--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
<quote who="Jonathan Wage">
> When I start slapd like you said above I am able to see the logs. I then
> run
> the same command where I get the invalid credentials and I get the
> following:
>
> ------------------
>
> daemon: activity on 1 descriptor
> daemon: listen=7, new connection on 13
> daemon: added 13r
> conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389)
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptor
> daemon: activity on: 13r
> daemon: read activity on 13
> connection_get(13)
> connection_get(13): got connid=1
> connection_read(13): checking for input on id=1
> ber_get_next
> ldap_read: want=8, got=8
> 0000: 30 2e 02 01 01 60 29 02
> 0....`).
> ldap_read: want=40, got=40
> 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64
> ....cn=Manager,d
> 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d
> c=example,dc=com
> 0020: 80 06 73 65 63 72 65 74
> ..secret
> ber_get_next: tag 0x30 len 46 contents:
> ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46
> 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e
> ...`).....cn=Man
> 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c
> ager,dc=example,
> 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74
> dc=com..secret
> ber_get_next
> ldap_read: want=8 error=Resource temporarily unavailable
> ber_get_next on fd 13 failed errno=35 (Resource temporarily unavailable)
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> do_bind
> ber_scanf fmt ({imt) ber:
> ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43
> 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65
> `).....cn=Manage
> 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d
> r,dc=example,dc=
> 0020: 63 6f 6d 80 06 73 65 63 72 65 74
> com..secret
> ber_scanf fmt (m}) ber:
> ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8
> 0000: 00 06 73 65 63 72 65 74
> ..secret
>>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
> => ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
> <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
> <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>,
> <cn=manager,dc=example,dc=com>
> do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
> conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
> ==> bdb_bind: dn: cn=Manager,dc=example,dc=com
> bdb_dn2entry("cn=manager,dc=example,dc=com")
> => bdb_dn2id("dc=example,dc=com")
> <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
> (-30990)
> send_ldap_result: conn=1 op=0 p=3
> send_ldap_result: err=49 matched="" text=""
> send_ldap_response: msgid=1 tag=97 err=49
> ber_flush: 14 bytes to sd 13
> 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
> 0....a...1....
> ldap_write: want=14, written=14
> 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
> 0....a...1....
> conn=1 op=0 RESULT tag=97 err=49 text=
> daemon: activity on 1 descriptor
> daemon: activity on: 13r
> daemon: read activity on 13
> connection_get(13)
> connection_get(13): got connid=1
> connection_read(13): checking for input on id=1
> ber_get_next
> ldap_read: want=8, got=0
>
> ber_get_next on fd 13 failed errno=0 (Undefined error: 0)
> connection_read(13): input error=-2 id=1, closing.
> connection_closing: readying conn=1 sd=13 for close
> connection_close: deferring conn=1 sd=13
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptor
> daemon: waked
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> connection_resched: attempting closing conn=1 sd=13
> connection_close: conn=1 sd=13
> daemon: removing 13
> conn=1 fd=13 closed (connection lost)
>
> - Jon
>
> On Dec 21, 2007 10:54 AM, Gavin Henry
ghenry@suretecsystems.com wrote:
>
>> <quote who="Jonathan Wage">
>> > Here is my slapd.conf
>> >
>> > #
>> > # See slapd.conf(5) for details on configuration options.
>> > # This file should NOT be world readable.
>> > #
>> > include /private/etc/openldap/schema/core.schema
>> >
>> > # Define global ACLs to disable default read access.
>> >
>> > # Do not enable referrals until AFTER you have a working directory
>> > # service AND an understanding of referrals.
>> > #referral ldap://root.openldap.org
>> >
>> > pidfile /private/var/db/openldap/run/slapd.pid
>> > argsfile /private/var/db/openldap/run/slapd.args
>> >
>> > # Load dynamic backend modules:
>> > # modulepath /usr/libexec/openldap
>> > # moduleload back_bdb.la
>> > # moduleload back_ldap.la
>> > # moduleload back_ldbm.la
>> > # moduleload back_passwd.la
>> > # moduleload back_shell.la
>> >
>> > # Sample security restrictions
>> > # Require integrity protection (prevent hijacking)
>> > # Require 112-bit (3DES or better) encryption for updates
>> > # Require 63-bit encryption for simple bind
>> > # security ssf=1 update_ssf=112 simple_bind=64
>> >
>> > # Sample access control policy:
>> > # Root DSE: allow anyone to read it
>> > # Subschema (sub)entry DSE: allow anyone to read it
>> > # Other DSEs:
>> > # Allow self write access
>> > # Allow authenticated users read access
>> > # Allow anonymous users to authenticate
>> > # Directives needed to implement policy:
>> > # access to dn.base="" by * read
>> > # access to dn.base="cn=Subschema" by * read
>> > # access to *
>> > # by self write
>> > # by users read
>> > # by anonymous auth
>> > #
>> > # if no access controls are present, the default policy
>> > # allows anyone and everyone to read anything but restricts
>> > # updates to rootdn. (e.g., "access to * by * read")
>> > #
>> > # rootdn can always read and write EVERYTHING!
>> >
>> > #######################################################################
>> > # BDB database definitions
>> > #######################################################################
>> >
>> > database bdb
>> > suffix "dc=example,dc=com"
>> > rootdn "cn=Manager,dc=example,dc=com"
>> > # Cleartext passwords, especially for the rootdn, should
>> > # be avoid. See slappasswd(8) and slapd.conf(5) for details.
>> > # Use of strong authentication encouraged.
>> > rootpw secret
>> > # The database directory MUST exist prior to running slapd AND
>> > # should only be accessible by the slapd and slap tools.
>> > # Mode 700 recommended.
>> > directory /private/var/db/openldap/openldap-data
>> > # Indices to maintain
>> > index objectClass eq
>> >
>> >
>> > Which logs are you referring to? The openldap log?
>>
>> Start slapd by hand with -d -1
>>
>> and then bind via ldapsearch.
>>
>>
>>
>
>
> --
> Jonathan Wage
>
http://www.jwage.com
>
http://www.centresource.com
>