PANIC: fatal region error detected; run recovery OR Internal (implementation specific) error (80)
by Brent Clark
Hi all
Im starting to take the plunge to learn LDAP.
Im reading the "OpenLDAP Software 2.3 Administrators Guide".
Im trying to start out by creating databases and doing a query.
I use debian (testing), and so have editted the slapd.conf file.
============== Cut and Paste
database bdb
suffix "dc=brent,dc=local"
rootdn "cn=Manager,dc=brent,dc=local"
#rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
rootpw secret
directory "/var/lib/ldap"
database bdb
suffix "dc=com,dc=local,dc=edu,dc=org"
rootdn "cn=Manager,dc=com,dc=local,dc=edu,dc=org"
#rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
rootpw secret
directory "/var/lib/ldap"
oot@zion:/etc/ldap# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=brent,dc=local
namingContexts: dc=com,dc=local,dc=edu,dc=org
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
root@zion:/etc/ldap#
So now if i try to add via ldapadd, I get the following
zion:/tmp/ldap# ldapadd -x -D "cn=Manager,dc=brent,dc=local" -W -f
/home/bclark/OPENLDAP/test1
Enter LDAP Password:
adding new entry "dc=brent, dc=local"
ldapadd: Internal (implementation specific) error (80)
And here is my test1 file
zion:/tmp/ldap# cat /home/bclark/OPENLDAP/test1
# Domain Entry
dn: dc=brent, dc=local
objectclass: dcObject
objectclass: organization
o: Abc Consulting
dc: brent.local
dn:cn=Manager,dc=brent, dc=local
objectclass: organizationalRole
cn=Manager
zion:/tmp/ldap#
I really dont know why this is happening, and what am I doing wrong. I
increased the loglevel to 1 and this has sparked an interest.
Jan 6 01:33:06 zion slapd[25718]: >>> dnPrettyNormal:
<cn=Manager,dc=brent,dc=local>
Jan 6 01:33:06 zion slapd[25718]: <<< dnPrettyNormal:
<cn=Manager,dc=brent,dc=local>, <cn=manager,dc=brent,dc=local>
Jan 6 01:33:06 zion slapd[25718]: do_bind: version=3
dn="cn=Manager,dc=brent,dc=local" method=128
Jan 6 01:33:06 zion slapd[25718]: do_bind: v3 bind:
"cn=Manager,dc=brent,dc=local" to "cn=Manager,dc=brent,dc=local"
Jan 6 01:33:06 zion slapd[25718]: send_ldap_result: conn=5 op=0 p=3
Jan 6 01:33:06 zion slapd[25718]: send_ldap_response: msgid=1 tag=97 err=0
Jan 6 01:33:06 zion slapd[25718]: connection_get(17): got connid=5
Jan 6 01:33:06 zion slapd[25718]: connection_read(17): checking for
input on id=5
Jan 6 01:33:06 zion slapd[25718]: do_add
Jan 6 01:33:06 zion slapd[25718]: >>> dnPrettyNormal: <dc=brent, dc=local>
Jan 6 01:33:06 zion slapd[25718]: <<< dnPrettyNormal:
<dc=brent,dc=local>, <dc=brent,dc=local>
Jan 6 01:33:06 zion slapd[25718]: bdb(dc=brent,dc=local): PANIC:
fatal region error detected; run recovery
If someone could help, I would me most grateful.
Kind Regards
Brent Clark
15 years, 11 months
handshake failure
by Richard smith
OpenLDAP: slapd 2.3.27
Any help with the following is much appreciated.
Why : 'Can't contact LDAP server (-1)'
'handshake failure'
If I issue ldapsearch without and with options I get the same.
Thanks,
Richard
ldapsearch
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
ldapsearch -H 'ldaps://xxxx.xxxx.xxxx.xxxx:636'
-D 'uid=xxxx,dc=xxxx,dc=xxxx,dc=xxxx,dc=xxxx'
-b 'uid=yyyy,ou=People,dc=xxxx,dc=xxxx,dc=xxxx,dc=xxxx'
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
/var/log/slapd.log
Date Time xxxx slapd[1415]: conn=164 fd=14 ACCEPT from IP=xxxx.xxxx.xxxx.xxxx:33448 (IP=0.0.0.0:636)
Date Time xxxx slapd[1415]: conn=164 fd=14 closed (TLS negotiation failure)
Date Time xxxx slapd[1415]: conn=165 fd=14 ACCEPT from IP=xxxx.xxxx.xxxx.xxxx:33449 (IP=0.0.0.0:636)
Date Time xxxx slapd[1415]: conn=165 fd=14 closed (TLS negotiation failure)
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
15 years, 11 months
ACL - peername
by Net Warrior
Hi there guys, I've got the following configuration with slapd 2.3.19
My aim is to restric user depending on their IP and group, well, this
configuration doesn't work, and this is the first ACL in slapd.conf
access to attrs=userPassword,shadowLastChange
by peername.ip=172.16.4.100%255.255.0.0 set="([uid=] + ([cn=Domain
Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth
by users write
by * none
This one Does
access to attrs=userPassword,shadowLastChange
by peername.regex=172\.16\.4\..* set="([uid=] + ([cn=Domain
Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth
by users write
by * none
Whay is this, I do not know, but is not the real problem, cuz as long as I
know, with regex
I cannot tell which range of IP to limit like with peername.ip, I want to do
this
peername.ip=192.168.1.16%255.255.255.240.
what's worst this doesn't even work
by peername.ip=172.16.4.100 auth
This is the log, trying to connect via secure shell using this ACL
by peername.ip=172.16.4.100%255.255.0.0 set="([uid=] + ([cn=Domain
Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:48 netwarrior slapd[2498]:
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: listen=8, new connection on
13
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: added 13r
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 fd=13 ACCEPT from IP=
172.16.4.120:53861 (IP=0.0.0.0:636)
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:48 netwarrior slapd[2498]: 13r
Jan 1 17:56:48 netwarrior slapd[2498]:
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: read active on 13
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13)
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13): got connid=9
Jan 1 17:56:48 netwarrior slapd[2498]: connection_read(13): checking for
input on id=9
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:48 netwarrior slapd[2498]: 13r
Jan 1 17:56:48 netwarrior slapd[2498]:
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: read active on 13
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13)
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13): got connid=9
Jan 1 17:56:48 netwarrior slapd[2498]: connection_read(13): checking for
input on id=9
Jan 1 17:56:48 netwarrior slapd[2498]: connection_read(13): unable to get
TLS client DN, error=49 id=9
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 fd=13 TLS established
tls_ssf=256 ssf=256
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:48 netwarrior slapd[2498]: 13r
Jan 1 17:56:48 netwarrior slapd[2498]:
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: read active on 13
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13)
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13): got connid=9
Jan 1 17:56:48 netwarrior slapd[2498]: connection_read(13): checking for
input on id=9
Jan 1 17:56:48 netwarrior slapd[2498]: do_bind
Jan 1 17:56:48 netwarrior slapd[2498]: ber_get_next on fd 13 failed errno=11
(Resource temporarily unavailable)
Jan 1 17:56:48 netwarrior slapd[2498]: >>> dnPrettyNormal:
<cn=Manager,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:48 netwarrior slapd[2498]: <<< dnPrettyNormal:
<cn=Manager,dc=netwarrior,dc=com,dc=uy>,
<cn=manager,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:48 netwarrior slapd[2498]: do_bind: version=3
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 op=0 BIND
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:48 netwarrior slapd[2498]: ==> bdb_bind: dn:
cn=Manager,dc=netwarrior,dc=com,dc=uy
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 op=0 BIND
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" mech=SIMPLE ssf=0
Jan 1 17:56:48 netwarrior slapd[2498]: do_bind: v3 bind:
"cn=Manager,dc=netwarrior,dc=com,dc=uy" to
"cn=Manager,dc=netwarrior,dc=com,dc=uy"
Jan 1 17:56:48 netwarrior slapd[2498]: send_ldap_result: conn=9 op=0 p=3
Jan 1 17:56:48 netwarrior slapd[2498]: send_ldap_result: err=0 matched=""
text=""
Jan 1 17:56:48 netwarrior slapd[2498]: send_ldap_response: msgid=1 tag=97
err=0
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 op=0 RESULT tag=97 err=0 text=
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on 2 descriptors
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:48 netwarrior slapd[2498]: 13r
Jan 1 17:56:48 netwarrior slapd[2498]:
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: read active on 13
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13)
Jan 1 17:56:48 netwarrior slapd[2498]: connection_get(13): got connid=9
Jan 1 17:56:48 netwarrior slapd[2498]: connection_read(13): checking for
input on id=9
Jan 1 17:56:48 netwarrior slapd[2498]: do_search
Jan 1 17:56:48 netwarrior slapd[2498]: >>> dnPrettyNormal:
<dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:48 netwarrior slapd[2498]: <<< dnPrettyNormal:
<dc=netwarrior,dc=com,dc=uy>, <dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:48 netwarrior slapd[2498]: SRCH "dc=netwarrior,dc=com,dc=uy" 2 0
Jan 1 17:56:48 netwarrior slapd[2498]: 1 0 0
Jan 1 17:56:48 netwarrior slapd[2498]: begin get_filter
Jan 1 17:56:48 netwarrior slapd[2498]: AND
Jan 1 17:56:48 netwarrior slapd[2498]: begin get_filter_list
Jan 1 17:56:48 netwarrior slapd[2498]: begin get_filter
Jan 1 17:56:48 netwarrior slapd[2498]: EQUALITY
Jan 1 17:56:48 netwarrior slapd[2498]: end get_filter 0
Jan 1 17:56:48 netwarrior slapd[2498]: begin get_filter
Jan 1 17:56:48 netwarrior slapd[2498]: EQUALITY
Jan 1 17:56:48 netwarrior slapd[2498]: end get_filter 0
Jan 1 17:56:48 netwarrior slapd[2498]: end get_filter_list
Jan 1 17:56:48 netwarrior slapd[2498]: end get_filter 0
Jan 1 17:56:48 netwarrior slapd[2498]: filter:
(&(objectClass=ipHost)(ipHostNumber=172.16.4.100))
Jan 1 17:56:48 netwarrior slapd[2498]: attrs:
Jan 1 17:56:48 netwarrior slapd[2498]: cn
Jan 1 17:56:48 netwarrior slapd[2498]: ipHostNumber
Jan 1 17:56:48 netwarrior slapd[2498]:
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 op=1 SRCH
base="dc=netwarrior,dc=com,dc=uy" scope=2 deref=0
filter="(&(objectClass=ipHost)(ipHostNumber=172.16.4.100))"
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 op=1 SRCH attr=cn ipHostNumber
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_search
Jan 1 17:56:48 netwarrior slapd[2498]:
bdb_dn2entry("dc=netwarrior,dc=com,dc=uy")
Jan 1 17:56:48 netwarrior slapd[2498]: =>
bdb_dn2id("dc=netwarrior,dc=com,dc=uy")
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_dn2id: got id=0x00000001
Jan 1 17:56:48 netwarrior slapd[2498]: entry_decode:
"dc=netwarrior,dc=com,dc=uy"
Jan 1 17:56:48 netwarrior slapd[2498]: <=
entry_decode(dc=netwarrior,dc=com,dc=uy)
Jan 1 17:56:48 netwarrior slapd[2498]: search_candidates:
base="dc=netwarrior,dc=com,dc=uy" (0x00000001) scope=2
Jan 1 17:56:48 netwarrior slapd[2498]: =>
bdb_dn2idl("dc=netwarrior,dc=com,dc=uy")
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_filter_candidates
Jan 1 17:56:48 netwarrior slapd[2498]: AND
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_list_candidates 0xa0
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_filter_candidates
Jan 1 17:56:48 netwarrior slapd[2498]: OR
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_list_candidates 0xa1
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_filter_candidates
Jan 1 17:56:48 netwarrior slapd[2498]: EQUALITY
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_equality_candidates
(objectClass)
Jan 1 17:56:48 netwarrior slapd[2498]: => key_read
Jan 1 17:56:48 netwarrior slapd[2498]: bdb_idl_fetch_key: [b49d1940]
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_index_read: failed (-30989)
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_equality_candidates: id=0,
first=0, last=0
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_filter_candidates
Jan 1 17:56:48 netwarrior slapd[2498]: AND
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_list_candidates 0xa0
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_filter_candidates
Jan 1 17:56:48 netwarrior slapd[2498]: EQUALITY
Jan 1 17:56:48 netwarrior slapd[2498]: => bdb_equality_candidates
(objectClass)
Jan 1 17:56:48 netwarrior slapd[2498]: => key_read
Jan 1 17:56:48 netwarrior slapd[2498]: bdb_idl_fetch_key: [7ec2180d]
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_index_read: failed (-30989)
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_equality_candidates: id=0,
first=0, last=0
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_filter_candidates: id=0
first=0 last=0
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_list_candidates: id=0 first=0
last=0
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_filter_candidates: id=0
first=0 last=0
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_list_candidates: id=0 first=0
last=0
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_filter_candidates: id=0
first=0 last=0
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_list_candidates: id=0 first=1
last=0
Jan 1 17:56:48 netwarrior slapd[2498]: <= bdb_filter_candidates: id=0
first=1 last=0
Jan 1 17:56:48 netwarrior slapd[2498]: ber_get_next on fd 13 failed errno=11
(Resource temporarily unavailable)
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:48 netwarrior slapd[2498]: bdb_search_candidates: id=0 first=1
last=0
Jan 1 17:56:48 netwarrior slapd[2498]: bdb_search: no candidates
Jan 1 17:56:48 netwarrior slapd[2498]: send_ldap_result: conn=9 op=1 p=3
Jan 1 17:56:48 netwarrior slapd[2498]: send_ldap_result: err=0 matched=""
text=""
Jan 1 17:56:48 netwarrior slapd[2498]: send_ldap_response: msgid=2 tag=101
err=0
Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: listen=8, new connection on
15
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: added 15r
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 fd=15 ACCEPT from IP=
172.16.4.120:53862 (IP=0.0.0.0:636)
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:50 netwarrior slapd[2498]: 15r
Jan 1 17:56:50 netwarrior slapd[2498]:
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: read active on 15
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15)
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15): got connid=10
Jan 1 17:56:50 netwarrior slapd[2498]: connection_read(15): checking for
input on id=10
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:50 netwarrior slapd[2498]: 15r
Jan 1 17:56:50 netwarrior slapd[2498]:
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: read active on 15
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15)
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15): got connid=10
Jan 1 17:56:50 netwarrior slapd[2498]: connection_read(15): checking for
input on id=10
Jan 1 17:56:50 netwarrior slapd[2498]: connection_read(15): unable to get
TLS client DN, error=49 id=10
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 fd=15 TLS established
tls_ssf=256 ssf=256
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:50 netwarrior slapd[2498]: 15r
Jan 1 17:56:50 netwarrior slapd[2498]:
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: read active on 15
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15)
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15): got connid=10
Jan 1 17:56:50 netwarrior slapd[2498]: connection_read(15): checking for
input on id=10
Jan 1 17:56:50 netwarrior slapd[2498]: do_bind
Jan 1 17:56:50 netwarrior slapd[2498]: ber_get_next on fd 15 failed errno=11
(Resource temporarily unavailable)
Jan 1 17:56:50 netwarrior slapd[2498]: >>> dnPrettyNormal:
<cn=Manager,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: <<< dnPrettyNormal:
<cn=Manager,dc=netwarrior,dc=com,dc=uy>,
<cn=manager,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: do_bind: version=3
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=0 BIND
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:50 netwarrior slapd[2498]: ==> bdb_bind: dn:
cn=Manager,dc=netwarrior,dc=com,dc=uy
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=0 BIND
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" mech=SIMPLE ssf=0
Jan 1 17:56:50 netwarrior slapd[2498]: do_bind: v3 bind:
"cn=Manager,dc=netwarrior,dc=com,dc=uy" to
"cn=Manager,dc=netwarrior,dc=com,dc=uy"
Jan 1 17:56:50 netwarrior slapd[2498]: send_ldap_result: conn=10 op=0 p=3
Jan 1 17:56:50 netwarrior slapd[2498]: send_ldap_result: err=0 matched=""
text=""
Jan 1 17:56:50 netwarrior slapd[2498]: send_ldap_response: msgid=1 tag=97
err=0
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=0 RESULT tag=97 err=0
text=
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on 2 descriptors
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:50 netwarrior slapd[2498]: 15r
Jan 1 17:56:50 netwarrior slapd[2498]:
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: read active on 15
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15)
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15): got connid=10
Jan 1 17:56:50 netwarrior slapd[2498]: connection_read(15): checking for
input on id=10
Jan 1 17:56:50 netwarrior slapd[2498]: do_search
Jan 1 17:56:50 netwarrior slapd[2498]: >>> dnPrettyNormal:
<dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: <<< dnPrettyNormal:
<dc=netwarrior,dc=com,dc=uy>, <dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: SRCH "dc=netwarrior,dc=com,dc=uy" 2 0
Jan 1 17:56:50 netwarrior slapd[2498]: 1 0 0
Jan 1 17:56:50 netwarrior slapd[2498]: begin get_filter
Jan 1 17:56:50 netwarrior slapd[2498]: EQUALITY
Jan 1 17:56:50 netwarrior slapd[2498]: end get_filter 0
Jan 1 17:56:50 netwarrior slapd[2498]: filter: (uid=pablo)
Jan 1 17:56:50 netwarrior slapd[2498]: attrs:
Jan 1 17:56:50 netwarrior slapd[2498]:
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=1 SRCH
base="dc=netwarrior,dc=com,dc=uy" scope=2 deref=0 filter="(uid=pablo)"
Jan 1 17:56:50 netwarrior slapd[2498]: => bdb_search
Jan 1 17:56:50 netwarrior slapd[2498]:
bdb_dn2entry("dc=netwarrior,dc=com,dc=uy")
Jan 1 17:56:50 netwarrior slapd[2498]: search_candidates:
base="dc=netwarrior,dc=com,dc=uy" (0x00000001) scope=2
Jan 1 17:56:50 netwarrior slapd[2498]: =>
bdb_dn2idl("dc=netwarrior,dc=com,dc=uy")
Jan 1 17:56:50 netwarrior slapd[2498]: => bdb_filter_candidates
Jan 1 17:56:50 netwarrior slapd[2498]: AND
Jan 1 17:56:50 netwarrior slapd[2498]: => bdb_list_candidates 0xa0
Jan 1 17:56:50 netwarrior slapd[2498]: => bdb_filter_candidates
Jan 1 17:56:50 netwarrior slapd[2498]: do_bind
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=2 BIND anonymous
mech=implicit ssf=0
Jan 1 17:56:50 netwarrior slapd[2498]: => get_ctrls
Jan 1 17:56:50 netwarrior slapd[2498]: => get_ctrls: oid="
1.3.6.1.4.1.42.2.27.8.5.1" (noncritical)
Jan 1 17:56:50 netwarrior slapd[2498]: <= get_ctrls: n=1 rc=0 err=""
Jan 1 17:56:50 netwarrior slapd[2498]: >>> dnPrettyNormal:
<uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: <<< dnPrettyNormal:
<uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy>,
<uid=pablo,ou=users,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: do_bind: version=3
dn="uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=2 BIND
dn="uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:50 netwarrior slapd[2498]: slap_global_control: unavailable
control: 1.3.6.1.4.1.42.2.27.8.5.1
Jan 1 17:56:50 netwarrior slapd[2498]: ==> bdb_bind: dn:
uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy
Jan 1 17:56:50 netwarrior slapd[2498]:
bdb_dn2entry("uid=pablo,ou=users,dc=netwarrior,dc=com,dc=uy")
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:50 netwarrior slapd[2498]:
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=7
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: select: listen=8
active_threads=0 tvp=zero
Jan 1 17:56:50 netwarrior slapd[2498]: => access_allowed: auth access to
"uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy" "userPassword" requested
Jan 1 17:56:50 netwarrior slapd[2498]: => acl_get: [1] attr userPassword
Jan 1 17:56:50 netwarrior slapd[2498]: access_allowed: no res from state
(userPassword)
Jan 1 17:56:50 netwarrior slapd[2498]: => acl_mask: access to entry
"uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy", attr "userPassword"
requested
Jan 1 17:56:50 netwarrior slapd[2498]: => acl_mask: to value by "", (=0)
Jan 1 17:56:50 netwarrior slapd[2498]: <= acl_mask: [1] mask: =0
Jan 1 17:56:50 netwarrior slapd[2498]: => access_allowed: auth access denied
by =0
Jan 1 17:56:50 netwarrior slapd[2498]: send_ldap_result: conn=10 op=2 p=3
Jan 1 17:56:50 netwarrior slapd[2498]: send_ldap_result: err=49 matched=""
text=""
Jan 1 17:56:50 netwarrior slapd[2498]: send_ldap_response: msgid=3 tag=97
err=49
Jan 1 17:56:50 netwarrior sshd[2554]: pam_ldap: error trying to bind as user
"uid=pablo,ou=Users,dc=netwarrior,dc=com,dc=uy" (Invalid credentials)
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=2 RESULT tag=97 err=49
text=
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on 1 descriptor
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: activity on:
Jan 1 17:56:50 netwarrior slapd[2498]: 15r
Jan 1 17:56:50 netwarrior slapd[2498]:
Jan 1 17:56:50 netwarrior slapd[2498]: daemon: read active on 15
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15)
Jan 1 17:56:50 netwarrior slapd[2498]: connection_get(15): got connid=10
Jan 1 17:56:50 netwarrior slapd[2498]: connection_read(15): checking for
input on id=10
Jan 1 17:56:50 netwarrior slapd[2498]: do_bind
Jan 1 17:56:50 netwarrior slapd[2498]: ber_get_next on fd 15 failed errno=11
(Resource temporarily unavailable)
Jan 1 17:56:50 netwarrior slapd[2498]: >>> dnPrettyNormal:
<cn=Manager,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: <<< dnPrettyNormal:
<cn=Manager,dc=netwarrior,dc=com,dc=uy>,
<cn=manager,dc=netwarrior,dc=com,dc=uy>
Jan 1 17:56:50 netwarrior slapd[2498]: do_bind: version=3
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=3 BIND
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" method=128
Jan 1 17:56:50 netwarrior slapd[2498]: ==> bdb_bind: dn:
cn=Manager,dc=netwarrior,dc=com,dc=uy
Jan 1 17:56:50 netwarrior slapd[2498]: conn=10 op=3 BIND
dn="cn=Manager,dc=netwarrior,dc=com,dc=uy" mech=SIMPLE ssf=0
Any idea how can I solve this? what am I doing wrong?, is there a way to
limit a range of IP using
regex?
Thanks in advance
Best regards, and happy new year.
15 years, 11 months
Need help:slapd crashed in syncrepl and mirror mode when deleting entry
by Savithri
Hi,
Im using OpenLDAP 2.4.7 and using the mirrormode and syncrepl.
My setup has 2 LDAP nodes, one as master and other as slave through a VIP.
When the master goes down, the slave will become master and vice-versa.
At any point to keep both the LDAP in sync I'm using mirror mode and syncrepl.
When one node , say A is up (that is the active node) and the other node B is down, I delete some LDAP entry from node A. THen when i start node B, the slapd on node B crashes and i see a core file also.
I have attached the logs (node_A_ldap.out and node_B_ldap.out ) files.
Im using the following conf file.
database bdb
directory $MMAIL_VAR_DIR/ldap/ipu-mail-ldap
suffix "o=mereonmail"
rootdn "cn=admin,o=mereonmail"
rootpw secret
index objectClass,entryCSN,entryUUID pres,eq
index mail,cn eq,sub
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
syncrepl rid=1
provider=ldap://${MMAIL_LDAP_PEER_HOSTNAME}:$MMAIL_LDAP_PORT
bindmethod=simple
binddn="cn=admin,o=mereonmail"
credentials=ipunity
filter="(objectClass=*)"
searchbase="o=mereonmail"
schemachecking=on
type=refreshAndPersist
interval=00:00:00:01
retry="60 +"
mirrormode on
serverID $NODE_ID
PS: rid= 1 in both node A and node B.
provider points to the other peer node.
serverId= 1 on Node A and serverId= 2 on Node B
Is this is know bug in OpenLDAP2.4.7??
Thanks in advance for your help.
Savithri
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
15 years, 11 months
write, then read delay with syncrepl/slapo-chain ?
by Peter Mogensen
Hi,
I haev a quick question which I haven't been able to find an answer to
in the docs:
I have a slapd master with a couple of slaves (syncrepl
refreshAndPersist). I can get updates to be diverted to the master with
the chain overlay, but as the FAQ says there'll be a small delay before
the changes are replicated back to the slaves.
Is there anyway to automatically direct subsequent reads of the changed
attributes to the master?
Else I guess I'll have to implement referral chasing logic in the client
so it doesn't try to read from the slave immediately after writing (and
getting a referral).
regards,
Peter
15 years, 11 months
Overlay chain formatting
by Justin Lambert
I have spent the last week off and on trying to figure out why my chain
overlay was not working correctly. I tried all combinations of it that
I could find and finally found out that the parser of the slapd.conf
file is picky about spacing. I was trying to make my config file look
nice by indenting the options under "overlay chain" only to find after
many frustrating hours that you cannot do that! I didn't find anywhere
that that was explicitly documented (even though all of the examples
were not formatted that way). I finally caught it when I upgraded to
2.4.7 wondering if there was a bug and slaptest gave a very unhelpful
error, but it did help me narrow it down. Hopefully this will save
someone my same frustrations.
Incorrect way:
overlay chain
chain-uri
"ldap://host"
chain-rebind-as-user TRUE
chain-idassert-bind
bindmethod="simple" binddn="binduser" credentials="secret" mode="self"
chain-return-error TRUE
Correct way:
overlay chain
chain-uri "ldap://host"
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple" binddn="binduser"
credentials="secret" mode="self"
chain-return-error TRUE
Justin
15 years, 11 months
back-sql
by Taymour A. El Erian
Hi,
The man pages says that back-sql is experimental, does this mean it
should not be used in production environment ?
--
Taymour A El Erian
System Division Manager
RHCE, LPIC, CCNA, MCSE, CNA
TE Data
E-mail: taymour.elerian(a)tedata.net
Web: www.tedata.net
Tel: +(202)-33320700
Fax: +(202)-33320800
Ext: 1101
15 years, 11 months