newbie question: which objectClass?
by Stefano Zanmarchi
Hi,
I'd like to set up a minimal ldap server just for authentication
(bind) purposes.
No attributes need to be stored apart from uid and userPassword.
I'd like to insert entries like
dn: uid=john.smith(a)myorg.com,ou=people,dc=myorg,dc=com
objectClass: ?????
uid: john.smith(a)myorg.com
userPassword: secret
(If I use objectClass: inetOrgPerson I need to enter cn and sn as
well, which I don't wont)
Can I achieve this?
Thanks a lot,
Stefano
12 years, 10 months
Authenticating from MacOS X 10.5.3 to OpenLDAP
by Jason Keltz
I have spent 2+ days trying to get a MacOS 10.5.3 machine configured to
authenticate against a basic openldap 2.4.10 server with SSL on a Linux
box - no SASL, no kerberos - I was hoping it would be trivial, and from
the looks of all the postings around on the web, it should be. I know
I'm doing the right things, yet I must be missing one minor detail.
I did the initial openldap setup, and within a very short time, I was
able to authenticate the MacOS box against the Linux box NON-SSSL
without any trouble. When I enable SSL on the Mac, I can use ldapsearch
to probe the whole ldaps:// server without any trouble at all. On the
Mac, I can verify the SSL certificate:
openssl s_client -connect server:636 -CApath /certs
(I've created the proper hash files for the parts of the CA path)
and I can see:
.
.
Verify return code: 0 (ok)
In the /etc/openldap/ldap.conf on the MAC, I have:
TLS_REQCERT demand (MAC default)
TLS_CACERTDIR /certs
(Even if I change "TLS_REQCERT to never", it doesn't make any difference.)
When I'm in the "Directory Utility" and creating a new connection, I
click "Continue", then it hangs for a bit, and just comes back. The
connection doesn't work.
The slapd.config on the Linux side has all the correct TLS paths as well
(of course if it didn't, my ldapsearch -x queries wouldn't even work):
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificatePath /openssl/certs
TLSCertificateFile /openssl/certs/mycert.pem
TLSCertificateKeyFile /openssl/certs/mycert.pem
(The certificate and key are appended together in mycert.pem - that
seems to be allowed)
The certificate is a paid one - not a self-signed one.
Here's the openldap debug info that is printed while I'm waiting for
initialization of the connection ... I do see:
TLS: can't accept.
connection_read(14): TLS accept failure error=-1 id=0, closing
connection_closing: readying conn=0 sd=14 for close
... but I just don't understand why given that everything seems set up
properly. If it wasn't, why would the ldapsearch work!?
Thanks!
jas.
------ verbose openldap debugging output
connection_get(15)
connection_get(15): got connid=1
connection_read(15): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
tls_read: want=107, got=107
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
tls_write: want=4096, written=4096
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=723, written=723
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=1
connection_read(15): checking for input on id=1
tls_read: want=5, got=5
tls_read: want=134, got=134
TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5, got=5
tls_read: want=1, got=1
tls_read: want=5, got=5
tls_read: want=48, got=48
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=59, written=59
TLS trace: SSL_accept:SSLv3 flush data
connection_read(15): unable to get TLS client DN, error=49 id=1
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=1
connection_read(15): checking for input on id=1
ber_get_next
tls_read: want=5, got=5
tls_read: want=32, got=32
TLS trace: SSL3 alert read:warning:close notify
ldap_read: want=8, got=0
ber_get_next on fd 15 failed errno=0 (Success)
connection_read(15): input error=-2 id=1, closing.
connection_closing: readying conn=1 sd=15 for close
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_close: conn=1 sd=15
daemon: removing 15
tls_write: want=37, written=37
TLS trace: SSL3 alert write:warning:close notify
daemon: activity on 1 descriptor
daemon: activity on: 14r
daemon: read active on 14
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(14)
connection_get(14): got connid=0
connection_read(14): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0
TLS: can't accept.
connection_read(14): TLS accept failure error=-1 id=0, closing
connection_closing: readying conn=0 sd=14 for close
connection_close: conn=0 sd=14
daemon: removing 14
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 busy
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
>>> slap_listener(ldap:///)
daemon: listen=8, new connection on 14
daemon: added 14r (active) listener=(nil)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 busy
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
>>> slap_listener(ldap:///)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: listen=8, new connection on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: added 15r (active) listener=(nil)
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=3
connection_read(15): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=94, got=94
ber_get_next: tag 0x30 len 100 contents:
ber_dump: buf=0x82b9598 ptr=0x82b9598 end=0x82b95fc len=100
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=3 op=0 do_search
daemon: activity on 1 descriptor
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x82b9598 ptr=0x82b959b end=0x82b95fc len=97
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x82b9598 ptr=0x82b95ae end=0x82b95fc len=78
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82b9598 ptr=0x82b95bb end=0x82b95fc len=65
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
=> test_filter
=> access_allowed: search access to "" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 3 dn=""
=> access_allowed: read access to "" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "" "namingContexts" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 54 bytes to sd 15
ldap_write: want=54, written=54
<= send_search_entry: conn 3 exit.
send_ldap_result: conn=3 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=101 err=0
ber_flush2: 14 bytes to sd 15
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 14r
daemon: read active on 14
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(14)
connection_get(14): got connid=2
connection_read(14): checking for input on id=2
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 14 failed errno=0 (Success)
connection_read(14): input error=-2 id=2, closing.
connection_closing: readying conn=2 sd=14 for close
connection_close: conn=2 sd=14
daemon: removing 14
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=3
connection_read(15): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=50, got=50
ber_get_next: tag 0x30 len 56 contents:
ber_dump: buf=0x82cab08 ptr=0x82cab08 end=0x82cab40 len=56
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=3 op=1 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x82cab08 ptr=0x82cab0b end=0x82cab40 len=53
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0begin get_filter
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x82cab08 ptr=0x82cab1e end=0x82cab40 len=34
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82cab08 ptr=0x82cab2b end=0x82cab40 len=21
=> test_filter
=> access_allowed: search access to "" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 3 dn=""
=> access_allowed: read access to "" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "" "subschemaSubentry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "" "subschemaSubentry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 48 bytes to sd 15
ldap_write: want=48, written=48
<= send_search_entry: conn 3 exit.
send_ldap_result: conn=3 op=1 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=0
ber_flush2: 14 bytes to sd 15
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=3
connection_read(15): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=71, got=71
ber_get_next: tag 0x30 len 77 contents:
ber_dump: buf=0x82b9578 ptr=0x82b9578 end=0x82b95c5 len=77
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=3 op=2 do_search
ber_scanf fmt ({miiiib) ber:
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
ber_dump: buf=0x82b9578 ptr=0x82b957b end=0x82b95c5 len=74
>>> dnPrettyNormal: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
SRCH "cn=Subschema" 0 0begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x82b9578 ptr=0x82b959a end=0x82b95c5 len=43
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82b9578 ptr=0x82b95b4 end=0x82b95c5 len=17
=> test_filter
=> access_allowed: search access to "cn=Subschema" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 3 dn="cn=Subschema"
=> access_allowed: read access to "cn=Subschema" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 16753 bytes to sd 15
ldap_write: want=16753, written=13032
ldap_write: want=3721, written=3721
<= send_search_entry: conn 3 exit.
send_ldap_result: conn=3 op=2 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=3 tag=101 err=0
ber_flush2: 14 bytes to sd 15
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=3
connection_read(15): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=111, got=111
ber_get_next: tag 0x30 len 117 contents:
ber_dump: buf=0x82ba928 ptr=0x82ba928 end=0x82ba99d len=117
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
conn=3 op=3 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x82ba928 ptr=0x82ba92b end=0x82ba99d len=114
>>> dnPrettyNormal: <dc=cse,dc=yorku,dc=ca>
=> ldap_bv2dn(dc=cse,dc=yorku,dc=ca,0)
<= ldap_bv2dn(dc=cse,dc=yorku,dc=ca)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0
<<< dnPrettyNormal: <dc=cse,dc=yorku,dc=ca>, <dc=cse,dc=yorku,dc=ca>
SRCH "dc=cse,dc=yorku,dc=ca" 2 0begin get_filter
AND
begin get_filter_list
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x82ba928 ptr=0x82ba955 end=0x82ba99d len=72
end get_filter 0
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x82ba928 ptr=0x82ba978 end=0x82ba99d len=37
end get_filter 0
end get_filter_list
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82ba928 ptr=0x82ba98e end=0x82ba99d len=15
==> limits_get: conn=3 op=3 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("dc=cse,dc=yorku,dc=ca")
=> bdb_dn2id("dc=cse,dc=yorku,dc=ca")
<= bdb_dn2id: got id=0x1
entry_decode: "dc=cse,dc=yorku,dc=ca"
<= entry_decode(dc=cse,dc=yorku,dc=ca)
=> access_allowed: search access to "dc=cse,dc=yorku,dc=ca" "entry"
requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
search_candidates: base="dc=cse,dc=yorku,dc=ca" (0x00000001) scope=2
=> bdb_dn2idl("dc=cse,dc=yorku,dc=ca")
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
OR
=> bdb_list_candidates 0xa1
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [b49d1940]
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [9bee355f]
<= bdb_index_read 2 candidates
<= bdb_equality_candidates: id=2, first=3, last=4
<= bdb_filter_candidates: id=2 first=3 last=4
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (ou)
<= bdb_equality_candidates: (ou) not indexed
<= bdb_filter_candidates: id=-1 first=1 last=7
<= bdb_list_candidates: id=-1 first=3 last=4
<= bdb_filter_candidates: id=-1 first=3 last=4
<= bdb_list_candidates: id=-1 first=3 last=4
<= bdb_filter_candidates: id=-1 first=3 last=4
<= bdb_list_candidates: id=-1 first=3 last=4
<= bdb_filter_candidates: id=-1 first=3 last=4
bdb_search_candidates: id=-1 first=3 last=4
entry_decode: "ou=people,dc=cse,dc=yorku,dc=ca"
<= entry_decode(ou=people,dc=cse,dc=yorku,dc=ca)
=> bdb_dn2id("ou=people,dc=cse,dc=yorku,dc=ca")
<= bdb_dn2id: got id=0x3
=> test_filter
=> test_filter_and
=> test_filter
=> access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca"
"objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> test_filter
=> access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca"
"ou" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 5
<= test_filter_and 5
<= test_filter 5
bdb_search: 3 does not match filter
entry_decode: "ou=group,dc=cse,dc=yorku,dc=ca"
<= entry_decode(ou=group,dc=cse,dc=yorku,dc=ca)
=> bdb_dn2id("ou=group,dc=cse,dc=yorku,dc=ca")
<= bdb_dn2id: got id=0x4
=> test_filter
=> test_filter_and
=> test_filter
=> access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca"
"objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> test_filter
=> access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca"
"ou" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 5
<= test_filter_and 5
<= test_filter 5
bdb_search: 4 does not match filter
send_ldap_result: conn=3 op=3 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=4 tag=101 err=0
ber_flush2: 14 bytes to sd 15
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
connection_get(15)
connection_get(15): got connid=3
connection_read(15): checking for input on id=3
ber_get_next
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
ldap_read: want=8, got=8
ldap_read: want=42, got=42
ber_get_next: tag 0x30 len 48 contents:
ber_dump: buf=0x82cab08 ptr=0x82cab08 end=0x82cab38 len=48
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=3 op=4 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x82cab08 ptr=0x82cab0b end=0x82cab38 len=45
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x82cab08 ptr=0x82cab1e end=0x82cab38 len=26
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82cab08 ptr=0x82cab2b end=0x82cab38 len=13
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
=> test_filter
=> access_allowed: search access to "" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 3 dn=""
=> access_allowed: read access to "" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 11 bytes to sd 15
ldap_write: want=11, written=11
<= send_search_entry: conn 3 exit.
send_ldap_result: conn=3 op=4 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=5 tag=101 err=0
ber_flush2: 14 bytes to sd 15
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=3
connection_read(15): checking for input on id=3
ber_get_next
ldap_read: want=8, got=7
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x82caea0 ptr=0x82caea0 end=0x82caea5 len=5
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 15 failed errno=0 (Success)
connection_read(15): input error=-2 id=3, closing.
connection_closing: readying conn=3 sd=15 for close
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_close: deferring conn=3 sd=15
conn=3 op=5 do_unbind
connection_resched: attempting closing conn=3 sd=15
connection_close: conn=3 sd=15
daemon: removing 15
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(10):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 busy
>>> slap_listener(ldaps:///)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: listen=10, new connection on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: added 15r (active) listener=(nil)
daemon: activity on 2 descriptors
daemon: activity on:
slap_listener_activate(10):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 busy
>>> slap_listener(ldaps:///)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: listen=10, new connection on 16
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: added 16r (active) listener=(nil)
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16): got connid=5
connection_read(16): checking for input on id=5
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
tls_read: want=107, got=107
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
tls_write: want=4096, written=4096
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=723, written=723
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=5
connection_read(16): checking for input on id=5
tls_read: want=5, got=5
tls_read: want=134, got=134
TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5, got=5
tls_read: want=1, got=1
tls_read: want=5, got=5
tls_read: want=48, got=48
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=59, written=59
TLS trace: SSL_accept:SSLv3 flush data
connection_read(16): unable to get TLS client DN, error=49 id=5
daemon: activity on 2 descriptors
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=5
connection_read(16): checking for input on id=5
ber_get_next
tls_read: want=5, got=5
tls_read: want=32, got=32
TLS trace: SSL3 alert read:warning:close notify
ldap_read: want=8, got=0
ber_get_next on fd 16 failed errno=0 (Success)
connection_read(16): input error=-2 id=5, closing.
connection_closing: readying conn=5 sd=16 for close
connection_close: conn=5 sd=16
daemon: removing 16
tls_write: want=37, written=37
TLS trace: SSL3 alert write:warning:close notify
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(15)
connection_get(15): got connid=4
connection_read(15): checking for input on id=4
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0
TLS: can't accept.
connection_read(15): TLS accept failure error=-1 id=4, closing
connection_closing: readying conn=4 sd=15 for close
connection_close: conn=4 sd=15
daemon: removing 15
daemon: activity on 2 descriptors
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 busy
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
>>> slap_listener(ldap:///)
daemon: listen=8, new connection on 15
daemon: added 15r (active) listener=(nil)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 busy
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
>>> slap_listener(ldap:///)
daemon: listen=8, new connection on 16
daemon: activity on 1 descriptor
daemon: activity on:
daemon: added 16r (active) listener=(nil)
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 2 descriptors
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=94, got=94
ber_get_next: tag 0x30 len 100 contents:
ber_dump: buf=0x82bd918 ptr=0x82bd918 end=0x82bd97c len=100
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=7 op=0 do_search
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x82bd918 ptr=0x82bd91b end=0x82bd97c len=97
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x82bd918 ptr=0x82bd92e end=0x82bd97c len=78
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82bd918 ptr=0x82bd93b end=0x82bd97c len=65
=> test_filter
=> access_allowed: search access to "" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 7 dn=""
=> access_allowed: read access to "" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "" "namingContexts" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 54 bytes to sd 16
ldap_write: want=54, written=54
<= send_search_entry: conn 7 exit.
send_ldap_result: conn=7 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=101 err=0
ber_flush2: 14 bytes to sd 16
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(15)
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=50, got=50
ber_get_next: tag 0x30 len 56 contents:
connection_get(15): got connid=6
ber_dump: buf=0x82bbcd8 ptr=0x82bbcd8 end=0x82bbd10 len=56
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=7 op=1 do_search
ber_scanf fmt ({miiiib) ber:
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
ber_dump: buf=0x82bbcd8 ptr=0x82bbcdb end=0x82bbd10 len=53
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0connection_read(15): checking for input on id=6
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x82bbcd8 ptr=0x82bbcee end=0x82bbd10 len=34
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82bbcd8 ptr=0x82bbcfb end=0x82bbd10 len=21
=> test_filter
=> access_allowed: search access to "" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 7 dn=""
=> access_allowed: read access to "" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "" "subschemaSubentry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "" "subschemaSubentry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 48 bytes to sd 16
ldap_write: want=48, written=48
<= send_search_entry: conn 7 exit.
send_ldap_result: conn=7 op=1 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=0
ber_flush2: 14 bytes to sd 16
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=71, got=71
ber_get_next: tag 0x30 len 77 contents:
ber_dump: buf=0x82cb5b0 ptr=0x82cb5b0 end=0x82cb5fd len=77
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=7 op=2 do_search
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x82cb5b0 ptr=0x82cb5b3 end=0x82cb5fd len=74
>>> dnPrettyNormal: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
SRCH "cn=Subschema" 0 0begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x82cb5b0 ptr=0x82cb5d2 end=0x82cb5fd len=43
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_get_next
ber_dump: buf=0x82cb5b0 ptr=0x82cb5ec end=0x82cb5fd len=17
ldap_read: want=8, got=0
ber_get_next on fd 15 failed errno=0 (Success)
connection_read(15): input error=-2 id=6, closing.
connection_closing: readying conn=6 sd=15 for close
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_close: conn=6 sd=15
daemon: removing 15
=> test_filter
=> access_allowed: search access to "cn=Subschema" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 7 dn="cn=Subschema"
=> access_allowed: read access to "cn=Subschema" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
=> access_allowed: read access to "cn=Subschema" "objectClasses" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 16753 bytes to sd 16
ldap_write: want=16753, written=13032
ldap_write: want=3721, written=3721
<= send_search_entry: conn 7 exit.
send_ldap_result: conn=7 op=2 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=3 tag=101 err=0
ber_flush2: 14 bytes to sd 16
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=111, got=111
ber_get_next: tag 0x30 len 117 contents:
ber_dump: buf=0x82bedb8 ptr=0x82bedb8 end=0x82bee2d len=117
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=7 op=3 do_search
ber_scanf fmt ({miiiib) ber:
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
ber_dump: buf=0x82bedb8 ptr=0x82bedbb end=0x82bee2d len=114
>>> dnPrettyNormal: <dc=cse,dc=yorku,dc=ca>
=> ldap_bv2dn(dc=cse,dc=yorku,dc=ca,0)
<= ldap_bv2dn(dc=cse,dc=yorku,dc=ca)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0
<<< dnPrettyNormal: <dc=cse,dc=yorku,dc=ca>, <dc=cse,dc=yorku,dc=ca>
SRCH "dc=cse,dc=yorku,dc=ca" 2 0begin get_filter
AND
begin get_filter_list
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x82bedb8 ptr=0x82bede5 end=0x82bee2d len=72
end get_filter 0
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x82bedb8 ptr=0x82bee08 end=0x82bee2d len=37
end get_filter 0
end get_filter_list
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82bedb8 ptr=0x82bee1e end=0x82bee2d len=15
==> limits_get: conn=7 op=3 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("dc=cse,dc=yorku,dc=ca")
=> access_allowed: search access to "dc=cse,dc=yorku,dc=ca" "entry"
requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
search_candidates: base="dc=cse,dc=yorku,dc=ca" (0x00000001) scope=2
=> bdb_dn2idl("dc=cse,dc=yorku,dc=ca")
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
OR
=> bdb_list_candidates 0xa1
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [b49d1940]
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [9bee355f]
<= bdb_index_read 2 candidates
<= bdb_equality_candidates: id=2, first=3, last=4
<= bdb_filter_candidates: id=2 first=3 last=4
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (ou)
<= bdb_equality_candidates: (ou) not indexed
<= bdb_filter_candidates: id=-1 first=1 last=7
<= bdb_list_candidates: id=-1 first=3 last=4
<= bdb_filter_candidates: id=-1 first=3 last=4
<= bdb_list_candidates: id=-1 first=3 last=4
<= bdb_filter_candidates: id=-1 first=3 last=4
<= bdb_list_candidates: id=-1 first=3 last=4
<= bdb_filter_candidates: id=-1 first=3 last=4
bdb_search_candidates: id=-1 first=3 last=4
=> test_filter
=> test_filter_and
=> test_filter
=> access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca"
"objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> test_filter
=> access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca"
"ou" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 5
<= test_filter_and 5
<= test_filter 5
bdb_search: 3 does not match filter
=> test_filter
=> test_filter_and
=> test_filter
=> access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca"
"objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> test_filter
=> access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca"
"ou" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 5
<= test_filter_and 5
<= test_filter 5
bdb_search: 4 does not match filter
send_ldap_result: conn=7 op=3 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=4 tag=101 err=0
ber_flush2: 14 bytes to sd 16
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ldap_read: want=8, got=8
ldap_read: want=42, got=42
ber_get_next: tag 0x30 len 48 contents:
ber_dump: buf=0x82bbcd8 ptr=0x82bbcd8 end=0x82bbd08 len=48
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
conn=7 op=4 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x82bbcd8 ptr=0x82bbcdb end=0x82bbd08 len=45
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x82bbcd8 ptr=0x82bbcee end=0x82bbd08 len=26
end get_filter 0
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x82bbcd8 ptr=0x82bbcfb end=0x82bbd08 len=13
=> test_filter
=> access_allowed: search access to "" "objectClass" requested
=> slap_access_allowed: backend default search access granted to
"(anonymous)"
=> access_allowed: search access granted by read(=rscxd)
<= test_filter 6
=> send_search_entry: conn 7 dn=""
=> access_allowed: read access to "" "entry" requested
=> slap_access_allowed: backend default read access granted to
"(anonymous)"
=> access_allowed: read access granted by read(=rscxd)
ber_flush2: 11 bytes to sd 16
ldap_write: want=11, written=11
<= send_search_entry: conn 7 exit.
send_ldap_result: conn=7 op=4 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=5 tag=101 err=0
ber_flush2: 14 bytes to sd 16
ldap_write: want=14, written=14
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
connection_get(16)
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ldap_read: want=8, got=7
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x82cac98 ptr=0x82cac98 end=0x82cac9d len=5
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 16 failed errno=0 (Success)
connection_read(16): input error=-2 id=7, closing.
connection_closing: readying conn=7 sd=16 for close
connection_close: deferring conn=7 sd=16
conn=7 op=5 do_unbind
connection_resched: attempting closing conn=7 sd=16
connection_close: conn=7 sd=16
daemon: removing 16
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: epoll: listen=10 active_threads=0 tvp=NULL
daemon: shutdown requested and initiated.
daemon: closing 7
daemon: closing 8
daemon: closing 9
daemon: closing 10
12 years, 10 months
schema in openldap
by Aravind Arjunan
This is my newely created schema file in my ldap server for adding the
attributes.
But when i try to restart the ldap service i got the below error,
[root@master schema]# service ldap restart
Stopping slapd: [FAILED]
Checking configuration files for slapd: /etc/openldap/schema/sample.schema:
lin
e 3: Missing closing parenthesis before
AttributeTypeDescription = "(" whsp
numericoid whsp ; AttributeType identifier
[ "NAME" qdescrs ] ; name used in AttributeType
[ "DESC" qdstring ] ; description
[ "OBSOLETE" whsp ]
[ "SUP" woid ] ; derived from this other
; AttributeType
[ "EQUALITY" woid ] ; Matching Rule name
[ "ORDERING" woid ] ; Matching Rule name
[ "SUBSTR" woid ] ; Matching Rule name
[ "SYNTAX" whsp noidlen whsp ] ; see section 4.3
[ "SINGLE-VALUE" whsp ] ; default multi-valued
[ "COLLECTIVE" whsp ] ; default not collective
[ "NO-USER-MODIFICATION" whsp ]; default user modifiable
[ "USAGE" whsp AttributeUsage ]; default userApplications
; userApplications
; directoryOperation
; distributedOperation
; dSAOperation
whsp ")"
slaptest: bad configuration file!
[FAILED]
# New attribute definitions:
attributetype ( 1.3.6.1.4.1.4203.666.1.90
NAME 'E-mail address'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributetype ( 1.3.6.1.4.1.4203.666.1.91
NAME 'Firstname'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributetype ( 1.3.6.1.4.1.4203.666.1.92
NAME 'Last name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributetype ( 1.3.6.1.4.1.4203.666.1.93
NAME 'Nickname'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributetype ( 1.3.6.1.4.1.4203.666.1.94
NAME 'Additional info'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
objectClass ( 1.3.6.1.4.1.4203.666.1.100
NAME 'YoLinuxPerson'
DESC 'X-Person'
SUP inetOrgPerson
STRUCTURAL
MAY ( E-mail address $ First name $ Last name $
Nickname $ Additional info )
)
12 years, 10 months
OpenLDAP and HP iLO
by "Maurice Völkel"
Hello together,
Since a couple of weeks, I tried to connect an OpenLDAP server with an iLO
board, for an central authentication system. The LDAP server Runs with Open
SuSe 10.3 on OpenLDAP 2.3.37 and is configured with PAM, so that a user
registration works.
My problem is the configuration of the directory settings of iLO.
I try to describe my config of the LDAP Server and the problem which I
have with the config.
In /etc/openldap/slap.conf, I included a schema called ilo.schema.
The ilo.schema looks like:
attributetype (1.3.6.1.4.1.15959.9.1.1 NAME 'memberOf'
DESC 'Group which user belongs to'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
objectclass (1.3.6.1.4.1.15959.9.2.1 NAME 'memberOf'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP'
MUST (memberOf))
objectclass (1.3.6.1.4.1.15959.9.2.2 NAME 'user'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP')
A test user for the iLO, added on the LDAP like the following schema:
# Max, my-domain.de
dn: uid = max, ou = Mitarbeiter, ou = users, dc = my-domain, dc = de
cn: Max Doe
givenName: Max
SN: Foo
gidNumber: 100
UID: Max
uidNumber: 1003
userPassword: SSHA) (passwortmax
homeDirectory: / home / max
loginShell: / bin / bash
Street:
postalCode:
l:
ST:
mail: max.mustermann(a)my-domain.de
telephoneNumber: +49
shadowExpire: 14152
shadowInactive: 10
shadowLastChange: 14042
shadowMax: 14
shadowMin: 1
shadowWarning: 10
memberOf: cn = iloadmin, ou = groups, dc = my-domain, dc = de
description: iLO users Max Mustermann
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: memberOf
objectClass: user
objectClass: top
the cn = iloadmin, ou = groups, dc = my-domain, dc = de look like:
dn: cn = iloadmin, ou = groups, dc = my-domain, dc = de
cn: iloadmin
objectClass: top
objectClass: groupOfNames
member: cn = Max Mustermann, ou = Mitarbeiter, ou = users, dc = my-domain,
dc = de
The settings I config on iLO web interface as follows:
Under Administration -> Directory Settings ->
Use Directory DefaultSchema: running
Directory Server Address: my-domain.de [or IP]
Directory Server LDAP Port: 636
Directory User Context 1: ou = Mitarbeiter, ou = users, dc = my-domain, dc
= de
And under Administration Groups -> Select a group: Administrator -> View /
Modify
Security Group Distinguished Name: cn = iloadmin, ou = groups, dc =
my-domain, dc = de
Administer Group and Accounts, Console Remote Access, Virtual Power and
Reset, Virtual Media undConfigure iLO settings are enabled.
If I had a test run, I get the following message:
Overall status: Problem Detected
Description Test status
Ping Directory Server Passed
Directory Server IP Address Not run
Directory Server DNS name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Not run
Directory administrator login Not Run
User Authentication Failed
User Authorization Not Run
Directory User Context 1 Not run
Directory User Not run Context 2
Directory User Context 3 Not run
LOM exists Object Not Run
LOM Word Object Not Run
Sign Test
Initiating diagnostic Directory settings for server my-domain.de
Directory Server address my-domain.de resolved to IP address
Accepting certificate for Directory Server / C = DE / ST = [state]/ O =
[company] / OU = ldapserver / CN = meine-domain.de/EMAIL ca(a)meine-domain.de
signed by / C = DE / ST = [state] / L = [place] / O = [company] / OU =
[Department] / CN = [person] / EMAIL = ca(a)meine-domain.de
Warning: certificate does not match my Address Directory Server-domain.de.
Unable to authenticate user test max [Invalid credentials]
Ceasing tests.
Some diagnostics for server FAILED my-domain.de
Complete tests.
I read a lot of threads, but nothing could help me to find a mistake.
I hope someone could help me to find the mistake.
kind regards
SysNewbie
--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
12 years, 10 months
Re: schema in openldap
by Buchan Milne
On Wednesday 18 June 2008 12:38:10 Aravind Arjunan wrote:
> I like to know whether it is possible to create our own schema and add our
> own attributes and objectclass for that or not?
It is possible.
But, in my opinion, it is not yet necessary for your requirements.
If you want to waste your time learning schema design instead of the LDAP
basics, that might solve your problem, that's your decision (but I'm not
going to waste my time).
> If it is possible send me an example file so that i would be very thankfull
> to you.
> Since am trying to create my own schema and try to add attributes in
> that.But when i try to restart the ldap service i got the below error.
>
> Checking configuration files for slapd: /etc/openldap/schema/att.schema:
> line 3: AttributeType SYNTAX or SUPerior required:
> "1.3.6.1.4.1.4203.666.1.100.121"
> slaptest: bad configuration file!
> [FAILED]
> please help me with this issue.
You didn't supply att.schema, but it seems that your schema definition for
your OID 1.3.6.1.4.1.4203.666.1.100.121 does not include the SYNTAX or SUP
keywords, one of them is required.
And, you really shouldn't be using the OpenLDAP Foundations' OID arc ...
Regards,
Buchan
12 years, 10 months
Re: schema in openldap
by Buchan Milne
On Wednesday 18 June 2008 12:34:40 Aravind Arjunan wrote:
> Ok i had add entries like what you said, but when i try synchronize the
> ldap address book in squirrel mail its saying no such object in ldap.
>
This could merely be a configuration issue. How did you determine what the
exact problem was? Did you see what search squirrelmail was doing? And why it
failed?
Regards,
Buchan
12 years, 10 months
Fwd: schema in openldap
by Aravind Arjunan
---------- Forwarded message ----------
From: Aravind Arjunan <aravind.arjunan(a)gmail.com>
Date: 18 Jun 2008 16:08
Subject: Re: schema in openldap
To: Buchan Milne <bgmilne(a)staff.telkomsa.net>
I like to know whether it is possible to create our own schema and add our
own attributes and objectclass for that or not?
If it is possible send me an example file so that i would be very thankfull
to you.
Since am trying to create my own schema and try to add attributes in
that.But when i try to restart the ldap service i got the below error.
Checking configuration files for slapd: /etc/openldap/schema/att.schema:
line 3: AttributeType SYNTAX or SUPerior required:
"1.3.6.1.4.1.4203.666.1.100.121"
slaptest: bad configuration file!
[FAILED]
please help me with this issue.
On 18/06/2008, Aravind Arjunan <aravind.arjunan(a)gmail.com> wrote:
>
> Ok i had add entries like what you said, but when i try synchronize the
> ldap address book in squirrel mail its saying no such object in ldap.
>
> On 18/06/2008, Buchan Milne <bgmilne(a)staff.telkomsa.net> wrote:
>>
>> On Wednesday 18 June 2008 10:33:47 Aravind Arjunan wrote:
>> > This is my newely created schema file in my ldap server for adding the
>> > attributes.
>>
>> Why are you making your life difficult? Just add entries like this:
>>
>>
>> dn: cn=Saju Kuttan,ou=solution,dc=test,dc=com
>> objectClass: inetOrgPerson
>> cn: Saju Kuttan
>> sn: Kuttan
>> givenName: Saju
>> description: Saju Kuttan in the Oracle team
>> telephoneNumber: 9891950975
>> mail: csaju(a)hcl.in
>>
>>
>> There doesn't seem to be an attribute for the Nick Name field in Outlook,
>> see:
>> http://www.openldap.org/faq/data/cache/294.html
>>
>>
>> Regards,
>> Buchan
>>
>>
>
12 years, 10 months
Re: Openldap fine grained / advanced ACLs
by Faraz R. Khan
So basically I can do:
to * by cn=admin,dc=company,dc=com add by cn=faraz,dc=company,dc=com zap
That is indeed not documented anywhere. Will start an ITS
Pierangelo Masarati wrote:
> Faraz R. Khan wrote:
>> Is it possible to have fine grained ACLs in OpenLDAP? My problem is
>> that the 'write' access is too broad. I wish to be able to control
>> ADD, modify and delete separately. I tried looking at
>> aacls.sourceforge.net but it involves the setup of a separate server
>> and looks abandoned.
>>
>> Any pointers would be appreciated- maybe the denyop module? I was
>> trying to find some docs but all I could find was a FAQ entry.
>
> OpenLDAP 2.4 allows to split the write privilege into "a" (add) and "z"
> (zap). A separate privilege for "modify" does not make too much sense
> to me: if a value is added, then one just needs "add"; if a (set of)
> value(s) is replaced, then one needs both "zap" (to delete old values)
> and "add" (to add new ones), and thus "write" is just fine. On a
> related note, I just realized this is not documented anywhere but in the
> mailing list. I suggest you file an ITS <http://ww.openldap.org/its/>
> to request a documentation update.
>
> p.
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> -----------------------------------
> Office: +39 02 23998309
> Mobile: +39 333 4963172
> Email: ando(a)sys-net.it
> -----------------------------------
>
>
--
Faraz R Khan
Chief Architect
Emergen Consulting Pvt Ltd
+92.21.529.0381 x200
www.emergen.biz
12 years, 10 months
Re: openldap
by Aravind Arjunan
hi buchan,
These are the schema files in my server.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
And i need to add the following attribute,
1)mail id or E-mail address
2)mailbox location
3)First name
4)Last name
5)Additional info
6)Nickname ( this is for squirrelmail address book syncronization with ldap
database)
On 17/06/2008, Michael Ströder <michael(a)stroeder.com> wrote:
>
> Aravind Arjunan wrote:
>
>> ldap_modify: Cannot modify object class (69)
>> additional info: structural object class modification from 'person'
>> to '
>> inetOrgPerson' not allowed
>>
>
> You cannot change a structural object class. 'person' and 'inetOrgPerson'
> are both structural object classes with the latter derived from the former.
> In this case you have to delete and re-add the entries.
>
> See also:
> http://www.openldap.org/faq/data/cache/1341.html
>
> Ciao, Michael.
>
12 years, 10 months
meta config help
by danz@wustl.edu
We are attempting to setup a configuration that would allow us to
bind/search 2 different back-ends with 2 completely different suffixes.
Below is our configuration and the error we get back. We are able to
connect to both back-ends provided the other is commented out in the
slapd.conf file so we are sure the suffix change works for both targets.
[slapd.conf]
database meta
suffix "dc=virtual"
lastmod off
#rebind-as-user
uri "ldap://foo.wuaddev.wustl.edu/dc=virtual"
suffixmassage "dc=virtual"
"ou=Users,ou=Persons,dc=wuaddev,dc=wustl,dc=edu"
#uri "ldap://bar.wustl.edu/dc=virtual"
#suffixmassage "dc=virtual" "OU=users,OU=ais"
[search command]
-bash-3.00# ldapsearch -h localhost -v -b 'dc=virtual' -s sub -D
'cn=ssbinduser,dc=virtual' -w 'foobar' 'cn=ssbinduser'
ldapsearch: started Tue Jun 17 13:28:59 2008
ldap_init( localhost, 389 )
ldap_simple_bind: Operations error
[Debug output of /usr/local/libexec/slapd]
Ldap Err: DSID-0C0906 2B, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, vece.
This error comes from the remote LDAP server not accepting the bind
request successfully.
Your insight is greatly appreciated.
Regards,
Dan
12 years, 10 months