Re: Logging bind password - openldap-software

14 Oct 2008


      ----- "Alfonsas Stonis" alfonsasstonis@gmail.com wrote:
...
Hi,
Is there any way to log password that was used during bind?
I tried adding option
loglevel 18446744073709551615
where did you find that documented?  Since the log level is a mask, I doubt adding digits can help to any extent.
...
and many other options. Nothing helps. I get the following output
(without password)
Oct 14 10:56:47 dr slapd[28331]: daemon: read activity on 12
Oct 14 10:56:47 dr slapd[28331]: connection_get(12)
Oct 14 10:56:47 dr slapd[28331]: connection_get(12): got connid=2
Oct 14 10:56:47 dr slapd[28331]: connection_read(12): checking for
input on id=2
Oct 14 10:56:47 dr slapd[28331]: ber_get_next on fd 12 failed
errno=11
(Resource temporarily unavailable)
Oct 14 10:56:47 dr slapd[28331]: daemon: select: listen=6
active_threads=0 tvp=NULL
Oct 14 10:56:47 dr slapd[28331]: daemon: select: listen=7
active_threads=0 tvp=NULL
Oct 14 10:56:47 dr slapd[28331]: do_bind
Oct 14 10:56:47 dr slapd[28331]: >>> dnPrettyNormal:
<cn=jbaker007,ou=users,o=arhub>
Oct 14 10:56:47 dr slapd[28331]: <<< dnPrettyNormal:
<cn=jbaker007,ou=users,o=arhub>, <cn=jbaker007,ou=users,o=arhub>
Oct 14 10:56:47 dr slapd[28331]: do_bind: version=3
dn="cn=jbaker007,ou=users,o=arhub" method=128
Oct 14 10:56:47 dr slapd[28331]: conn=2 op=0 BIND
dn="cn=jbaker007,ou=users,o=arhub" method=128
Oct 14 10:56:47 dr slapd[28331]: ==> bdb_bind: dn:
cn=jbaker007,ou=users,o=arhub
Oct 14 10:56:47 dr slapd[28331]:
bdb_dn2entry("cn=jbaker007,ou=users,o=arhub")
Oct 14 10:56:47 dr slapd[28331]: => access_allowed: auth access to
"cn=jbaker007,ou=users,o=arhub" "userPassword" requested
Oct 14 10:56:47 dr slapd[28331]: => acl_get: [1] attr userPassword
Oct 14 10:56:47 dr slapd[28331]: => acl_mask: access to entry
"cn=jbaker007,ou=users,o=arhub", attr "userPassword" requested
Oct 14 10:56:47 dr slapd[28331]: => acl_mask: to all values by "",
(=n)
Oct 14 10:56:47 dr slapd[28331]: <= check a_dn_pat: ou=rba,o=arhub
Oct 14 10:56:47 dr slapd[28331]: <= check a_dn_pat: self
Oct 14 10:56:47 dr slapd[28331]: <= check a_dn_pat: *
Oct 14 10:56:47 dr slapd[28331]: <= acl_mask: [3] applying auth(=x)
(stop)
Oct 14 10:56:47 dr slapd[28331]: <= acl_mask: [3] mask: auth(=x)
Oct 14 10:56:47 dr slapd[28331]: => access_allowed: auth access
granted by auth(=x)
Oct 14 10:56:47 dr slapd[28331]: send_ldap_result: conn=2 op=0 p=3
Oct 14 10:56:47 dr slapd[28331]: send_ldap_result: err=49 matched=""
text=""
Oct 14 10:56:47 dr slapd[28331]: send_ldap_response: msgid=1 tag=97
err=49
Oct 14 10:56:47 dr slapd[28331]: conn=2 op=0 RESULT tag=97 err=49
text=
Oct 14 10:56:47 dr slapd[28331]: daemon: activity on 1 descriptors
Oct 14 10:56:47 dr slapd[28331]: daemon: activity on:
The problem is that I know that I have correct password but ldap
keeps
rejecting it. So, I need to test maybe application is somehow
changing
it, but I can not see it.
Can someone help me?
Try "packets"; you'll get something like
slapd starting
ldap_read: want=8, got=8
  0000:  30 2e 02 01 01 60 29 02                            0....`).          
ldap_read: want=40, got=40
  0000:  01 03 04 1c 63 6e 3d 6d  61 6e 61 67 65 72 2c 64   ....cn=manager,d  
  0010:  63 3d 65 78 61 6d 70 6c  65 2c 64 63 3d 63 6f 6d   c=example,dc=com  
  0020:  80 06 73 65 63 72 65 74                            ..secret          
ldap_read: want=8 error=Resource temporarily unavailable
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------