Re: Issue using ldapadd

Friday, 21 December 2007

Whoops, meant to send to list too :) sorry

(#) $OpenLDAP: slapd 2.3.27 (Oct  4 2007 23:24:38) $
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 2 listeners opened
daemon_init: [0]DNSServiceRegister
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3,
2003)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3,
2003)
reading config file /private/etc/openldap/slapd.conf
line 5 (include        /private/etc/openldap/schema/core.schema)
reading config file /private/etc/openldap/schema/core.schema
line 77 (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256:
knowledge information' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 86 (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC
'RFC2256: last
(family) name(s) for which the entity is known by' SUP name ))
line 92 (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial
number of the entity' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ))
line 96 (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC
'RFC2256:
ISO-3166 country 2-letter code' SUP name SINGLE-VALUE ))
line 100 (attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC
'RFC2256:
locality which this object resides in' SUP name ))
line 104 (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC
'RFC2256: state or province which this object resides in' SUP name ))
line 110 (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC
'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 114 (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC
'RFC2256: organization this object belongs to' SUP name ))
line 118 (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to' SUP name ))
line 122 (attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title
associated with the entity' SUP name ))
line 134 (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search
guide, deprecated by enhancedSearchGuide' SYNTAX
1.3.6.1.4.1.1466.115.121.1.25 ))
line 140 (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256:
business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 146 (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256:
postal address' EQUALITY caseIgnoreListMatch SUBSTR
caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))
line 152 (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal
code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 158 (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post
Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 164 (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC
'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 170 (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256:
Telephone Number' EQUALITY telephoneNumberMatch SUBSTR
telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ))
line 174 (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex
Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ))
line 178 (attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC
'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51))
line 182 (attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax'
)
DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX
1.3.6.1.4.1.1466.115.121.1.22 ))
line 188 (attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256:
X.121Address' EQUALITY numericStringMatch SUBSTR
numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ))
line 194 (attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC
'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR
numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ))
line 199 (attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256:
registered postal address' SUP postalAddress SYNTAX
1.3.6.1.4.1.1466.115.121.1.41 ))
line 205 (attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC
'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ))
line 210 (attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC
'RFC2256: preferred delivery method' SYNTAX
1.3.6.1.4.1.1466.115.121.1.14SINGLE-VALUE ))
line 216 (attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256:
presentation address' EQUALITY presentationAddressMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE ))
line 221 (attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC
'RFC2256: supported application context' EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ))
line 225 (attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a
group' SUP distinguishedName ))
line 229 (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the
object)' SUP distinguishedName ))
line 233 (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256:
occupant of role' SUP distinguishedName ))
line 251 (attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256:
X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.8 ))
line 258 (attributetype ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256:
X.509CA certificate, use ;binary' EQUALITY certificateExactMatch
SYNTAX
1.3.6.1.4.1.1466.115.121.1.8 ))
line 263 (attributetype ( 2.5.4.38 NAME 'authorityRevocationList' DESC
'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.9 ))
line 268 (attributetype ( 2.5.4.39 NAME 'certificateRevocationList' DESC
'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.9 ))
line 273 (attributetype ( 2.5.4.40 NAME 'crossCertificatePair' DESC
'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.10 ))
line 283 (attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC
'RFC2256:
first name(s) for which the entity is known by' SUP name ))
line 287 (attributetype ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials
of some or all of names, but not the surname(s).' SUP name ))
line 291 (attributetype ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256:
name qualifier indicating a generation' SUP name ))
line 296 (attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC
'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.6 ))
line 303 (attributetype ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN
qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ))
line 307 (attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256:
enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ))
line 312 (attributetype ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256:
protocol information' EQUALITY protocolInformationMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.42 ))
line 322 (attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique
member of a group' EQUALITY uniqueMemberMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.34 ))
line 328 (attributetype ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256:
house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 333 (attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256:
supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ))
line 338 (attributetype ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256:
delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))
line 342 (attributetype ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of
DMD' SUP name ))
line 346 (attributetype ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th):
pseudonym for the object' SUP name ))
line 366 (objectclass ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country'
SUP
top STRUCTURAL MUST c MAY ( searchGuide $ description ) ))
line 371 (objectclass ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a
locality'
SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $
description ) ))
line 382 (objectclass ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an
organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $
seeAlso $ businessCategory $     x121Address $ registeredAddress $
destinationIndicator $     preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $     telephoneNumber $ internationaliSDNNumber $
    facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ))
line 393 (objectclass ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an
organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $
searchGuide $ seeAlso $ businessCategory $     x121Address $
registeredAddress $ destinationIndicator $     preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $     telephoneNumber $
internationaliSDNNumber $     facsimileTelephoneNumber $ street $
postOfficeBox $ postalCode $     postalAddress $ physicalDeliveryOfficeName
$ st $ l $ description ) ))
line 399 (objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person'
SUP
top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $
seeAlso $ description ) ))
line 408 (objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256:
an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $
registeredAddress $ destinationIndicator $     preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $     telephoneNumber $
internationaliSDNNumber $      facsimileTelephoneNumber $ street $
postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou
$ st $ l ) ))
line 419 (objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an
organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $
registeredAddress $ destinationIndicator $     preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $     telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $     seeAlso $
roleOccupant $ preferredDeliveryMethod $ street $     postOfficeBox $
postalCode $ postalAddress $     physicalDeliveryOfficeName $ ou $ st $ l $
description ) ))
line 425 (objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group
of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY (
businessCategory $ seeAlso $ owner $ ou $ o $ description ) ))
line 436 (objectclass ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an
residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $
x121Address $ registeredAddress $     destinationIndicator $
preferredDeliveryMethod $ telexNumber $     teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $     facsimileTelephoneNumber $
preferredDeliveryMethod $ street $     postOfficeBox $ postalCode $
postalAddress $     physicalDeliveryOfficeName $ st $ l ) ))
line 442 (objectclass ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $
description ) ))
line 449 (objectclass ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY
( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ))
line 454 (objectclass ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory
system agent (a server)' SUP applicationEntity STRUCTURAL MAY
knowledgeInformation ))
line 460 (objectclass ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device'
SUP
top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $
description ) ))
line 465 (objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC
'RFC2256: a strong authentication user' SUP top AUXILIARY MUST
userCertificate ))
line 471 (objectclass ( 2.5.6.16 NAME 'certificationAuthority' DESC
'RFC2256: a certificate authority' SUP top AUXILIARY MUST (
authorityRevocationList $ certificateRevocationList $     cACertificate )
MAY crossCertificatePair ))
line 477 (objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST (
uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
description ) ))
line 482 (objectclass ( 2.5.6.18 NAME 'userSecurityInformation' DESC
'RFC2256: a user security information' SUP top AUXILIARY MAY (
supportedAlgorithms ) ))
line 486 (objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certificationAuthority AUXILIARY MAY ( deltaRevocationList ) ))
line 492 (objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top
STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $
authorityRevocationList $     deltaRevocationList ) ))
line 502 (objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST (
dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
    x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) ))
line 510 (objectclass ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI
user'
SUP top AUXILIARY MAY userCertificate ))
line 516 (objectclass ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate
authority' SUP top AUXILIARY MAY ( authorityRevocationList $
certificateRevocationList $     cACertificate $ crossCertificatePair ) ))
line 521 (objectclass ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user'
SUP top AUXILIARY MAY deltaRevocationList ))
line 534 (objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC
'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY
( labeledURI ) ))
line 551 (attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail'
'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))
line 556 (objectclass ( 0.9.2342.19200300.100.4.19 NAME
'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top
AUXILIARY MUST userPassword ))
line 564 (attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc'
'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY
caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ))
line 569 (objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247:
domain component object' SUP top AUXILIARY MUST dc ))
line 574 (objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid
object' SUP top AUXILIARY MUST uid ))
line 582 (attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 590 (attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email'
'emailAddress'
'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in
DNs'
EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{128} ))
line 13 (pidfile        /private/var/db/openldap/run/slapd.pid)
line 14 (argsfile    /private/var/db/openldap/run/slapd.args)
line 17 (modulepath    /usr/libexec/openldap)
/private/etc/openldap/slapd.conf: line 17: keyword <modulepath> ignored
line 18 (moduleload    back_bdb.la)
/private/etc/openldap/slapd.conf: line 18: keyword <moduleload> ignored
line 55 (database bdb)
bdb_db_init: Initializing BDB database
line 56 (suffix "dc=example,dc=com")
...
>> dnPrettyNormal: <dc=example,dc=com> =>
ldap_bv2dn(dc=example,dc=com,0)
<= ldap_bv2dn(dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=example,dc=com)=0
<<< dnPrettyNormal: <dc=example,dc=com>, <dc=example,dc=com>
line 57 (rootdn "cn=Manager,dc=example,dc=com")
...
>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
=> ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
<= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>,
<cn=manager,dc=example,dc=com>
line 61 (rootpw ***)
line 65 (directory /private/var/db/openldap/openldap-data)
line 67 (index objectClass eq)
index objectClass 0x0004
...
>> dnNormalize: <cn=Subschema> =>
ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $
reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $
olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) )
    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $
reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $
olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) )
    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $
krbName $ dc $ associatedDomain $ email ) )
    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $
krbName $ dc $ associatedDomain $ email ) )
    2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
    2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: (
2.5.13.29NAME 'integerFirstComponentMatch' APPLIES (
supportedLDAPVersion $ uidNumber
$ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $
olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $
olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $
reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog
) )
    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $
reqStart $ reqEnd $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $
pwdGraceUseTime ) )
    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES telephoneNumber )
    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES ( userPassword $ reqControls $ reqRespControls $
reqMod $ reqOld $ reqData $ pwdHistory $ queryid ) )
    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout
$ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $
reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $
olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) )
    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $
olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex $ olcAccessLogSuccess $ reqDeleteOldRDN $ reqAttrsOnly $
pwdReset $ olcSpNoPresent $ olcSpReloadHint ) )
    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) )
    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ authAuthority $
dNSHostName $ description $ olcConfigFile $ olcConfigDir $ olcAccess $
olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $
olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $
olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses
$ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $
olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $
olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $
olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $
olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $
olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $
olcTLSDHParamFile $ olcUpdateRef $ olcTLSCertificatePassphraseTool $
olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $
olcDbLockDetect $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $
reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $
reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcDIRange $ olcDIGUIDGen
$ olcDIOwnerGUIDGen $ olcDIOverride $ olcExpandAttribute $ olcDLattrSet $
olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $
errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $
sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory
$ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $
dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ mail ) )
    2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ authAuthority $
dNSHostName $ description $ olcConfigFile $ olcConfigDir $ olcAccess $
olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $
olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $
olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses
$ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $
olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $
olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $
olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $
olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $
olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $
olcTLSDHParamFile $ olcUpdateRef $ olcTLSCertificatePassphraseTool $
olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $
olcDbLockDetect $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $
reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $
reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcDIRange $ olcDIGUIDGen
$ olcDIOwnerGUIDGen $ olcDIOverride $ olcExpandAttribute $ olcDLattrSet $
olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $
errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $
sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory
$ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $
dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ mail ) )
    1.2.36.79672281.1.13.3 (rdnMatch):
2.5.13.1(distinguishedNameMatch): matchingRuleUse: (
2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $
modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $
distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN
$ olcSuffix $ olcUpdateDN $ olcAccessLogDB $ reqDN $ reqAuthzID $ reqNewRDN
$ reqNewSuperior $ pwdPolicySubentry $ errMatchedDN $ member $ owner $
roleOccupant ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=include{0}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
backend_startup_one: starting "dc=example,dc=com"
bdb_db_open: dc=example,dc=com
bdb_db_open: Warning - No DB_CONFIG file found in directory
/private/var/db/openldap/openldap-data: (2)
Expect poor performance for suffix dc=example,dc=com.
bdb_db_open: dbenv_open(/private/var/db/openldap/openldap-data)
slapd starting
daemon: added 4r
daemon: added 6r
daemon: added 7r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

On Dec 21, 2007 2:37 PM, Gavin Henry <ghenry(a)suretecsystems.com&gt; wrote:

> The first 50 lines of startup, before you try to do anything ;-)
>
> --
> Kind Regards,
>
> Gavin Henry.
> Managing Director.
>
> T +44 (0) 1224 279484
> M +44 (0) 7930 323266
> F +44 (0) 1224 824887
> E ghenry(a)suretecsystems.com
>
> Open Source. Open Solutions(tm).
>
> http://www.suretecsystems.com/
>
> <quote who="Jonathan Wage">
> > Starting with:
> >
> > sudo ./slapd -d -1 -f /private/etc/openldap/slapd.conf
> >
> > Produces this:
> >
> > daemon: activity on 1 descriptor
> > daemon: listen=7, new connection on 12
> > daemon: added 12r
> > conn=1 fd=12 ACCEPT from IP=127.0.0.1:64694 (IP=0.0.0.0:389)
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> > daemon: activity on 1 descriptor
> > daemon: activity on: 12r
> > daemon: read activity on 12
> > connection_get(12)
> > connection_get(12): got connid=1
> > connection_read(12): checking for input on id=1
> > ber_get_next
> > ldap_read: want=8, got=8
> >   0000:  30 2e 02 01 01 60 29 02
> > 0....`).
> > ldap_read: want=40, got=40
> >   0000:  01 03 04 1c 63 6e 3d 4d  61 6e 61 67 65 72 2c 64
> > ....cn=Manager,d
> >   0010:  63 3d 65 78 61 6d 70 6c  65 2c 64 63 3d 63 6f 6d
> > c=example,dc=com
> >   0020:  80 06 73 65 63 72 65 74
> > ..secret
> > ber_get_next: tag 0x30 len 46 contents:
> > ber_dump: buf=0x00345680 ptr=0x00345680 end=0x003456ae len=46
> >   0000:  02 01 01 60 29 02 01 03  04 1c 63 6e 3d 4d 61 6e
> > ...`).....cn=Man
> >   0010:  61 67 65 72 2c 64 63 3d  65 78 61 6d 70 6c 65 2c
> > ager,dc=example,
> >   0020:  64 63 3d 63 6f 6d 80 06  73 65 63 72 65 74
> > dc=com..secret
> > ber_get_next
> > ldap_read: want=8 error=Resource temporarily unavailable
> > ber_get_next on fd 12 failed errno=35 (Resource temporarily unavailable)
> > do_bind
> > ber_scanf fmt ({imt) ber:
> > ber_dump: buf=0x00345680 ptr=0x00345683 end=0x003456ae len=43
> >   0000:  60 29 02 01 03 04 1c 63  6e 3d 4d 61 6e 61 67 65
> > `).....cn=Manage
> >   0010:  72 2c 64 63 3d 65 78 61  6d 70 6c 65 2c 64 63 3d
> > r,dc=example,dc=
> >   0020:  63 6f 6d 80 06 73 65 63  72 65 74
> > com..secret
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> > ber_scanf fmt (m}) ber:
> > ber_dump: buf=0x00345680 ptr=0x003456a6 end=0x003456ae len=8
> >   0000:  00 06 73 65 63 72 65 74
> > ..secret
> >...
>> dnPrettyNormal:
<cn=Manager,dc=example,dc=com> > > =>
ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
> > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
> > => ldap_dn2bv(272)
> > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
> > => ldap_dn2bv(272)
> > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
> > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>,
> > <cn=manager,dc=example,dc=com>
> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
> > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
> > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com
> > bdb_dn2entry("cn=manager,dc=example,dc=com")
> > => bdb_dn2id("dc=example,dc=com")
> > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
> > (-30990)
> > send_ldap_result: conn=1 op=0 p=3
> > send_ldap_result: err=49 matched="" text=""
> > send_ldap_response: msgid=1 tag=97 err=49
> > ber_flush: 14 bytes to sd 12
> >   0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00
> > 0....a...1....
> > ldap_write: want=14, written=14
> >   0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00
> > 0....a...1....
> > conn=1 op=0 RESULT tag=97 err=49 text=
> > daemon: activity on 1 descriptor
> > daemon: activity on: 12r
> > daemon: read activity on 12
> > connection_get(12)
> > connection_get(12): got connid=1
> > connection_read(12): checking for input on id=1
> > ber_get_next
> > ldap_read: want=8, got=0
> >
> > ber_get_next on fd 12 failed errno=0 (Undefined error: 0)
> > connection_read(12): input error=-2 id=1, closing.
> > connection_closing: readying conn=1 sd=12 for close
> > connection_close: conn=1 sd=12
> > daemon: removing 12
> > conn=1 fd=12 closed (connection lost)
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> > daemon: activity on 1 descriptor
> > daemon: waked
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >
> >
> > On Dec 21, 2007 2:09 PM, Gavin Henry <ghenry(a)suretecsystems.com&gt; wrote:
> >
> >> <quote who="Jonathan Wage">
> >> > Uncommented and restarted ldap with the following command:
> >> >
> >> > sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf
> >>
> >> Can you start up with -d -1 and just paste the first say 50 lines.
> >>
> >> and CC your reply to openldap-software(a)openldap.org
> >>
> >> >
> >> > Then when I run this command:
> >> >
> >> > sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f
example.ldif
> >> >
> >> > I get this in the screen with slapd running:
> >> >
> >> > conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389)
> >> > conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com"
method=128
> >> > conn=0 op=0 RESULT tag=97 err=49 text=
> >> > conn=0 fd=12 closed (connection lost)
> >> >
> >> > The error code translates to incorrect DN or password.
> >> >
> >> > - Jon
> >> >
> >> > On Dec 21, 2007 1:52 PM, Gavin Henry <ghenry(a)suretecsystems.com&gt;
> >> wrote:
> >> >
> >> >> Uncommment:
> >> >>
> >> >> # modulepath    /usr/libexec/openldap
> >> >> # moduleload    back_bdb.la
> >> >>
> >> >> --
> >> >> Kind Regards,
> >> >>
> >> >> Gavin Henry.
> >> >> Managing Director.
> >> >>
> >> >> T +44 (0) 1224 279484
> >> >> M +44 (0) 7930 323266
> >> >> F +44 (0) 1224 824887
> >> >> E ghenry(a)suretecsystems.com
> >> >>
> >> >> Open Source. Open Solutions(tm).
> >> >>
> >> >> http://www.suretecsystems.com/
> >> >>
> >> >> <quote who="Jonathan Wage">
> >> >> > When I start slapd like you said above I am able to see the
logs.
> I
> >> >> then
> >> >> > run
> >> >> > the same command where I get the invalid credentials and I get
the
> >> >> > following:
> >> >> >
> >> >> > ------------------
> >> >> >
> >> >> > daemon: activity on 1 descriptor
> >> >> > daemon: listen=7, new connection on 13
> >> >> > daemon: added 13r
> >> >> > conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389)
> >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> >> > daemon: activity on 1 descriptor
> >> >> > daemon: activity on: 13r
> >> >> > daemon: read activity on 13
> >> >> > connection_get(13)
> >> >> > connection_get(13): got connid=1
> >> >> > connection_read(13): checking for input on id=1
> >> >> > ber_get_next
> >> >> > ldap_read: want=8, got=8
> >> >> >   0000:  30 2e 02 01 01 60 29 02
> >> >> > 0....`).
> >> >> > ldap_read: want=40, got=40
> >> >> >   0000:  01 03 04 1c 63 6e 3d 4d  61 6e 61 67 65 72 2c 64
> >> >> > ....cn=Manager,d
> >> >> >   0010:  63 3d 65 78 61 6d 70 6c  65 2c 64 63 3d 63 6f 6d
> >> >> > c=example,dc=com
> >> >> >   0020:  80 06 73 65 63 72 65 74
> >> >> > ..secret
> >> >> > ber_get_next: tag 0x30 len 46 contents:
> >> >> > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46
> >> >> >   0000:  02 01 01 60 29 02 01 03  04 1c 63 6e 3d 4d 61 6e
> >> >> > ...`).....cn=Man
> >> >> >   0010:  61 67 65 72 2c 64 63 3d  65 78 61 6d 70 6c 65 2c
> >> >> > ager,dc=example,
> >> >> >   0020:  64 63 3d 63 6f 6d 80 06  73 65 63 72 65 74
> >> >> > dc=com..secret
> >> >> > ber_get_next
> >> >> > ldap_read: want=8 error=Resource temporarily unavailable
> >> >> > ber_get_next on fd 13 failed errno=35 (Resource temporarily
> >> >> unavailable)
> >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> >> > do_bind
> >> >> > ber_scanf fmt ({imt) ber:
> >> >> > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43
> >> >> >   0000:  60 29 02 01 03 04 1c 63  6e 3d 4d 61 6e 61 67 65
> >> >> > `).....cn=Manage
> >> >> >   0010:  72 2c 64 63 3d 65 78 61  6d 70 6c 65 2c 64 63 3d
> >> >> > r,dc=example,dc=
> >> >> >   0020:  63 6f 6d 80 06 73 65 63  72 65 74
> >> >> > com..secret
> >> >> > ber_scanf fmt (m}) ber:
> >> >> > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8
> >> >> >   0000:  00 06 73 65 63 72 65 74
> >> >> > ..secret
> >> >> >...
>> dnPrettyNormal:
<cn=Manager,dc=example,dc=com> > >> >> > =>
ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
> >> >> > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
> >> >> > => ldap_dn2bv(272)
> >> >> > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
> >> >> > => ldap_dn2bv(272)
> >> >> > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
> >> >> > <<< dnPrettyNormal:
<cn=Manager,dc=example,dc=com>,
> >> >> > <cn=manager,dc=example,dc=com>
> >> >> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com"
method=128
> >> >> > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com"
method=128
> >> >> > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com
> >> >> > bdb_dn2entry("cn=manager,dc=example,dc=com")
> >> >> > => bdb_dn2id("dc=example,dc=com")
> >> >> > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data
pair
> >> found
> >> >> > (-30990)
> >> >> > send_ldap_result: conn=1 op=0 p=3
> >> >> > send_ldap_result: err=49 matched=""
text=""
> >> >> > send_ldap_response: msgid=1 tag=97 err=49
> >> >> > ber_flush: 14 bytes to sd 13
> >> >> >   0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00
> >> >> > 0....a...1....
> >> >> > ldap_write: want=14, written=14
> >> >> >   0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00
> >> >> > 0....a...1....
> >> >> > conn=1 op=0 RESULT tag=97 err=49 text=
> >> >> > daemon: activity on 1 descriptor
> >> >> > daemon: activity on: 13r
> >> >> > daemon: read activity on 13
> >> >> > connection_get(13)
> >> >> > connection_get(13): got connid=1
> >> >> > connection_read(13): checking for input on id=1
> >> >> > ber_get_next
> >> >> > ldap_read: want=8, got=0
> >> >> >
> >> >> > ber_get_next on fd 13 failed errno=0 (Undefined error: 0)
> >> >> > connection_read(13): input error=-2 id=1, closing.
> >> >> > connection_closing: readying conn=1 sd=13 for close
> >> >> > connection_close: deferring conn=1 sd=13
> >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> >> > daemon: activity on 1 descriptor
> >> >> > daemon: waked
> >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> >> > connection_resched: attempting closing conn=1 sd=13
> >> >> > connection_close: conn=1 sd=13
> >> >> > daemon: removing 13
> >> >> > conn=1 fd=13 closed (connection lost)
> >> >> >
> >> >> > - Jon
> >> >> >
> >> >> > On Dec 21, 2007 10:54 AM, Gavin Henry
<ghenry(a)suretecsystems.com&gt;
> >> >> wrote:
> >> >> >
> >> >> >> <quote who="Jonathan Wage">
> >> >> >> > Here is my slapd.conf
> >> >> >> >
> >> >> >> > #
> >> >> >> > # See slapd.conf(5) for details on configuration
options.
> >> >> >> > # This file should NOT be world readable.
> >> >> >> > #
> >> >> >> > include       
/private/etc/openldap/schema/core.schema
> >> >> >> >
> >> >> >> > # Define global ACLs to disable default read access.
> >> >> >> >
> >> >> >> > # Do not enable referrals until AFTER you have a
working
> >> directory
> >> >> >> > # service AND an understanding of referrals.
> >> >> >> > #referral    ldap://root.openldap.org
> >> >> >> >
> >> >> >> > pidfile       
/private/var/db/openldap/run/slapd.pid
> >> >> >> > argsfile    /private/var/db/openldap/run/slapd.args
> >> >> >> >
> >> >> >> > # Load dynamic backend modules:
> >> >> >> > # modulepath    /usr/libexec/openldap
> >> >> >> > # moduleload    back_bdb.la
> >> >> >> > # moduleload    back_ldap.la
> >> >> >> > # moduleload    back_ldbm.la
> >> >> >> > # moduleload    back_passwd.la
> >> >> >> > # moduleload    back_shell.la
> >> >> >> >
> >> >> >> > # Sample security restrictions
> >> >> >> > #    Require integrity protection (prevent
hijacking)
> >> >> >> > #    Require 112-bit (3DES or better) encryption for
updates
> >> >> >> > #    Require 63-bit encryption for simple bind
> >> >> >> > # security ssf=1 update_ssf=112 simple_bind=64
> >> >> >> >
> >> >> >> > # Sample access control policy:
> >> >> >> > #    Root DSE: allow anyone to read it
> >> >> >> > #    Subschema (sub)entry DSE: allow anyone to read
it
> >> >> >> > #    Other DSEs:
> >> >> >> > #        Allow self write access
> >> >> >> > #        Allow authenticated users read access
> >> >> >> > #        Allow anonymous users to authenticate
> >> >> >> > #    Directives needed to implement policy:
> >> >> >> > # access to dn.base="" by * read
> >> >> >> > # access to dn.base="cn=Subschema" by *
read
> >> >> >> > # access to *
> >> >> >> > #    by self write
> >> >> >> > #    by users read
> >> >> >> > #    by anonymous auth
> >> >> >> > #
> >> >> >> > # if no access controls are present, the default
policy
> >> >> >> > # allows anyone and everyone to read anything but
restricts
> >> >> >> > # updates to rootdn.  (e.g., "access to * by *
read")
> >> >> >> > #
> >> >> >> > # rootdn can always read and write EVERYTHING!
> >> >> >> >
> >> >> >> >
> >> >>
> #######################################################################
> >> >> >> > # BDB database definitions
> >> >> >> >
> >> >>
> #######################################################################
> >> >> >> >
> >> >> >> > database    bdb
> >> >> >> > suffix        "dc=example,dc=com"
> >> >> >> > rootdn       
"cn=Manager,dc=example,dc=com"
> >> >> >> > # Cleartext passwords, especially for the rootdn,
should
> >> >> >> > # be avoid.  See slappasswd(8) and slapd.conf(5) for
details.
> >> >> >> > # Use of strong authentication encouraged.
> >> >> >> > rootpw        secret
> >> >> >> > # The database directory MUST exist prior to running
slapd AND
> >> >> >> > # should only be accessible by the slapd and slap
tools.
> >> >> >> > # Mode 700 recommended.
> >> >> >> > directory    /private/var/db/openldap/openldap-data
> >> >> >> > # Indices to maintain
> >> >> >> > index    objectClass    eq
> >> >> >> >
> >> >> >> >
> >> >> >> > Which logs are you referring to? The openldap log?
> >> >> >>
> >> >> >> Start slapd by hand with -d -1
> >> >> >>
> >> >> >> and then bind via ldapsearch.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Jonathan Wage
> >> >> > http://www.jwage.com
> >> >> > http://www.centresource.com
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >> > --
> >> > Jonathan Wage
> >> > http://www.jwage.com
> >> > http://www.centresource.com
> >> >
> >>
> >>
> >
> >
> > --
> > Jonathan Wage
> > http://www.jwage.com
> > http://www.centresource.com
> >
>
>

-- 
Jonathan Wage
http://www.jwage.com
http://www.centresource.com

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Issue using ldapadd