4:04 a.m.
I have a back-sql portion of my ldap tree, I can search within the
back-sql part of the tree (and within the ldbm), but searches do not
cross from the ldbm tree into the back-sql part of the tree.
Should I make a referal in the ldbm tree at the point the back-sql tree
is mounted, or is there a better way to do this?
Regarrds,
Rob
7:48 a.m.
Robert Brooks wrote:
I have a back-sql portion of my ldap tree, I can search within the
back-sql part of the tree (and within the ldbm), but searches do not
cross from the ldbm tree into the back-sql part of the tree.
Should I make a referal in the ldbm tree at the point the back-sql tree
is mounted, or is there a better way to do this?
Look at the "subordinate" directive in slapd.conf(5) to glue trees together.
p.
4:15 a.m.
New subject: Help me. Slapd die.
I have next set of software:
OS - FreeBSD-6.2-STABLE
OpenLDAP - 2.3.34 and working config from other server.
And i have 100% unsuccessfully result. :(
loglevel -1 - has not given the infornation.
Slapd - die silent. :(
--
Paul Shevtsov <> 380-62-3327312
<Dongorbank> <> paul(a)dongorbank.com
7:56 a.m.
New subject: Help me. Slapd die.
loglevel -1 - has not given the infornation.
Slapd - die silent. :(
loglevel in slapd.conf goes to syslog. It needs to be enabled
with something like
# OpenLDAP local4.* /var/log/openldap.log
in /etc/syslog.conf. (After that change, restart syslogd with kill
-HUP).
However, for testing you can intead just do
slapd -h ldap://localhost:3890/ -d -1
Does the end of that output say something useful?
--
Regards,
Hallvard
8:11 a.m.
New subject: Help me. Slapd die.
On Thu, Mar 01, 2007 at 04:56:36PM +0100, Hallvard B Furuseth wrote:
> loglevel -1 - has not given the infornation.
> Slapd - die silent. :(
loglevel in slapd.conf goes to syslog. It needs to be enabled
with something like
Sorry - i was expressed incorrectly.
debug.log write successeful - but i not found
any intelligent information. :(
Full absence of symptoms.
# OpenLDAP local4.* /var/log/openldap.log
in /etc/syslog.conf. (After that change, restart syslogd with kill
-HUP).
However, for testing you can intead just do
slapd -h ldap://localhost:3890/ -d -1
Does the end of that output say something useful?
Heh - l have like this:
---------------------------------------------------------------------------
Mar 1 18:08:44 attacker slapd[1615]: @(#) $OpenLDAP: slapd 2.3.34 (Mar 1 2007 11:48:34)
$
paul@attacker.dgb.local:/usr/ports/net/openldap23-server/work/openldap-2.3.34/servers/slapd
Mar 1 18:08:44 attacker slapd[1615]: >>> dnNormalize: <cn=Subschema>
Mar 1 18:08:44 attacker slapd[1615]: <<< dnNormalize: <cn=subschema>
Mar 1 18:08:44 attacker slapd[1615]: matching_rule_use_init
Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.804 (integerBitOrMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME
'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 1.2.840.113556.1.4.803 (integerBitAndMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME
'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME
'caseIgnoreIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email )
)
Mar 1 18:08:44 attacker slapd[1615]: 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME
'caseExactIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email )
)
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.35 (certificateMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.34 (certificateExactMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.30 (objectIdentifierFirstComponentMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.30 NAME
'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $
supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.29 (integerFirstComponentMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.29 NAME
'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $
gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.27 (generalizedTimeMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.24 (protocolInformationMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.23 (uniqueMemberMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.22 (presentationAddressMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.20 (telephoneNumberMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES telephoneNumber )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.17 (octetStringMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.16 (bitStringMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.14 (integerMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $
olcDbSearchStack $ olcDbShmKey ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.13 (booleanMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly
$ olcReverseLookup $ olcSpNoPresent $ olcSpReloadHint $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.11 (caseIgnoreListMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.8 (numericStringMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.7 (caseExactSubstringsMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.6 (caseExactOrderingMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.5 (caseExactMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $
ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $
olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $
olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $
olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLS!
CertificateFile $ olcTLSCertificateKeyF
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.4 (caseIgnoreSubstringsMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.3 (caseIgnoreOrderingMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.2 (caseIgnoreMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $
ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $
olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $
olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $
olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTL!
SCertificateFile $ olcTLSCertificateKey
Mar 1 18:08:44 attacker slapd[1615]: 1.2.36.79672281.1.13.3 (rdnMatch):
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.1 (distinguishedNameMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $
olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner
$ roleOccupant ) )
Mar 1 18:08:44 attacker slapd[1615]: 2.5.13.0 (objectIdentifierMatch):
Mar 1 18:08:44 attacker slapd[1615]: matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
Mar 1 18:08:44 attacker slapd[1616]: slapd startup: initiated.
Mar 1 18:08:44 attacker slapd[1616]: backend_startup_one: starting "cn=config"
Mar 1 18:08:44 attacker slapd[1616]: config_back_db_open
Mar 1 18:08:44 attacker slapd[1616]: config_build_entry: "cn=config"
-----------------------------------------------------------------------------
--
Regards,
Hallvard
--
Paul Shevtsov <> 380-62-3327312
<Dongorbank> <> paul(a)dongorbank.com
8:08 a.m.
New subject: Help me. Slapd die.
On Thu, Mar 01, 2007 at 02:15:08PM +0200, Paul Shevtsov wrote:
I have next set of software:
OS - FreeBSD-6.2-STABLE
OpenLDAP - 2.3.34 and working config from other server.
And i have 100% unsuccessfully result. :(
loglevel -1 - has not given the infornation.
Slapd - die silent. :(
check access right to databases. It must be
drwxr-xr-x 2 ldap ldap
Try
loglevel config
Are you have created directories for databases?
Are you have root object for DIT's (you can make it with slapadd)?
If you copy databases from other server, is it builded with same dbXX
backend?
Also try truss(1) and ktrace(1)+kdump(1)
WBR
--
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7245 ext.208 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
Building Successful Supply Chains - One Solution At A Time.
www.oilspace.com
5073
days inactive
5115
days old
openldap-software@openldap.org
5 comments
5 participants
participants (5)
-
Dmitriy Kirhlarov -
Hallvard B Furuseth -
Paul Shevtsov -
Pierangelo Masarati -
Robert Brooks