p;
"cn=3Dxxxx,ou=3Dxxxxx,dc=3Dxxxx,dc=3Dxxxx.xx"<o:p></o:p>=
</span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">ppolicy_use_lockout<o:p></o:p><=
/span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">overlay =
memberof<o:p></o:p></span>=
</p <p class=3D"MsoNormal"><span
lang=3D"EN-US">memberof-group-oc g=
roupOfUniqueNames<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">memberof-member-ad unique=
Member<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">memberof-refint &nbs=
p; true<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US">memberof-dn &n=
bsp;
cn=3DMemberOfOverlay,dc=3Dxxx.xx<o:p></o:p></s=
pan></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">overlay =
auditlog<o:p></o:p></span>=
</p <p class=3D"MsoNormal"><span
lang=3D"EN-US">auditlog  =
;
/var/lib/ldap/auditlog/ldap.aud=
itlog<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">database  =
;
monitor<o:p></o:p></span></p <p
class=3D"MsoNormal"><span
lang=3D"EN-US"><o:p> </o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US">best Regards<o:p></o:p></span><=
/p <p class=3D"MsoNormal"><span
lang=3D"EN-US">Adrian<o:p></o:p></span></p </div
</body </html
--_000_BE8E19527611BA409D68FF6EA186AF9002A2799ABEREXMBX19ifc1i_--
3000
days inactive
3000
days old
0 comments
1 participants
participants (1)
-
Adrian.Raemy@vtg.admin.ch