On Thu, Mar 01, 2007 at 04:56:36PM +0100, Hallvard B Furuseth wrote:
loglevel -1 - has not given the infornation. Slapd - die silent. :(
loglevel in slapd.conf goes to syslog. It needs to be enabled with something like
Sorry - i was expressed incorrectly. debug.log write successeful - but i not found any intelligent information. :( Full absence of symptoms.
# OpenLDAP local4.* /var/log/openldap.log
in /etc/syslog.conf. (After that change, restart syslogd with kill -HUP).
However, for testing you can intead just do slapd -h ldap://localhost:3890/ -d -1 Does the end of that output say something useful?
Heh - l have like this: --------------------------------------------------------------------------- Mar 1 18:08:44 attacker slapd[1615]: @(#) $OpenLDAP: slapd 2.3.34 (Mar 1 2007 11:48:34) $ paul@attacker.dgb.local:/usr/ports/net/openldap23-server/work/openldap-2.3.34/servers/slapd Mar 1 18:08:44 attacker slapd[1615]: >>> dnNormalize: <cn=Subschema> Mar 1 18:08:44 attacker slapd[1615]: <<< dnNormalize: <cn=subschema> Mar 1 18:08:44 attacker slapd[1615]: matching_rule_use_init Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.804 (integerBitOrMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.803 (integerBitAndMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email ) ) Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.35 (certificateMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.35 NAME 'certificateMatch' APPLIES ( userCertificate $ cACertificate ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.34 (certificateExactMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.30 (objectIdentifierFirstComponentMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.29 (integerFirstComponentMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.27 (generalizedTimeMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.24 (protocolInformationMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.23 (uniqueMemberMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.22 (presentationAddressMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.20 (telephoneNumberMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES telephoneNumber ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.17 (octetStringMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES userPassword ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.16 (bitStringMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.14 (integerMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.13 (booleanMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $ olcReverseLookup $ olcSpNoPresent $ olcSpReloadHint $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.11 (caseIgnoreListMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.8 (numericStringMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.7 (caseExactSubstringsMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.6 (caseExactOrderingMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.5 (caseExactMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLS! CertificateFile $ olcTLSCertificateKeyF Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.4 (caseIgnoreSubstringsMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.3 (caseIgnoreOrderingMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.2 (caseIgnoreMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTL! SCertificateFile $ olcTLSCertificateKey Mar 1 18:08:44 attacker slapd[1615]: 1.2.36.79672281.1.13.3 (rdnMatch): Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.1 (distinguishedNameMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner $ roleOccupant ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.0 (objectIdentifierMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) Mar 1 18:08:44 attacker slapd[1616]: slapd startup: initiated. Mar 1 18:08:44 attacker slapd[1616]: backend_startup_one: starting "cn=config" Mar 1 18:08:44 attacker slapd[1616]: config_back_db_open Mar 1 18:08:44 attacker slapd[1616]: config_build_entry: "cn=config"
-----------------------------------------------------------------------------
-- Regards, Hallvard