<quote who="Jonathan Wage">
Uncommented and restarted ldap with the following command:
sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf
Can you start up with -d -1 and just paste the first say 50 lines.
and CC your reply to openldap-software@openldap.org
Then when I run this command:
sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
I get this in the screen with slapd running:
conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389) conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 conn=0 op=0 RESULT tag=97 err=49 text= conn=0 fd=12 closed (connection lost)
The error code translates to incorrect DN or password.
- Jon
On Dec 21, 2007 1:52 PM, Gavin Henry ghenry@suretecsystems.com wrote:
Uncommment:
# modulepath /usr/libexec/openldap # moduleload back_bdb.la
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
<quote who="Jonathan Wage"> > When I start slapd like you said above I am able to see the logs. I then > run > the same command where I get the invalid credentials and I get the > following: > > ------------------ > > daemon: activity on 1 descriptor > daemon: listen=7, new connection on 13 > daemon: added 13r > conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read activity on 13 > connection_get(13) > connection_get(13): got connid=1 > connection_read(13): checking for input on id=1 > ber_get_next > ldap_read: want=8, got=8 > 0000: 30 2e 02 01 01 60 29 02 > 0....`). > ldap_read: want=40, got=40 > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 > ....cn=Manager,d > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d > c=example,dc=com > 0020: 80 06 73 65 63 72 65 74 > ..secret > ber_get_next: tag 0x30 len 46 contents: > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46 > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e > ...`).....cn=Man > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c > ager,dc=example, > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 > dc=com..secret > ber_get_next > ldap_read: want=8 error=Resource temporarily unavailable > ber_get_next on fd 13 failed errno=35 (Resource temporarily unavailable) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > do_bind > ber_scanf fmt ({imt) ber: > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43 > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 > `).....cn=Manage > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d > r,dc=example,dc= > 0020: 63 6f 6d 80 06 73 65 63 72 65 74 > com..secret > ber_scanf fmt (m}) ber: > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8 > 0000: 00 06 73 65 63 72 65 74 > ..secret >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0) > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, > <cn=manager,dc=example,dc=com> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com > bdb_dn2entry("cn=manager,dc=example,dc=com") > => bdb_dn2id("dc=example,dc=com") > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found > (-30990) > send_ldap_result: conn=1 op=0 p=3 > send_ldap_result: err=49 matched="" text="" > send_ldap_response: msgid=1 tag=97 err=49 > ber_flush: 14 bytes to sd 13 > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 > 0....a...1.... > ldap_write: want=14, written=14 > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 > 0....a...1.... > conn=1 op=0 RESULT tag=97 err=49 text= > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read activity on 13 > connection_get(13) > connection_get(13): got connid=1 > connection_read(13): checking for input on id=1 > ber_get_next > ldap_read: want=8, got=0 > > ber_get_next on fd 13 failed errno=0 (Undefined error: 0) > connection_read(13): input error=-2 id=1, closing. > connection_closing: readying conn=1 sd=13 for close > connection_close: deferring conn=1 sd=13 > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptor > daemon: waked > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > connection_resched: attempting closing conn=1 sd=13 > connection_close: conn=1 sd=13 > daemon: removing 13 > conn=1 fd=13 closed (connection lost) > > - Jon > > On Dec 21, 2007 10:54 AM, Gavin Henry <ghenry@suretecsystems.com> wrote: > >> <quote who="Jonathan Wage"> >> > Here is my slapd.conf >> > >> > # >> > # See slapd.conf(5) for details on configuration options. >> > # This file should NOT be world readable. >> > # >> > include /private/etc/openldap/schema/core.schema >> > >> > # Define global ACLs to disable default read access. >> > >> > # Do not enable referrals until AFTER you have a working directory >> > # service AND an understanding of referrals. >> > #referral ldap://root.openldap.org >> > >> > pidfile /private/var/db/openldap/run/slapd.pid >> > argsfile /private/var/db/openldap/run/slapd.args >> > >> > # Load dynamic backend modules: >> > # modulepath /usr/libexec/openldap >> > # moduleload back_bdb.la >> > # moduleload back_ldap.la >> > # moduleload back_ldbm.la >> > # moduleload back_passwd.la >> > # moduleload back_shell.la >> > >> > # Sample security restrictions >> > # Require integrity protection (prevent hijacking) >> > # Require 112-bit (3DES or better) encryption for updates >> > # Require 63-bit encryption for simple bind >> > # security ssf=1 update_ssf=112 simple_bind=64 >> > >> > # Sample access control policy: >> > # Root DSE: allow anyone to read it >> > # Subschema (sub)entry DSE: allow anyone to read it >> > # Other DSEs: >> > # Allow self write access >> > # Allow authenticated users read access >> > # Allow anonymous users to authenticate >> > # Directives needed to implement policy: >> > # access to dn.base="" by * read >> > # access to dn.base="cn=Subschema" by * read >> > # access to * >> > # by self write >> > # by users read >> > # by anonymous auth >> > # >> > # if no access controls are present, the default policy >> > # allows anyone and everyone to read anything but restricts >> > # updates to rootdn. (e.g., "access to * by * read") >> > # >> > # rootdn can always read and write EVERYTHING! >> > >> > ####################################################################### >> > # BDB database definitions >> > ####################################################################### >> > >> > database bdb >> > suffix "dc=example,dc=com" >> > rootdn "cn=Manager,dc=example,dc=com" >> > # Cleartext passwords, especially for the rootdn, should >> > # be avoid. See slappasswd(8) and slapd.conf(5) for details. >> > # Use of strong authentication encouraged. >> > rootpw secret >> > # The database directory MUST exist prior to running slapd AND >> > # should only be accessible by the slapd and slap tools. >> > # Mode 700 recommended. >> > directory /private/var/db/openldap/openldap-data >> > # Indices to maintain >> > index objectClass eq >> > >> > >> > Which logs are you referring to? The openldap log? >> >> Start slapd by hand with -d -1 >> >> and then bind via ldapsearch. >> >> >> > > > -- > Jonathan Wage > http://www.jwage.com > http://www.centresource.com >
-- Jonathan Wage http://www.jwage.com http://www.centresource.com
Starting with:
sudo ./slapd -d -1 -f /private/etc/openldap/slapd.conf
Produces this:
daemon: activity on 1 descriptor daemon: listen=7, new connection on 12 daemon: added 12r conn=1 fd=12 ACCEPT from IP=127.0.0.1:64694 (IP=0.0.0.0:389) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 12r daemon: read activity on 12 connection_get(12) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 ber_get_next ldap_read: want=8, got=8 0000: 30 2e 02 01 01 60 29 02 0....`). ldap_read: want=40, got=40 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 ....cn=Manager,d 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d c=example,dc=com 0020: 80 06 73 65 63 72 65 74 ..secret ber_get_next: tag 0x30 len 46 contents: ber_dump: buf=0x00345680 ptr=0x00345680 end=0x003456ae len=46 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e ...`).....cn=Man 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c ager,dc=example, 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 dc=com..secret ber_get_next ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on fd 12 failed errno=35 (Resource temporarily unavailable) do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x00345680 ptr=0x00345683 end=0x003456ae len=43 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 `).....cn=Manage 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d r,dc=example,dc= 0020: 63 6f 6d 80 06 73 65 63 72 65 74 com..secret daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL ber_scanf fmt (m}) ber: ber_dump: buf=0x00345680 ptr=0x003456a6 end=0x003456ae len=8 0000: 00 06 73 65 63 72 65 74 ..secret
dnPrettyNormal: <cn=Manager,dc=example,dc=com>
=> ldap_bv2dn(cn=Manager,dc=example,dc=com,0) <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com> do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 ==> bdb_bind: dn: cn=Manager,dc=example,dc=com bdb_dn2entry("cn=manager,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990) send_ldap_result: conn=1 op=0 p=3 send_ldap_result: err=49 matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 ber_flush: 14 bytes to sd 12 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... conn=1 op=0 RESULT tag=97 err=49 text= daemon: activity on 1 descriptor daemon: activity on: 12r daemon: read activity on 12 connection_get(12) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 ber_get_next ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Undefined error: 0) connection_read(12): input error=-2 id=1, closing. connection_closing: readying conn=1 sd=12 for close connection_close: conn=1 sd=12 daemon: removing 12 conn=1 fd=12 closed (connection lost) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL
On Dec 21, 2007 2:09 PM, Gavin Henry ghenry@suretecsystems.com wrote:
<quote who="Jonathan Wage"> > Uncommented and restarted ldap with the following command: > > sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf
Can you start up with -d -1 and just paste the first say 50 lines.
and CC your reply to openldap-software@openldap.org
Then when I run this command:
sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
I get this in the screen with slapd running:
conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389) conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 conn=0 op=0 RESULT tag=97 err=49 text= conn=0 fd=12 closed (connection lost)
The error code translates to incorrect DN or password.
- Jon
On Dec 21, 2007 1:52 PM, Gavin Henry ghenry@suretecsystems.com wrote:
Uncommment:
# modulepath /usr/libexec/openldap # moduleload back_bdb.la
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
<quote who="Jonathan Wage"> > When I start slapd like you said above I am able to see the logs. I then > run > the same command where I get the invalid credentials and I get the > following: > > ------------------ > > daemon: activity on 1 descriptor > daemon: listen=7, new connection on 13 > daemon: added 13r > conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read activity on 13 > connection_get(13) > connection_get(13): got connid=1 > connection_read(13): checking for input on id=1 > ber_get_next > ldap_read: want=8, got=8 > 0000: 30 2e 02 01 01 60 29 02 > 0....`). > ldap_read: want=40, got=40 > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 > ....cn=Manager,d > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d > c=example,dc=com > 0020: 80 06 73 65 63 72 65 74 > ..secret > ber_get_next: tag 0x30 len 46 contents: > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46 > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e > ...`).....cn=Man > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c > ager,dc=example, > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 > dc=com..secret > ber_get_next > ldap_read: want=8 error=Resource temporarily unavailable > ber_get_next on fd 13 failed errno=35 (Resource temporarily unavailable) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > do_bind > ber_scanf fmt ({imt) ber: > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43 > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 > `).....cn=Manage > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d > r,dc=example,dc= > 0020: 63 6f 6d 80 06 73 65 63 72 65 74 > com..secret > ber_scanf fmt (m}) ber: > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8 > 0000: 00 06 73 65 63 72 65 74 > ..secret >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0) > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, > <cn=manager,dc=example,dc=com> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com > bdb_dn2entry("cn=manager,dc=example,dc=com") > => bdb_dn2id("dc=example,dc=com") > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair
found
(-30990) send_ldap_result: conn=1 op=0 p=3 send_ldap_result: err=49 matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 ber_flush: 14 bytes to sd 13 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... conn=1 op=0 RESULT tag=97 err=49 text= daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read activity on 13 connection_get(13) connection_get(13): got connid=1 connection_read(13): checking for input on id=1 ber_get_next ldap_read: want=8, got=0
ber_get_next on fd 13 failed errno=0 (Undefined error: 0) connection_read(13): input error=-2 id=1, closing. connection_closing: readying conn=1 sd=13 for close connection_close: deferring conn=1 sd=13 daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL connection_resched: attempting closing conn=1 sd=13 connection_close: conn=1 sd=13 daemon: removing 13 conn=1 fd=13 closed (connection lost)
- Jon
On Dec 21, 2007 10:54 AM, Gavin Henry ghenry@suretecsystems.com
wrote:
<quote who="Jonathan Wage"> > Here is my slapd.conf > > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /private/etc/openldap/schema/core.schema > > # Define global ACLs to disable default read access. > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /private/var/db/openldap/run/slapd.pid > argsfile /private/var/db/openldap/run/slapd.args > > # Load dynamic backend modules: > # modulepath /usr/libexec/openldap > # moduleload back_bdb.la > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > # Sample security restrictions > # Require integrity protection (prevent hijacking) > # Require 112-bit (3DES or better) encryption for updates > # Require 63-bit encryption for simple bind > # security ssf=1 update_ssf=112 simple_bind=64 > > # Sample access control policy: > # Root DSE: allow anyone to read it > # Subschema (sub)entry DSE: allow anyone to read it > # Other DSEs: > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # Directives needed to implement policy: > # access to dn.base="" by * read > # access to dn.base="cn=Subschema" by * read > # access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default policy > # allows anyone and everyone to read anything but restricts > # updates to rootdn. (e.g., "access to * by * read") > # > # rootdn can always read and write EVERYTHING! > >
#######################################################################
# BDB database definitions
#######################################################################
database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /private/var/db/openldap/openldap-data # Indices to maintain index objectClass eq
Which logs are you referring to? The openldap log?
Start slapd by hand with -d -1
and then bind via ldapsearch.
-- Jonathan Wage http://www.jwage.com http://www.centresource.com
-- Jonathan Wage http://www.jwage.com http://www.centresource.com
The first 50 lines of startup, before you try to do anything ;-)
Whoops, meant to send to list too :) sorry
(#) $OpenLDAP: slapd 2.3.27 (Oct 4 2007 23:24:38) $ daemon_init: <null> daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap:///) daemon: listener initialized ldap:/// daemon_init: 2 listeners opened daemon_init: [0]DNSServiceRegister slapd init: initiated server. slap_sasl_init: initialized! bdb_back_initialize: initialize BDB backend bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) hdb_back_initialize: initialize HDB backend hdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) reading config file /private/etc/openldap/slapd.conf line 5 (include /private/etc/openldap/schema/core.schema) reading config file /private/etc/openldap/schema/core.schema line 77 (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )) line 86 (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name )) line 92 (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )) line 96 (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-3166 country 2-letter code' SUP name SINGLE-VALUE )) line 100 (attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP name )) line 104 (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name )) line 110 (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )) line 114 (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name )) line 118 (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object belongs to' SUP name )) line 122 (attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name )) line 134 (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )) line 140 (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )) line 146 (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )) line 152 (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )) line 158 (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )) line 164 (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )) line 170 (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )) line 174 (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )) line 178 (attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51)) line 182 (attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )) line 188 (attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )) line 194 (attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )) line 199 (attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )) line 205 (attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )) line 210 (attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14SINGLE-VALUE )) line 216 (attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE )) line 221 (attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )) line 225 (attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName )) line 229 (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName )) line 233 (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName )) line 251 (attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )) line 258 (attributetype ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )) line 263 (attributetype ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )) line 268 (attributetype ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )) line 273 (attributetype ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )) line 283 (attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) for which the entity is known by' SUP name )) line 287 (attributetype ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some or all of names, but not the surname(s).' SUP name )) line 291 (attributetype ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qualifier indicating a generation' SUP name )) line 296 (attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )) line 303 (attributetype ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )) line 307 (attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )) line 312 (attributetype ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )) line 322 (attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )) line 328 (attributetype ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )) line 333 (attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )) line 338 (attributetype ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )) line 342 (attributetype ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP name )) line 346 (attributetype ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name )) line 366 (objectclass ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) )) line 371 (objectclass ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )) line 382 (objectclass ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )) line 393 (objectclass ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )) line 399 (objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )) line 408 (objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )) line 419 (objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )) line 425 (objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )) line 436 (objectclass ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) )) line 442 (objectclass ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) )) line 449 (objectclass ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )) line 454 (objectclass ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation )) line 460 (objectclass ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )) line 465 (objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a strong authentication user' SUP top AUXILIARY MUST userCertificate )) line 471 (objectclass ( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair )) line 477 (objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )) line 482 (objectclass ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms ) )) line 486 (objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certificationAuthority AUXILIARY MAY ( deltaRevocationList ) )) line 492 (objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) )) line 502 (objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )) line 510 (objectclass ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP top AUXILIARY MAY userCertificate )) line 516 (objectclass ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList $ cACertificate $ crossCertificatePair ) )) line 521 (objectclass ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top AUXILIARY MAY deltaRevocationList )) line 534 (objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY ( labeledURI ) )) line 551 (attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) line 556 (objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )) line 564 (attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) line 569 (objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain component object' SUP top AUXILIARY MUST dc )) line 574 (objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' SUP top AUXILIARY MUST uid )) line 582 (attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) line 590 (attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )) line 13 (pidfile /private/var/db/openldap/run/slapd.pid) line 14 (argsfile /private/var/db/openldap/run/slapd.args) line 17 (modulepath /usr/libexec/openldap) /private/etc/openldap/slapd.conf: line 17: keyword <modulepath> ignored line 18 (moduleload back_bdb.la) /private/etc/openldap/slapd.conf: line 18: keyword <moduleload> ignored line 55 (database bdb) bdb_db_init: Initializing BDB database line 56 (suffix "dc=example,dc=com")
dnPrettyNormal: <dc=example,dc=com>
=> ldap_bv2dn(dc=example,dc=com,0) <= ldap_bv2dn(dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=example,dc=com)=0 <<< dnPrettyNormal: <dc=example,dc=com>, <dc=example,dc=com> line 57 (rootdn "cn=Manager,dc=example,dc=com")
dnPrettyNormal: <cn=Manager,dc=example,dc=com>
=> ldap_bv2dn(cn=Manager,dc=example,dc=com,0) <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com> line 61 (rootpw ***) line 65 (directory /private/var/db/openldap/openldap-data) line 67 (index objectClass eq) index objectClass 0x0004
dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0) <= ldap_bv2dn(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 <<< dnNormalize: <cn=subschema> matching_rule_use_init 1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) ) 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) ) 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ krbName $ dc $ associatedDomain $ email ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ krbName $ dc $ associatedDomain $ email ) ) 2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME 'certificateMatch' APPLIES ( userCertificate $ cACertificate ) ) 2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) ) 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) ) 2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) ) 2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $ reqStart $ reqEnd $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime ) ) 2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation ) 2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember ) 2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) 2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES telephoneNumber ) 2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ reqControls $ reqRespControls $ reqMod $ reqOld $ reqData $ pwdHistory $ queryid ) ) 2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) 2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog ) ) 2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcAccessLogSuccess $ reqDeleteOldRDN $ reqAttrsOnly $ pwdReset $ olcSpNoPresent $ olcSpReloadHint ) ) 2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) ) 2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) ) 2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ authAuthority $ dNSHostName $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcTLSCertificatePassphraseTool $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcDIRange $ olcDIGUIDGen $ olcDIOwnerGUIDGen $ olcDIOverride $ olcExpandAttribute $ olcDLattrSet $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ mail ) ) 2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ authAuthority $ dNSHostName $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcTLSCertificatePassphraseTool $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcDIRange $ olcDIGUIDGen $ olcDIOwnerGUIDGen $ olcDIOverride $ olcExpandAttribute $ olcDLattrSet $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ mail ) ) 1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1(distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcAccessLogDB $ reqDN $ reqAuthzID $ reqNewRDN $ reqNewSuperior $ pwdPolicySubentry $ errMatchedDN $ member $ owner $ roleOccupant ) ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) slapd startup: initiated. backend_startup_one: starting "cn=config" config_back_db_open config_build_entry: "cn=config" config_build_entry: "cn=include{0}" config_build_entry: "cn=schema" config_build_entry: "cn={0}core" config_build_entry: "olcDatabase={-1}frontend" config_build_entry: "olcDatabase={0}config" config_build_entry: "olcDatabase={1}bdb" backend_startup_one: starting "dc=example,dc=com" bdb_db_open: dc=example,dc=com bdb_db_open: Warning - No DB_CONFIG file found in directory /private/var/db/openldap/openldap-data: (2) Expect poor performance for suffix dc=example,dc=com. bdb_db_open: dbenv_open(/private/var/db/openldap/openldap-data) slapd starting daemon: added 4r daemon: added 6r daemon: added 7r daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL
On Dec 21, 2007 2:37 PM, Gavin Henry ghenry@suretecsystems.com wrote:
The first 50 lines of startup, before you try to do anything ;-)
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
<quote who="Jonathan Wage"> > Starting with: > > sudo ./slapd -d -1 -f /private/etc/openldap/slapd.conf > > Produces this: > > daemon: activity on 1 descriptor > daemon: listen=7, new connection on 12 > daemon: added 12r > conn=1 fd=12 ACCEPT from IP=127.0.0.1:64694 (IP=0.0.0.0:389) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptor > daemon: activity on: 12r > daemon: read activity on 12 > connection_get(12) > connection_get(12): got connid=1 > connection_read(12): checking for input on id=1 > ber_get_next > ldap_read: want=8, got=8 > 0000: 30 2e 02 01 01 60 29 02 > 0....`). > ldap_read: want=40, got=40 > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 > ....cn=Manager,d > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d > c=example,dc=com > 0020: 80 06 73 65 63 72 65 74 > ..secret > ber_get_next: tag 0x30 len 46 contents: > ber_dump: buf=0x00345680 ptr=0x00345680 end=0x003456ae len=46 > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e > ...`).....cn=Man > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c > ager,dc=example, > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 > dc=com..secret > ber_get_next > ldap_read: want=8 error=Resource temporarily unavailable > ber_get_next on fd 12 failed errno=35 (Resource temporarily unavailable) > do_bind > ber_scanf fmt ({imt) ber: > ber_dump: buf=0x00345680 ptr=0x00345683 end=0x003456ae len=43 > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 > `).....cn=Manage > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d > r,dc=example,dc= > 0020: 63 6f 6d 80 06 73 65 63 72 65 74 > com..secret > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > ber_scanf fmt (m}) ber: > ber_dump: buf=0x00345680 ptr=0x003456a6 end=0x003456ae len=8 > 0000: 00 06 73 65 63 72 65 74 > ..secret >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0) > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, > <cn=manager,dc=example,dc=com> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com > bdb_dn2entry("cn=manager,dc=example,dc=com") > => bdb_dn2id("dc=example,dc=com") > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found > (-30990) > send_ldap_result: conn=1 op=0 p=3 > send_ldap_result: err=49 matched="" text="" > send_ldap_response: msgid=1 tag=97 err=49 > ber_flush: 14 bytes to sd 12 > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 > 0....a...1.... > ldap_write: want=14, written=14 > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 > 0....a...1.... > conn=1 op=0 RESULT tag=97 err=49 text= > daemon: activity on 1 descriptor > daemon: activity on: 12r > daemon: read activity on 12 > connection_get(12) > connection_get(12): got connid=1 > connection_read(12): checking for input on id=1 > ber_get_next > ldap_read: want=8, got=0 > > ber_get_next on fd 12 failed errno=0 (Undefined error: 0) > connection_read(12): input error=-2 id=1, closing. > connection_closing: readying conn=1 sd=12 for close > connection_close: conn=1 sd=12 > daemon: removing 12 > conn=1 fd=12 closed (connection lost) > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptor > daemon: waked > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > > > On Dec 21, 2007 2:09 PM, Gavin Henry <ghenry@suretecsystems.com> wrote: > >> <quote who="Jonathan Wage"> >> > Uncommented and restarted ldap with the following command: >> > >> > sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf >> >> Can you start up with -d -1 and just paste the first say 50 lines. >> >> and CC your reply to openldap-software@openldap.org >> >> > >> > Then when I run this command: >> > >> > sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif >> > >> > I get this in the screen with slapd running: >> > >> > conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389) >> > conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 >> > conn=0 op=0 RESULT tag=97 err=49 text= >> > conn=0 fd=12 closed (connection lost) >> > >> > The error code translates to incorrect DN or password. >> > >> > - Jon >> > >> > On Dec 21, 2007 1:52 PM, Gavin Henry <ghenry@suretecsystems.com> >> wrote: >> > >> >> Uncommment: >> >> >> >> # modulepath /usr/libexec/openldap >> >> # moduleload back_bdb.la >> >> >> >> -- >> >> Kind Regards, >> >> >> >> Gavin Henry. >> >> Managing Director. >> >> >> >> T +44 (0) 1224 279484 >> >> M +44 (0) 7930 323266 >> >> F +44 (0) 1224 824887 >> >> E ghenry@suretecsystems.com >> >> >> >> Open Source. Open Solutions(tm). >> >> >> >> http://www.suretecsystems.com/ >> >> >> >> <quote who="Jonathan Wage"> >> >> > When I start slapd like you said above I am able to see the logs. I >> >> then >> >> > run >> >> > the same command where I get the invalid credentials and I get the >> >> > following: >> >> > >> >> > ------------------ >> >> > >> >> > daemon: activity on 1 descriptor >> >> > daemon: listen=7, new connection on 13 >> >> > daemon: added 13r >> >> > conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389) >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> >> > daemon: activity on 1 descriptor >> >> > daemon: activity on: 13r >> >> > daemon: read activity on 13 >> >> > connection_get(13) >> >> > connection_get(13): got connid=1 >> >> > connection_read(13): checking for input on id=1 >> >> > ber_get_next >> >> > ldap_read: want=8, got=8 >> >> > 0000: 30 2e 02 01 01 60 29 02 >> >> > 0....`). >> >> > ldap_read: want=40, got=40 >> >> > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 >> >> > ....cn=Manager,d >> >> > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d >> >> > c=example,dc=com >> >> > 0020: 80 06 73 65 63 72 65 74 >> >> > ..secret >> >> > ber_get_next: tag 0x30 len 46 contents: >> >> > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46 >> >> > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e >> >> > ...`).....cn=Man >> >> > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c >> >> > ager,dc=example, >> >> > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 >> >> > dc=com..secret >> >> > ber_get_next >> >> > ldap_read: want=8 error=Resource temporarily unavailable >> >> > ber_get_next on fd 13 failed errno=35 (Resource temporarily >> >> unavailable) >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> >> > do_bind >> >> > ber_scanf fmt ({imt) ber: >> >> > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43 >> >> > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 >> >> > `).....cn=Manage >> >> > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d >> >> > r,dc=example,dc= >> >> > 0020: 63 6f 6d 80 06 73 65 63 72 65 74 >> >> > com..secret >> >> > ber_scanf fmt (m}) ber: >> >> > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8 >> >> > 0000: 00 06 73 65 63 72 65 74 >> >> > ..secret >> >> >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> >> >> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0) >> >> > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 >> >> > => ldap_dn2bv(272) >> >> > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 >> >> > => ldap_dn2bv(272) >> >> > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 >> >> > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, >> >> > <cn=manager,dc=example,dc=com> >> >> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 >> >> > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 >> >> > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com >> >> > bdb_dn2entry("cn=manager,dc=example,dc=com") >> >> > => bdb_dn2id("dc=example,dc=com") >> >> > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair >> found >> >> > (-30990) >> >> > send_ldap_result: conn=1 op=0 p=3 >> >> > send_ldap_result: err=49 matched="" text="" >> >> > send_ldap_response: msgid=1 tag=97 err=49 >> >> > ber_flush: 14 bytes to sd 13 >> >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 >> >> > 0....a...1.... >> >> > ldap_write: want=14, written=14 >> >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 >> >> > 0....a...1.... >> >> > conn=1 op=0 RESULT tag=97 err=49 text= >> >> > daemon: activity on 1 descriptor >> >> > daemon: activity on: 13r >> >> > daemon: read activity on 13 >> >> > connection_get(13) >> >> > connection_get(13): got connid=1 >> >> > connection_read(13): checking for input on id=1 >> >> > ber_get_next >> >> > ldap_read: want=8, got=0 >> >> > >> >> > ber_get_next on fd 13 failed errno=0 (Undefined error: 0) >> >> > connection_read(13): input error=-2 id=1, closing. >> >> > connection_closing: readying conn=1 sd=13 for close >> >> > connection_close: deferring conn=1 sd=13 >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> >> > daemon: activity on 1 descriptor >> >> > daemon: waked >> >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> >> > connection_resched: attempting closing conn=1 sd=13 >> >> > connection_close: conn=1 sd=13 >> >> > daemon: removing 13 >> >> > conn=1 fd=13 closed (connection lost) >> >> > >> >> > - Jon >> >> > >> >> > On Dec 21, 2007 10:54 AM, Gavin Henry <ghenry@suretecsystems.com> >> >> wrote: >> >> > >> >> >> <quote who="Jonathan Wage"> >> >> >> > Here is my slapd.conf >> >> >> > >> >> >> > # >> >> >> > # See slapd.conf(5) for details on configuration options. >> >> >> > # This file should NOT be world readable. >> >> >> > # >> >> >> > include /private/etc/openldap/schema/core.schema >> >> >> > >> >> >> > # Define global ACLs to disable default read access. >> >> >> > >> >> >> > # Do not enable referrals until AFTER you have a working >> directory >> >> >> > # service AND an understanding of referrals. >> >> >> > #referral ldap://root.openldap.org >> >> >> > >> >> >> > pidfile /private/var/db/openldap/run/slapd.pid >> >> >> > argsfile /private/var/db/openldap/run/slapd.args >> >> >> > >> >> >> > # Load dynamic backend modules: >> >> >> > # modulepath /usr/libexec/openldap >> >> >> > # moduleload back_bdb.la >> >> >> > # moduleload back_ldap.la >> >> >> > # moduleload back_ldbm.la >> >> >> > # moduleload back_passwd.la >> >> >> > # moduleload back_shell.la >> >> >> > >> >> >> > # Sample security restrictions >> >> >> > # Require integrity protection (prevent hijacking) >> >> >> > # Require 112-bit (3DES or better) encryption for updates >> >> >> > # Require 63-bit encryption for simple bind >> >> >> > # security ssf=1 update_ssf=112 simple_bind=64 >> >> >> > >> >> >> > # Sample access control policy: >> >> >> > # Root DSE: allow anyone to read it >> >> >> > # Subschema (sub)entry DSE: allow anyone to read it >> >> >> > # Other DSEs: >> >> >> > # Allow self write access >> >> >> > # Allow authenticated users read access >> >> >> > # Allow anonymous users to authenticate >> >> >> > # Directives needed to implement policy: >> >> >> > # access to dn.base="" by * read >> >> >> > # access to dn.base="cn=Subschema" by * read >> >> >> > # access to * >> >> >> > # by self write >> >> >> > # by users read >> >> >> > # by anonymous auth >> >> >> > # >> >> >> > # if no access controls are present, the default policy >> >> >> > # allows anyone and everyone to read anything but restricts >> >> >> > # updates to rootdn. (e.g., "access to * by * read") >> >> >> > # >> >> >> > # rootdn can always read and write EVERYTHING! >> >> >> > >> >> >> > >> >> ####################################################################### >> >> >> > # BDB database definitions >> >> >> > >> >> ####################################################################### >> >> >> > >> >> >> > database bdb >> >> >> > suffix "dc=example,dc=com" >> >> >> > rootdn "cn=Manager,dc=example,dc=com" >> >> >> > # Cleartext passwords, especially for the rootdn, should >> >> >> > # be avoid. See slappasswd(8) and slapd.conf(5) for details. >> >> >> > # Use of strong authentication encouraged. >> >> >> > rootpw secret >> >> >> > # The database directory MUST exist prior to running slapd AND >> >> >> > # should only be accessible by the slapd and slap tools. >> >> >> > # Mode 700 recommended. >> >> >> > directory /private/var/db/openldap/openldap-data >> >> >> > # Indices to maintain >> >> >> > index objectClass eq >> >> >> > >> >> >> > >> >> >> > Which logs are you referring to? The openldap log? >> >> >> >> >> >> Start slapd by hand with -d -1 >> >> >> >> >> >> and then bind via ldapsearch. >> >> >> >> >> >> >> >> >> >> >> > >> >> > >> >> > -- >> >> > Jonathan Wage >> >> > http://www.jwage.com >> >> > http://www.centresource.com >> >> > >> >> >> >> >> > >> > >> > -- >> > Jonathan Wage >> > http://www.jwage.com >> > http://www.centresource.com >> > >> >> > > > -- > Jonathan Wage > http://www.jwage.com > http://www.centresource.com >
openldap-software@openldap.org