Starting with:
sudo ./slapd -d -1 -f /private/etc/openldap/slapd.conf
Produces this:
daemon: activity on 1 descriptor daemon: listen=7, new connection on 12 daemon: added 12r conn=1 fd=12 ACCEPT from IP=127.0.0.1:64694 (IP=0.0.0.0:389) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 12r daemon: read activity on 12 connection_get(12) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 ber_get_next ldap_read: want=8, got=8 0000: 30 2e 02 01 01 60 29 02 0....`). ldap_read: want=40, got=40 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 ....cn=Manager,d 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d c=example,dc=com 0020: 80 06 73 65 63 72 65 74 ..secret ber_get_next: tag 0x30 len 46 contents: ber_dump: buf=0x00345680 ptr=0x00345680 end=0x003456ae len=46 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e ...`).....cn=Man 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c ager,dc=example, 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 dc=com..secret ber_get_next ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on fd 12 failed errno=35 (Resource temporarily unavailable) do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x00345680 ptr=0x00345683 end=0x003456ae len=43 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 `).....cn=Manage 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d r,dc=example,dc= 0020: 63 6f 6d 80 06 73 65 63 72 65 74 com..secret daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL ber_scanf fmt (m}) ber: ber_dump: buf=0x00345680 ptr=0x003456a6 end=0x003456ae len=8 0000: 00 06 73 65 63 72 65 74 ..secret
dnPrettyNormal: <cn=Manager,dc=example,dc=com>
=> ldap_bv2dn(cn=Manager,dc=example,dc=com,0) <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com> do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 ==> bdb_bind: dn: cn=Manager,dc=example,dc=com bdb_dn2entry("cn=manager,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990) send_ldap_result: conn=1 op=0 p=3 send_ldap_result: err=49 matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 ber_flush: 14 bytes to sd 12 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... conn=1 op=0 RESULT tag=97 err=49 text= daemon: activity on 1 descriptor daemon: activity on: 12r daemon: read activity on 12 connection_get(12) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 ber_get_next ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Undefined error: 0) connection_read(12): input error=-2 id=1, closing. connection_closing: readying conn=1 sd=12 for close connection_close: conn=1 sd=12 daemon: removing 12 conn=1 fd=12 closed (connection lost) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL
On Dec 21, 2007 2:09 PM, Gavin Henry ghenry@suretecsystems.com wrote:
<quote who="Jonathan Wage"> > Uncommented and restarted ldap with the following command: > > sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf
Can you start up with -d -1 and just paste the first say 50 lines.
and CC your reply to openldap-software@openldap.org
Then when I run this command:
sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
I get this in the screen with slapd running:
conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389) conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 conn=0 op=0 RESULT tag=97 err=49 text= conn=0 fd=12 closed (connection lost)
The error code translates to incorrect DN or password.
- Jon
On Dec 21, 2007 1:52 PM, Gavin Henry ghenry@suretecsystems.com wrote:
Uncommment:
# modulepath /usr/libexec/openldap # moduleload back_bdb.la
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
<quote who="Jonathan Wage"> > When I start slapd like you said above I am able to see the logs. I then > run > the same command where I get the invalid credentials and I get the > following: > > ------------------ > > daemon: activity on 1 descriptor > daemon: listen=7, new connection on 13 > daemon: added 13r > conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read activity on 13 > connection_get(13) > connection_get(13): got connid=1 > connection_read(13): checking for input on id=1 > ber_get_next > ldap_read: want=8, got=8 > 0000: 30 2e 02 01 01 60 29 02 > 0....`). > ldap_read: want=40, got=40 > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 > ....cn=Manager,d > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d > c=example,dc=com > 0020: 80 06 73 65 63 72 65 74 > ..secret > ber_get_next: tag 0x30 len 46 contents: > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46 > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e > ...`).....cn=Man > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c > ager,dc=example, > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 > dc=com..secret > ber_get_next > ldap_read: want=8 error=Resource temporarily unavailable > ber_get_next on fd 13 failed errno=35 (Resource temporarily unavailable) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > do_bind > ber_scanf fmt ({imt) ber: > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43 > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 > `).....cn=Manage > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d > r,dc=example,dc= > 0020: 63 6f 6d 80 06 73 65 63 72 65 74 > com..secret > ber_scanf fmt (m}) ber: > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8 > 0000: 00 06 73 65 63 72 65 74 > ..secret >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0) > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, > <cn=manager,dc=example,dc=com> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com > bdb_dn2entry("cn=manager,dc=example,dc=com") > => bdb_dn2id("dc=example,dc=com") > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair
found
(-30990) send_ldap_result: conn=1 op=0 p=3 send_ldap_result: err=49 matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 ber_flush: 14 bytes to sd 13 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... conn=1 op=0 RESULT tag=97 err=49 text= daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read activity on 13 connection_get(13) connection_get(13): got connid=1 connection_read(13): checking for input on id=1 ber_get_next ldap_read: want=8, got=0
ber_get_next on fd 13 failed errno=0 (Undefined error: 0) connection_read(13): input error=-2 id=1, closing. connection_closing: readying conn=1 sd=13 for close connection_close: deferring conn=1 sd=13 daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL connection_resched: attempting closing conn=1 sd=13 connection_close: conn=1 sd=13 daemon: removing 13 conn=1 fd=13 closed (connection lost)
- Jon
On Dec 21, 2007 10:54 AM, Gavin Henry ghenry@suretecsystems.com
wrote:
<quote who="Jonathan Wage"> > Here is my slapd.conf > > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /private/etc/openldap/schema/core.schema > > # Define global ACLs to disable default read access. > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /private/var/db/openldap/run/slapd.pid > argsfile /private/var/db/openldap/run/slapd.args > > # Load dynamic backend modules: > # modulepath /usr/libexec/openldap > # moduleload back_bdb.la > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > # Sample security restrictions > # Require integrity protection (prevent hijacking) > # Require 112-bit (3DES or better) encryption for updates > # Require 63-bit encryption for simple bind > # security ssf=1 update_ssf=112 simple_bind=64 > > # Sample access control policy: > # Root DSE: allow anyone to read it > # Subschema (sub)entry DSE: allow anyone to read it > # Other DSEs: > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # Directives needed to implement policy: > # access to dn.base="" by * read > # access to dn.base="cn=Subschema" by * read > # access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default policy > # allows anyone and everyone to read anything but restricts > # updates to rootdn. (e.g., "access to * by * read") > # > # rootdn can always read and write EVERYTHING! > >
#######################################################################
# BDB database definitions
#######################################################################
database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /private/var/db/openldap/openldap-data # Indices to maintain index objectClass eq
Which logs are you referring to? The openldap log?
Start slapd by hand with -d -1
and then bind via ldapsearch.
-- Jonathan Wage http://www.jwage.com http://www.centresource.com
-- Jonathan Wage http://www.jwage.com http://www.centresource.com