I have a back-sql portion of my ldap tree, I can search within the back-sql part of the tree (and within the ldbm), but searches do not cross from the ldbm tree into the back-sql part of the tree.
Should I make a referal in the ldbm tree at the point the back-sql tree is mounted, or is there a better way to do this?
Regarrds,
Rob
Robert Brooks wrote:
I have a back-sql portion of my ldap tree, I can search within the back-sql part of the tree (and within the ldbm), but searches do not cross from the ldbm tree into the back-sql part of the tree.
Should I make a referal in the ldbm tree at the point the back-sql tree is mounted, or is there a better way to do this?
Look at the "subordinate" directive in slapd.conf(5) to glue trees together.
p.
I have next set of software:
OS - FreeBSD-6.2-STABLE OpenLDAP - 2.3.34 and working config from other server. And i have 100% unsuccessfully result. :(
loglevel -1 - has not given the infornation. Slapd - die silent. :(
loglevel -1 - has not given the infornation. Slapd - die silent. :(
loglevel in slapd.conf goes to syslog. It needs to be enabled with something like # OpenLDAP local4.* /var/log/openldap.log in /etc/syslog.conf. (After that change, restart syslogd with kill -HUP).
However, for testing you can intead just do slapd -h ldap://localhost:3890/ -d -1 Does the end of that output say something useful?
On Thu, Mar 01, 2007 at 04:56:36PM +0100, Hallvard B Furuseth wrote:
loglevel -1 - has not given the infornation. Slapd - die silent. :(loglevel in slapd.conf goes to syslog. It needs to be enabled with something like
Sorry - i was expressed incorrectly. debug.log write successeful - but i not found any intelligent information. :( Full absence of symptoms.
# OpenLDAP local4.* /var/log/openldap.login /etc/syslog.conf. (After that change, restart syslogd with kill -HUP).
However, for testing you can intead just do slapd -h ldap://localhost:3890/ -d -1 Does the end of that output say something useful?
Heh - l have like this: --------------------------------------------------------------------------- Mar 1 18:08:44 attacker slapd[1615]: @(#) $OpenLDAP: slapd 2.3.34 (Mar 1 2007 11:48:34) $ paul@attacker.dgb.local:/usr/ports/net/openldap23-server/work/openldap-2.3.34/servers/slapd Mar 1 18:08:44 attacker slapd[1615]: >>> dnNormalize: <cn=Subschema> Mar 1 18:08:44 attacker slapd[1615]: <<< dnNormalize: <cn=subschema> Mar 1 18:08:44 attacker slapd[1615]: matching_rule_use_init Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.804 (integerBitOrMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.803 (integerBitAndMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email ) ) Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.35 (certificateMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.35 NAME 'certificateMatch' APPLIES ( userCertificate $ cACertificate ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.34 (certificateExactMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.30 (objectIdentifierFirstComponentMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.29 (integerFirstComponentMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.27 (generalizedTimeMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.24 (protocolInformationMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.23 (uniqueMemberMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.22 (presentationAddressMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.20 (telephoneNumberMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES telephoneNumber ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.17 (octetStringMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES userPassword ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.16 (bitStringMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.14 (integerMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.13 (booleanMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $ olcReverseLookup $ olcSpNoPresent $ olcSpReloadHint $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.11 (caseIgnoreListMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.8 (numericStringMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.7 (caseExactSubstringsMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.6 (caseExactOrderingMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.5 (caseExactMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLS! CertificateFile $ olcTLSCertificateKeyF Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.4 (caseIgnoreSubstringsMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.3 (caseIgnoreOrderingMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.2 (caseIgnoreMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTL! SCertificateFile $ olcTLSCertificateKey Mar 1 18:08:44 attacker slapd[1615]: 1.2.36.79672281.1.13.3 (rdnMatch): Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.1 (distinguishedNameMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner $ roleOccupant ) ) Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.0 (objectIdentifierMatch): Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) Mar 1 18:08:44 attacker slapd[1616]: slapd startup: initiated. Mar 1 18:08:44 attacker slapd[1616]: backend_startup_one: starting "cn=config" Mar 1 18:08:44 attacker slapd[1616]: config_back_db_open Mar 1 18:08:44 attacker slapd[1616]: config_build_entry: "cn=config"
-----------------------------------------------------------------------------
-- Regards, Hallvard
On Thu, Mar 01, 2007 at 02:15:08PM +0200, Paul Shevtsov wrote:
I have next set of software: OS - FreeBSD-6.2-STABLE OpenLDAP - 2.3.34 and working config from other server.And i have 100% unsuccessfully result. :(
loglevel -1 - has not given the infornation. Slapd - die silent. :(
check access right to databases. It must be drwxr-xr-x 2 ldap ldap
Try loglevel config
Are you have created directories for databases? Are you have root object for DIT's (you can make it with slapadd)? If you copy databases from other server, is it builded with same dbXX backend?
Also try truss(1) and ktrace(1)+kdump(1)
WBR
openldap-software@openldap.org
-
Dmitriy Kirhlarov -
Hallvard B Furuseth -
Paul Shevtsov -
Pierangelo Masarati -
Robert Brooks