Whoops, meant to send to list too :) sorry
(#) $OpenLDAP: slapd 2.3.27 (Oct 4 2007 23:24:38) $
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 2 listeners opened
daemon_init: [0]DNSServiceRegister
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
reading config file /private/etc/openldap/slapd.conf
line 5 (include /private/etc/openldap/schema/core.schema)
reading config file /private/etc/openldap/schema/core.schema
line 77 (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 86 (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name ))
line 92 (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64}
))
line 96 (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-3166 country 2-letter code' SUP name SINGLE-VALUE ))
line 100 (attributetype (
2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP name ))
line 104 (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name ))
line 110 (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 114 (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name ))
line 118 (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object belongs to' SUP name ))
line 122 (attributetype (
2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ))
line 134 (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' SYNTAX
1.3.6.1.4.1.1466.115.121.1.25 ))
line 140 (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 146 (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.41 ))
line 152 (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 158 (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 164 (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 170 (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.50{32} ))
line 174 (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ))
line 178 (attributetype (
2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ))
line 182 (attributetype (
2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ))
line 188 (attributetype (
2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ))
line 194 (attributetype (
2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ))
line 199 (attributetype (
2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))
line 205 (attributetype (
2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ))
line 210 (attributetype (
2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE ))
line 216 (attributetype (
2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE ))
line 221 (attributetype (
2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ))
line 225 (attributetype (
2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName ))
line 229 (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName ))
line 233 (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ))
line 251 (attributetype ( 2.5.4.36
NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ))
line 258 (attributetype (
2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ))
line 263 (attributetype (
2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))
line 268 (attributetype ( 2.5.4.39
NAME 'certificateRevocationList' DESC 'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))
line 273 (attributetype ( 2.5.4.40
NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ))
line 283 (attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) for which the entity is known by' SUP name ))
line 287 (attributetype ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some or all of names, but not the surname(s).' SUP name ))
line 291 (attributetype (
2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qualifier indicating a generation' SUP name ))
line 296 (attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256:
X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ))
line 303 (attributetype ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.44 ))
line 307 (attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ))
line 312 (attributetype ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ))
line 322 (attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ))
line 328 (attributetype (
2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 333 (attributetype (
2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ))
line 338 (attributetype ( 2.5.4.53
NAME 'deltaRevocationList' DESC 'RFC2256: delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))
line 342 (attributetype ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP name ))
line 346 (attributetype ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ))
line 366 (objectclass ( 2.5.6.2
NAME 'country' DESC 'RFC2256: a country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) ))
line 371 (objectclass ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ))
line 382 (objectclass ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ))
line 393 (objectclass ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ))
line 399 (objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ))
line 408 (objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ))
line 419 (objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) ))
line 425 (objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ))
line 436 (objectclass ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) ))
line 442 (objectclass ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) ))
line 449 (objectclass (
2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ))
line 454 (objectclass ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation ))
line 460 (objectclass (
2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ))
line 465 (objectclass (
2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a strong authentication user' SUP top AUXILIARY MUST userCertificate ))
line 471 (objectclass ( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair ))
line 477 (objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ))
line 482 (objectclass ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms ) ))
line 486 (objectclass (
2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certificationAuthority AUXILIARY MAY ( deltaRevocationList ) ))
line 492 (objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) ))
line 502 (objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ))
line 510 (objectclass ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP top AUXILIARY MAY userCertificate ))
line 516 (objectclass ( 2.5.6.22
NAME 'pkiCA' DESC 'RFC2587: PKI certificate authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList $ cACertificate $ crossCertificatePair ) ))
line 521 (objectclass (
2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top AUXILIARY MAY deltaRevocationList ))
line 534 (objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY ( labeledURI ) ))
line 551 (attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
))
line 556 (objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword ))
line 564 (attributetype ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ))
line 569 (objectclass (
1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain component object' SUP top AUXILIARY MUST dc ))
line 574 (objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' SUP top AUXILIARY MUST uid ))
line 582 (attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
))
line 590 (attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{128} ))
line 13 (pidfile /private/var/db/openldap/run/slapd.pid)
line 14 (argsfile /private/var/db/openldap/run/slapd.args)
line 17 (modulepath /usr/libexec/openldap)
/private/etc/openldap/slapd.conf: line 17: keyword <modulepath> ignored
line 18 (moduleload back_bdb.la)
/private/etc/openldap/slapd.conf: line 18: keyword <moduleload> ignored
line 55 (database bdb)
bdb_db_init: Initializing BDB database
line 56 (suffix "dc=example,dc=com")
>>> dnPrettyNormal: <dc=example,dc=com>
=> ldap_bv2dn(dc=example,dc=com,0)
<= ldap_bv2dn(dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=example,dc=com)=0
<<< dnPrettyNormal: <dc=example,dc=com>, <dc=example,dc=com>
line 57 (rootdn "cn=Manager,dc=example,dc=com")
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
=> ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
<= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com>
line 61 (rootpw ***)
line 65 (directory /private/var/db/openldap/openldap-data)
line 67 (index objectClass eq)
index objectClass 0x0004
>>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ krbName $ dc $ associatedDomain $ email ) )
1.3.6.1.4.1.1466.109.114.1
(caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ krbName $ dc $ associatedDomain $ email ) )
2.5.13.35 (certificateMatch): matchingRuleUse: (
2.5.13.35 NAME 'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.34 (certificateExactMatch): matchingRuleUse: (
2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
2.5.13.29
(integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $ reqStart $ reqEnd $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime ) )
2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: (
2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: (
2.5.13.20 NAME 'telephoneNumberMatch' APPLIES telephoneNumber )
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ reqControls $ reqRespControls $ reqMod $ reqOld $ reqData $ pwdHistory $ queryid ) )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcAccessLogSuccess $ reqDeleteOldRDN $ reqAttrsOnly $ pwdReset $ olcSpNoPresent $ olcSpReloadHint ) )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ authAuthority $ dNSHostName $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcTLSCertificatePassphraseTool $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcDIRange $ olcDIGUIDGen $ olcDIOwnerGUIDGen $ olcDIOverride $ olcExpandAttribute $ olcDLattrSet $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ mail ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ authAuthority $ dNSHostName $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcTLSCertificatePassphraseTool $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcDIRange $ olcDIGUIDGen $ olcDIOwnerGUIDGen $ olcDIOverride $ olcExpandAttribute $ olcDLattrSet $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ mail ) )
1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcAccessLogDB $ reqDN $ reqAuthzID $ reqNewRDN $ reqNewSuperior $ pwdPolicySubentry $ errMatchedDN $ member $ owner $ roleOccupant ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=include{0}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
backend_startup_one: starting "dc=example,dc=com"
bdb_db_open: dc=example,dc=com
bdb_db_open: Warning - No DB_CONFIG file found in directory /private/var/db/openldap/openldap-data: (2)
Expect poor performance for suffix dc=example,dc=com.
bdb_db_open: dbenv_open(/private/var/db/openldap/openldap-data)
slapd starting
daemon: added 4r
daemon: added 6r
daemon: added 7r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
The first 50 lines of startup, before you try to do anything ;-)
--Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
<quote who="Jonathan Wage">
> Starting with:
>
> sudo ./slapd -d -1 -f /private/etc/openldap/slapd.conf
>
> Produces this:
>
> daemon: activity on 1 descriptor
> daemon: listen=7, new connection on 12
> daemon: added 12r
> conn=1 fd=12 ACCEPT from IP=127.0.0.1:64694 (IP= 0.0.0.0:389)
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptor
> daemon: activity on: 12r
> daemon: read activity on 12
> connection_get(12)
> connection_get(12): got connid=1
> connection_read(12): checking for input on id=1
> ber_get_next
> ldap_read: want=8, got=8
> 0000: 30 2e 02 01 01 60 29 02
> 0....`).
> ldap_read: want=40, got=40
> 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64
> ....cn=Manager,d
> 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d
> c=example,dc=com
> 0020: 80 06 73 65 63 72 65 74
> ..secret
> ber_get_next: tag 0x30 len 46 contents:
> ber_dump: buf=0x00345680 ptr=0x00345680 end=0x003456ae len=46
> 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e
> ...`).....cn=Man
> 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c
> ager,dc=example,
> 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74
> dc=com..secret
> ber_get_next
> ldap_read: want=8 error=Resource temporarily unavailable
> ber_get_next on fd 12 failed errno=35 (Resource temporarily unavailable)
> do_bind
> ber_scanf fmt ({imt) ber:
> ber_dump: buf=0x00345680 ptr=0x00345683 end=0x003456ae len=43
> 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65
> `).....cn=Manage
> 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d
> r,dc=example,dc=
> 0020: 63 6f 6d 80 06 73 65 63 72 65 74
> com..secret
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> ber_scanf fmt (m}) ber:
> ber_dump: buf=0x00345680 ptr=0x003456a6 end=0x003456ae len=8
> 0000: 00 06 73 65 63 72 65 74
> ..secret
>>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
> => ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
> <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
> <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>,
> <cn=manager,dc=example,dc=com>
> do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
> conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
> ==> bdb_bind: dn: cn=Manager,dc=example,dc=com
> bdb_dn2entry("cn=manager,dc=example,dc=com")
> => bdb_dn2id("dc=example,dc=com")
> <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
> (-30990)
> send_ldap_result: conn=1 op=0 p=3
> send_ldap_result: err=49 matched="" text=""
> send_ldap_response: msgid=1 tag=97 err=49
> ber_flush: 14 bytes to sd 12
> 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
> 0....a...1....
> ldap_write: want=14, written=14
> 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
> 0....a...1....
> conn=1 op=0 RESULT tag=97 err=49 text=
> daemon: activity on 1 descriptor
> daemon: activity on: 12r
> daemon: read activity on 12
> connection_get(12)
> connection_get(12): got connid=1
> connection_read(12): checking for input on id=1
> ber_get_next
> ldap_read: want=8, got=0
>
> ber_get_next on fd 12 failed errno=0 (Undefined error: 0)
> connection_read(12): input error=-2 id=1, closing.
> connection_closing: readying conn=1 sd=12 for close
> connection_close: conn=1 sd=12
> daemon: removing 12
> conn=1 fd=12 closed (connection lost)
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptor
> daemon: waked
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
>
>
> On Dec 21, 2007 2:09 PM, Gavin Henry < ghenry@suretecsystems.com> wrote:
>
>> <quote who="Jonathan Wage">
>> > Uncommented and restarted ldap with the following command:
>> >
>> > sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf
>>
>> Can you start up with -d -1 and just paste the first say 50 lines.
>>
>> and CC your reply to openldap-software@openldap.org
>>
>> >
>> > Then when I run this command:
>> >
>> > sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
>> >
>> > I get this in the screen with slapd running:
>> >
>> > conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389)
>> > conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
>> > conn=0 op=0 RESULT tag=97 err=49 text=
>> > conn=0 fd=12 closed (connection lost)
>> >
>> > The error code translates to incorrect DN or password.
>> >
>> > - Jon
>> >
>> > On Dec 21, 2007 1:52 PM, Gavin Henry <ghenry@suretecsystems.com>
>> wrote:
>> >
>> >> Uncommment:
>> >>
>> >> # modulepath /usr/libexec/openldap
>> >> # moduleload back_bdb.la
>> >>
>> >> --
>> >> Kind Regards,
>> >>
>> >> Gavin Henry.
>> >> Managing Director.
>> >>
>> >> T +44 (0) 1224 279484
>> >> M +44 (0) 7930 323266
>> >> F +44 (0) 1224 824887
>> >> E ghenry@suretecsystems.com
>> >>
>> >> Open Source. Open Solutions(tm).
>> >>
>> >> http://www.suretecsystems.com/
>> >>
>> >> <quote who="Jonathan Wage">
>> >> > When I start slapd like you said above I am able to see the logs. I
>> >> then
>> >> > run
>> >> > the same command where I get the invalid credentials and I get the
>> >> > following:
>> >> >
>> >> > ------------------
>> >> >
>> >> > daemon: activity on 1 descriptor
>> >> > daemon: listen=7, new connection on 13
>> >> > daemon: added 13r
>> >> > conn=1 fd=13 ACCEPT from IP= 127.0.0.1:63502 (IP=0.0.0.0:389)
>> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
>> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
>> >> > daemon: activity on 1 descriptor
>> >> > daemon: activity on: 13r
>> >> > daemon: read activity on 13
>> >> > connection_get(13)
>> >> > connection_get(13): got connid=1
>> >> > connection_read(13): checking for input on id=1
>> >> > ber_get_next
>> >> > ldap_read: want=8, got=8
>> >> > 0000: 30 2e 02 01 01 60 29 02
>> >> > 0....`).
>> >> > ldap_read: want=40, got=40
>> >> > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64
>> >> > ....cn=Manager,d
>> >> > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d
>> >> > c=example,dc=com
>> >> > 0020: 80 06 73 65 63 72 65 74
>> >> > ..secret
>> >> > ber_get_next: tag 0x30 len 46 contents:
>> >> > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46
>> >> > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e
>> >> > ...`).....cn=Man
>> >> > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c
>> >> > ager,dc=example,
>> >> > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74
>> >> > dc=com..secret
>> >> > ber_get_next
>> >> > ldap_read: want=8 error=Resource temporarily unavailable
>> >> > ber_get_next on fd 13 failed errno=35 (Resource temporarily
>> >> unavailable)
>> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
>> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
>> >> > do_bind
>> >> > ber_scanf fmt ({imt) ber:
>> >> > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43
>> >> > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65
>> >> > `).....cn=Manage
>> >> > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d
>> >> > r,dc=example,dc=
>> >> > 0020: 63 6f 6d 80 06 73 65 63 72 65 74
>> >> > com..secret
>> >> > ber_scanf fmt (m}) ber:
>> >> > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8
>> >> > 0000: 00 06 73 65 63 72 65 74
>> >> > ..secret
>> >> >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
>> >> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
>> >> > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
>> >> > => ldap_dn2bv(272)
>> >> > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
>> >> > => ldap_dn2bv(272)
>> >> > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
>> >> > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>,
>> >> > <cn=manager,dc=example,dc=com>
>> >> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
>> >> > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
>> >> > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com
>> >> > bdb_dn2entry("cn=manager,dc=example,dc=com")
>> >> > => bdb_dn2id("dc=example,dc=com")
>> >> > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair
>> found
>> >> > (-30990)
>> >> > send_ldap_result: conn=1 op=0 p=3
>> >> > send_ldap_result: err=49 matched="" text=""
>> >> > send_ldap_response: msgid=1 tag=97 err=49
>> >> > ber_flush: 14 bytes to sd 13
>> >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
>> >> > 0....a...1....
>> >> > ldap_write: want=14, written=14
>> >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
>> >> > 0....a...1....
>> >> > conn=1 op=0 RESULT tag=97 err=49 text=
>> >> > daemon: activity on 1 descriptor
>> >> > daemon: activity on: 13r
>> >> > daemon: read activity on 13
>> >> > connection_get(13)
>> >> > connection_get(13): got connid=1
>> >> > connection_read(13): checking for input on id=1
>> >> > ber_get_next
>> >> > ldap_read: want=8, got=0
>> >> >
>> >> > ber_get_next on fd 13 failed errno=0 (Undefined error: 0)
>> >> > connection_read(13): input error=-2 id=1, closing.
>> >> > connection_closing: readying conn=1 sd=13 for close
>> >> > connection_close: deferring conn=1 sd=13
>> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
>> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
>> >> > daemon: activity on 1 descriptor
>> >> > daemon: waked
>> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
>> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
>> >> > connection_resched: attempting closing conn=1 sd=13
>> >> > connection_close: conn=1 sd=13
>> >> > daemon: removing 13
>> >> > conn=1 fd=13 closed (connection lost)
>> >> >
>> >> > - Jon
>> >> >
>> >> > On Dec 21, 2007 10:54 AM, Gavin Henry < ghenry@suretecsystems.com>
>> >> wrote:
>> >> >
>> >> >> <quote who="Jonathan Wage">
>> >> >> > Here is my slapd.conf
>> >> >> >
>> >> >> > #
>> >> >> > # See slapd.conf(5) for details on configuration options.
>> >> >> > # This file should NOT be world readable.
>> >> >> > #
>> >> >> > include /private/etc/openldap/schema/core.schema
>> >> >> >
>> >> >> > # Define global ACLs to disable default read access.
>> >> >> >
>> >> >> > # Do not enable referrals until AFTER you have a working
>> directory
>> >> >> > # service AND an understanding of referrals.
>> >> >> > #referral ldap://root.openldap.org
>> >> >> >
>> >> >> > pidfile /private/var/db/openldap/run/slapd.pid
>> >> >> > argsfile /private/var/db/openldap/run/slapd.args
>> >> >> >
>> >> >> > # Load dynamic backend modules:
>> >> >> > # modulepath /usr/libexec/openldap
>> >> >> > # moduleload back_bdb.la
>> >> >> > # moduleload back_ldap.la
>> >> >> > # moduleload back_ldbm.la
>> >> >> > # moduleload back_passwd.la
>> >> >> > # moduleload back_shell.la
>> >> >> >
>> >> >> > # Sample security restrictions
>> >> >> > # Require integrity protection (prevent hijacking)
>> >> >> > # Require 112-bit (3DES or better) encryption for updates
>> >> >> > # Require 63-bit encryption for simple bind
>> >> >> > # security ssf=1 update_ssf=112 simple_bind=64
>> >> >> >
>> >> >> > # Sample access control policy:
>> >> >> > # Root DSE: allow anyone to read it
>> >> >> > # Subschema (sub)entry DSE: allow anyone to read it
>> >> >> > # Other DSEs:
>> >> >> > # Allow self write access
>> >> >> > # Allow authenticated users read access
>> >> >> > # Allow anonymous users to authenticate
>> >> >> > # Directives needed to implement policy:
>> >> >> > # access to dn.base="" by * read
>> >> >> > # access to dn.base="cn=Subschema" by * read
>> >> >> > # access to *
>> >> >> > # by self write
>> >> >> > # by users read
>> >> >> > # by anonymous auth
>> >> >> > #
>> >> >> > # if no access controls are present, the default policy
>> >> >> > # allows anyone and everyone to read anything but restricts
>> >> >> > # updates to rootdn. (e.g., "access to * by * read")
>> >> >> > #
>> >> >> > # rootdn can always read and write EVERYTHING!
>> >> >> >
>> >> >> >
>> >> #######################################################################
>> >> >> > # BDB database definitions
>> >> >> >
>> >> #######################################################################
>> >> >> >
>> >> >> > database bdb
>> >> >> > suffix "dc=example,dc=com"
>> >> >> > rootdn "cn=Manager,dc=example,dc=com"
>> >> >> > # Cleartext passwords, especially for the rootdn, should
>> >> >> > # be avoid. See slappasswd(8) and slapd.conf(5) for details.
>> >> >> > # Use of strong authentication encouraged.
>> >> >> > rootpw secret
>> >> >> > # The database directory MUST exist prior to running slapd AND
>> >> >> > # should only be accessible by the slapd and slap tools.
>> >> >> > # Mode 700 recommended.
>> >> >> > directory /private/var/db/openldap/openldap-data
>> >> >> > # Indices to maintain
>> >> >> > index objectClass eq
>> >> >> >
>> >> >> >
>> >> >> > Which logs are you referring to? The openldap log?
>> >> >>
>> >> >> Start slapd by hand with -d -1
>> >> >>
>> >> >> and then bind via ldapsearch.
>> >> >>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> > --
>> >> > Jonathan Wage
>> >> > http://www.jwage.com
>> >> > http://www.centresource.com
>> >> >
>> >>
>> >>
>> >
>> >
>> > --
>> > Jonathan Wage
>> > http://www.jwage.com
>> > http://www.centresource.com
>> >
>>
>>
>
>
> --
> Jonathan Wage
> http://www.jwage.com
> http://www.centresource.com
>