On Thu, Mar 01, 2007 at 04:56:36PM +0100, Hallvard B Furuseth wrote:
> loglevel -1 - has not given the infornation.
> Slapd - die silent. :(
loglevel in slapd.conf goes to syslog. It needs to be enabled
with something like
Sorry - i was expressed incorrectly.
debug.log write successeful - but i not found
any intelligent information. :(
Full absence of symptoms.
# OpenLDAP local4.* /var/log/openldap.log
in /etc/syslog.conf. (After that change, restart syslogd with kill
-HUP).
However, for testing you can intead just do
slapd -h ldap://localhost:3890/ -d -1
Does the end of that output say something useful?
Heh - l have like this:
---------------------------------------------------------------------------
Mar 1 18:08:44 attacker slapd[1615]: @(#) $OpenLDAP: slapd 2.3.34 (Mar 1 2007 11:48:34)
$
paul@attacker.dgb.local:/usr/ports/net/openldap23-server/work/openldap-2.3.34/servers/slapd
Mar 1 18:08:44 attacker slapd[1615]: >>> dnNormalize: <cn=Subschema>
Mar 1 18:08:44 attacker slapd[1615]: <<< dnNormalize: <cn=subschema>
Mar 1 18:08:44 attacker slapd[1615]: matching_rule_use_init
Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.804 (integerBitOrMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME
'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.803 (integerBitAndMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME
'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME
'caseIgnoreIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email )
)
Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME
'caseExactIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email )
)
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.35 (certificateMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.34 (certificateExactMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.30 (objectIdentifierFirstComponentMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.30 NAME
'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $
supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.29 (integerFirstComponentMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.29 NAME
'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $
gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.27 (generalizedTimeMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.24 (protocolInformationMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.23 (uniqueMemberMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.22 (presentationAddressMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.20 (telephoneNumberMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES telephoneNumber )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.17 (octetStringMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.16 (bitStringMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.14 (integerMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.13 (booleanMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly
$ olcReverseLookup $ olcSpNoPresent $ olcSpReloadHint $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.11 (caseIgnoreListMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.8 (numericStringMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.7 (caseExactSubstringsMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.6 (caseExactOrderingMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.5 (caseExactMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $
ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $
olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $
olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $
olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLS!
CertificateFile $ olcTLSCertificateKeyF
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.4 (caseIgnoreSubstringsMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.3 (caseIgnoreOrderingMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.2 (caseIgnoreMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $
ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $
olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $
olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $
olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTL!
SCertificateFile $ olcTLSCertificateKey
Mar 1 18:08:44 attacker slapd[1615]: 1.2.36.79672281.1.13.3 (rdnMatch):
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.1 (distinguishedNameMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $
olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner
$ roleOccupant ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.0 (objectIdentifierMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
Mar 1 18:08:44 attacker slapd[1616]: slapd startup: initiated.
Mar 1 18:08:44 attacker slapd[1616]: backend_startup_one: starting "cn=config"
Mar 1 18:08:44 attacker slapd[1616]: config_back_db_open
Mar 1 18:08:44 attacker slapd[1616]: config_build_entry: "cn=config"
-----------------------------------------------------------------------------
--
Regards,
Hallvard
--
Paul Shevtsov <> 380-62-3327312
<Dongorbank> <> paul(a)dongorbank.com