June 2008 - openldap-technical

by Stefano Zanmarchi

Hi, I'd like to set up a minimal ldap server just for authentication (bind) purposes. No attributes need to be stored apart from uid and userPassword. I'd like to insert entries like dn: uid=john.smith(a)myorg.com,ou=people,dc=myorg,dc=com objectClass: ????? uid: john.smith(a)myorg.com userPassword: secret (If I use objectClass: inetOrgPerson I need to enter cn and sn as well, which I don't wont) Can I achieve this? Thanks a lot, Stefano

12 years, 10 months

3
2
0 / 0

Authenticating from MacOS X 10.5.3 to OpenLDAP

by Jason Keltz

I have spent 2+ days trying to get a MacOS 10.5.3 machine configured to authenticate against a basic openldap 2.4.10 server with SSL on a Linux box - no SASL, no kerberos - I was hoping it would be trivial, and from the looks of all the postings around on the web, it should be. I know I'm doing the right things, yet I must be missing one minor detail. I did the initial openldap setup, and within a very short time, I was able to authenticate the MacOS box against the Linux box NON-SSSL without any trouble. When I enable SSL on the Mac, I can use ldapsearch to probe the whole ldaps:// server without any trouble at all. On the Mac, I can verify the SSL certificate: openssl s_client -connect server:636 -CApath /certs (I've created the proper hash files for the parts of the CA path) and I can see: . . Verify return code: 0 (ok) In the /etc/openldap/ldap.conf on the MAC, I have: TLS_REQCERT demand (MAC default) TLS_CACERTDIR /certs (Even if I change "TLS_REQCERT to never", it doesn't make any difference.) When I'm in the "Directory Utility" and creating a new connection, I click "Continue", then it hangs for a bit, and just comes back. The connection doesn't work. The slapd.config on the Linux side has all the correct TLS paths as well (of course if it didn't, my ldapsearch -x queries wouldn't even work): TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificatePath /openssl/certs TLSCertificateFile /openssl/certs/mycert.pem TLSCertificateKeyFile /openssl/certs/mycert.pem (The certificate and key are appended together in mycert.pem - that seems to be allowed) The certificate is a paid one - not a self-signed one. Here's the openldap debug info that is printed while I'm waiting for initialization of the connection ... I do see: TLS: can't accept. connection_read(14): TLS accept failure error=-1 id=0, closing connection_closing: readying conn=0 sd=14 for close ... but I just don't understand why given that everything seems set up properly. If it wasn't, why would the ldapsearch work!? Thanks! jas. ------ verbose openldap debugging output connection_get(15) connection_get(15): got connid=1 connection_read(15): checking for input on id=1 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=11 tls_read: want=107, got=107 TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A tls_write: want=4096, written=4096 TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A tls_write: want=723, written=723 TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=1 connection_read(15): checking for input on id=1 tls_read: want=5, got=5 tls_read: want=134, got=134 TLS trace: SSL_accept:SSLv3 read client key exchange A tls_read: want=5, got=5 tls_read: want=1, got=1 tls_read: want=5, got=5 tls_read: want=48, got=48 TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A tls_write: want=59, written=59 TLS trace: SSL_accept:SSLv3 flush data connection_read(15): unable to get TLS client DN, error=49 id=1 daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=1 connection_read(15): checking for input on id=1 ber_get_next tls_read: want=5, got=5 tls_read: want=32, got=32 TLS trace: SSL3 alert read:warning:close notify ldap_read: want=8, got=0 ber_get_next on fd 15 failed errno=0 (Success) connection_read(15): input error=-2 id=1, closing. connection_closing: readying conn=1 sd=15 for close daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_close: conn=1 sd=15 daemon: removing 15 tls_write: want=37, written=37 TLS trace: SSL3 alert write:warning:close notify daemon: activity on 1 descriptor daemon: activity on: 14r daemon: read active on 14 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(14) connection_get(14): got connid=0 connection_read(14): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=0 TLS: can't accept. connection_read(14): TLS accept failure error=-1 id=0, closing connection_closing: readying conn=0 sd=14 for close connection_close: conn=0 sd=14 daemon: removing 14 daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 busy daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL >>> slap_listener(ldap:///) daemon: listen=8, new connection on 14 daemon: added 14r (active) listener=(nil) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 busy daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL >>> slap_listener(ldap:///) daemon: activity on 1 descriptor daemon: activity on: daemon: listen=8, new connection on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: added 15r (active) listener=(nil) daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=3 connection_read(15): checking for input on id=3 ber_get_next ldap_read: want=8, got=8 ldap_read: want=94, got=94 ber_get_next: tag 0x30 len 100 contents: ber_dump: buf=0x82b9598 ptr=0x82b9598 end=0x82b95fc len=100 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=3 op=0 do_search daemon: activity on 1 descriptor ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82b9598 ptr=0x82b959b end=0x82b95fc len=97 >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> SRCH "" 0 0begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82b9598 ptr=0x82b95ae end=0x82b95fc len=78 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82b9598 ptr=0x82b95bb end=0x82b95fc len=65 daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL => test_filter => access_allowed: search access to "" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 3 dn="" => access_allowed: read access to "" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "" "namingContexts" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 54 bytes to sd 15 ldap_write: want=54, written=54 <= send_search_entry: conn 3 exit. send_ldap_result: conn=3 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=101 err=0 ber_flush2: 14 bytes to sd 15 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 14r daemon: read active on 14 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(14) connection_get(14): got connid=2 connection_read(14): checking for input on id=2 ber_get_next ldap_read: want=8, got=0 ber_get_next on fd 14 failed errno=0 (Success) connection_read(14): input error=-2 id=2, closing. connection_closing: readying conn=2 sd=14 for close connection_close: conn=2 sd=14 daemon: removing 14 daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=3 connection_read(15): checking for input on id=3 ber_get_next ldap_read: want=8, got=8 ldap_read: want=50, got=50 ber_get_next: tag 0x30 len 56 contents: ber_dump: buf=0x82cab08 ptr=0x82cab08 end=0x82cab40 len=56 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=3 op=1 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82cab08 ptr=0x82cab0b end=0x82cab40 len=53 >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> SRCH "" 0 0begin get_filter daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82cab08 ptr=0x82cab1e end=0x82cab40 len=34 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82cab08 ptr=0x82cab2b end=0x82cab40 len=21 => test_filter => access_allowed: search access to "" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 3 dn="" => access_allowed: read access to "" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "" "subschemaSubentry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "" "subschemaSubentry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 48 bytes to sd 15 ldap_write: want=48, written=48 <= send_search_entry: conn 3 exit. send_ldap_result: conn=3 op=1 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=2 tag=101 err=0 ber_flush2: 14 bytes to sd 15 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=3 connection_read(15): checking for input on id=3 ber_get_next ldap_read: want=8, got=8 ldap_read: want=71, got=71 ber_get_next: tag 0x30 len 77 contents: ber_dump: buf=0x82b9578 ptr=0x82b9578 end=0x82b95c5 len=77 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=3 op=2 do_search ber_scanf fmt ({miiiib) ber: daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL ber_dump: buf=0x82b9578 ptr=0x82b957b end=0x82b95c5 len=74 >>> dnPrettyNormal: <cn=Subschema> => ldap_bv2dn(cn=Subschema,0) <= ldap_bv2dn(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema> SRCH "cn=Subschema" 0 0begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x82b9578 ptr=0x82b959a end=0x82b95c5 len=43 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82b9578 ptr=0x82b95b4 end=0x82b95c5 len=17 => test_filter => access_allowed: search access to "cn=Subschema" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 3 dn="cn=Subschema" => access_allowed: read access to "cn=Subschema" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 16753 bytes to sd 15 ldap_write: want=16753, written=13032 ldap_write: want=3721, written=3721 <= send_search_entry: conn 3 exit. send_ldap_result: conn=3 op=2 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=3 tag=101 err=0 ber_flush2: 14 bytes to sd 15 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=3 connection_read(15): checking for input on id=3 ber_get_next ldap_read: want=8, got=8 ldap_read: want=111, got=111 ber_get_next: tag 0x30 len 117 contents: ber_dump: buf=0x82ba928 ptr=0x82ba928 end=0x82ba99d len=117 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL conn=3 op=3 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82ba928 ptr=0x82ba92b end=0x82ba99d len=114 >>> dnPrettyNormal: <dc=cse,dc=yorku,dc=ca> => ldap_bv2dn(dc=cse,dc=yorku,dc=ca,0) <= ldap_bv2dn(dc=cse,dc=yorku,dc=ca)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0 <<< dnPrettyNormal: <dc=cse,dc=yorku,dc=ca>, <dc=cse,dc=yorku,dc=ca> SRCH "dc=cse,dc=yorku,dc=ca" 2 0begin get_filter AND begin get_filter_list begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x82ba928 ptr=0x82ba955 end=0x82ba99d len=72 end get_filter 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x82ba928 ptr=0x82ba978 end=0x82ba99d len=37 end get_filter 0 end get_filter_list end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82ba928 ptr=0x82ba98e end=0x82ba99d len=15 ==> limits_get: conn=3 op=3 dn="[anonymous]" => bdb_search bdb_dn2entry("dc=cse,dc=yorku,dc=ca") => bdb_dn2id("dc=cse,dc=yorku,dc=ca") <= bdb_dn2id: got id=0x1 entry_decode: "dc=cse,dc=yorku,dc=ca" <= entry_decode(dc=cse,dc=yorku,dc=ca) => access_allowed: search access to "dc=cse,dc=yorku,dc=ca" "entry" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) search_candidates: base="dc=cse,dc=yorku,dc=ca" (0x00000001) scope=2 => bdb_dn2idl("dc=cse,dc=yorku,dc=ca") => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates OR => bdb_list_candidates 0xa1 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [b49d1940] <= bdb_index_read: failed (-30989) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [9bee355f] <= bdb_index_read 2 candidates <= bdb_equality_candidates: id=2, first=3, last=4 <= bdb_filter_candidates: id=2 first=3 last=4 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (ou) <= bdb_equality_candidates: (ou) not indexed <= bdb_filter_candidates: id=-1 first=1 last=7 <= bdb_list_candidates: id=-1 first=3 last=4 <= bdb_filter_candidates: id=-1 first=3 last=4 <= bdb_list_candidates: id=-1 first=3 last=4 <= bdb_filter_candidates: id=-1 first=3 last=4 <= bdb_list_candidates: id=-1 first=3 last=4 <= bdb_filter_candidates: id=-1 first=3 last=4 bdb_search_candidates: id=-1 first=3 last=4 entry_decode: "ou=people,dc=cse,dc=yorku,dc=ca" <= entry_decode(ou=people,dc=cse,dc=yorku,dc=ca) => bdb_dn2id("ou=people,dc=cse,dc=yorku,dc=ca") <= bdb_dn2id: got id=0x3 => test_filter => test_filter_and => test_filter => access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => test_filter => access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca" "ou" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 5 <= test_filter_and 5 <= test_filter 5 bdb_search: 3 does not match filter entry_decode: "ou=group,dc=cse,dc=yorku,dc=ca" <= entry_decode(ou=group,dc=cse,dc=yorku,dc=ca) => bdb_dn2id("ou=group,dc=cse,dc=yorku,dc=ca") <= bdb_dn2id: got id=0x4 => test_filter => test_filter_and => test_filter => access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => test_filter => access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca" "ou" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 5 <= test_filter_and 5 <= test_filter 5 bdb_search: 4 does not match filter send_ldap_result: conn=3 op=3 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=4 tag=101 err=0 ber_flush2: 14 bytes to sd 15 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 connection_get(15) connection_get(15): got connid=3 connection_read(15): checking for input on id=3 ber_get_next daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL ldap_read: want=8, got=8 ldap_read: want=42, got=42 ber_get_next: tag 0x30 len 48 contents: ber_dump: buf=0x82cab08 ptr=0x82cab08 end=0x82cab38 len=48 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=3 op=4 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82cab08 ptr=0x82cab0b end=0x82cab38 len=45 >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> SRCH "" 0 0begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82cab08 ptr=0x82cab1e end=0x82cab38 len=26 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82cab08 ptr=0x82cab2b end=0x82cab38 len=13 daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL => test_filter => access_allowed: search access to "" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 3 dn="" => access_allowed: read access to "" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 11 bytes to sd 15 ldap_write: want=11, written=11 <= send_search_entry: conn 3 exit. send_ldap_result: conn=3 op=4 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=5 tag=101 err=0 ber_flush2: 14 bytes to sd 15 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=3 connection_read(15): checking for input on id=3 ber_get_next ldap_read: want=8, got=7 ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x82caea0 ptr=0x82caea0 end=0x82caea5 len=5 ber_get_next ldap_read: want=8, got=0 ber_get_next on fd 15 failed errno=0 (Success) connection_read(15): input error=-2 id=3, closing. connection_closing: readying conn=3 sd=15 for close daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_close: deferring conn=3 sd=15 conn=3 op=5 do_unbind connection_resched: attempting closing conn=3 sd=15 connection_close: conn=3 sd=15 daemon: removing 15 daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(10): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 busy >>> slap_listener(ldaps:///) daemon: activity on 1 descriptor daemon: activity on: daemon: listen=10, new connection on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: added 15r (active) listener=(nil) daemon: activity on 2 descriptors daemon: activity on: slap_listener_activate(10): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 busy >>> slap_listener(ldaps:///) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: listen=10, new connection on 16 daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: added 16r (active) listener=(nil) daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16): got connid=5 connection_read(16): checking for input on id=5 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=11 tls_read: want=107, got=107 TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A tls_write: want=4096, written=4096 TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A tls_write: want=723, written=723 TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=5 connection_read(16): checking for input on id=5 tls_read: want=5, got=5 tls_read: want=134, got=134 TLS trace: SSL_accept:SSLv3 read client key exchange A tls_read: want=5, got=5 tls_read: want=1, got=1 tls_read: want=5, got=5 tls_read: want=48, got=48 TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A tls_write: want=59, written=59 TLS trace: SSL_accept:SSLv3 flush data connection_read(16): unable to get TLS client DN, error=49 id=5 daemon: activity on 2 descriptors daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=5 connection_read(16): checking for input on id=5 ber_get_next tls_read: want=5, got=5 tls_read: want=32, got=32 TLS trace: SSL3 alert read:warning:close notify ldap_read: want=8, got=0 ber_get_next on fd 16 failed errno=0 (Success) connection_read(16): input error=-2 id=5, closing. connection_closing: readying conn=5 sd=16 for close connection_close: conn=5 sd=16 daemon: removing 16 tls_write: want=37, written=37 TLS trace: SSL3 alert write:warning:close notify daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(15) connection_get(15): got connid=4 connection_read(15): checking for input on id=4 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=0 TLS: can't accept. connection_read(15): TLS accept failure error=-1 id=4, closing connection_closing: readying conn=4 sd=15 for close connection_close: conn=4 sd=15 daemon: removing 15 daemon: activity on 2 descriptors daemon: activity on: slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 busy daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL >>> slap_listener(ldap:///) daemon: listen=8, new connection on 15 daemon: added 15r (active) listener=(nil) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 busy daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL >>> slap_listener(ldap:///) daemon: listen=8, new connection on 16 daemon: activity on 1 descriptor daemon: activity on: daemon: added 16r (active) listener=(nil) daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 2 descriptors daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=7 connection_read(16): checking for input on id=7 ber_get_next ldap_read: want=8, got=8 ldap_read: want=94, got=94 ber_get_next: tag 0x30 len 100 contents: ber_dump: buf=0x82bd918 ptr=0x82bd918 end=0x82bd97c len=100 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=7 op=0 do_search daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82bd918 ptr=0x82bd91b end=0x82bd97c len=97 >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> SRCH "" 0 0begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82bd918 ptr=0x82bd92e end=0x82bd97c len=78 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82bd918 ptr=0x82bd93b end=0x82bd97c len=65 => test_filter => access_allowed: search access to "" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 7 dn="" => access_allowed: read access to "" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "" "namingContexts" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 54 bytes to sd 16 ldap_write: want=54, written=54 <= send_search_entry: conn 7 exit. send_ldap_result: conn=7 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=101 err=0 ber_flush2: 14 bytes to sd 16 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(15) daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=7 connection_read(16): checking for input on id=7 ber_get_next ldap_read: want=8, got=8 ldap_read: want=50, got=50 ber_get_next: tag 0x30 len 56 contents: connection_get(15): got connid=6 ber_dump: buf=0x82bbcd8 ptr=0x82bbcd8 end=0x82bbd10 len=56 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=7 op=1 do_search ber_scanf fmt ({miiiib) ber: daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL ber_dump: buf=0x82bbcd8 ptr=0x82bbcdb end=0x82bbd10 len=53 >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> SRCH "" 0 0connection_read(15): checking for input on id=6 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82bbcd8 ptr=0x82bbcee end=0x82bbd10 len=34 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82bbcd8 ptr=0x82bbcfb end=0x82bbd10 len=21 => test_filter => access_allowed: search access to "" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 7 dn="" => access_allowed: read access to "" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "" "subschemaSubentry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "" "subschemaSubentry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 48 bytes to sd 16 ldap_write: want=48, written=48 <= send_search_entry: conn 7 exit. send_ldap_result: conn=7 op=1 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=2 tag=101 err=0 ber_flush2: 14 bytes to sd 16 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=7 connection_read(16): checking for input on id=7 ber_get_next ldap_read: want=8, got=8 ldap_read: want=71, got=71 ber_get_next: tag 0x30 len 77 contents: ber_dump: buf=0x82cb5b0 ptr=0x82cb5b0 end=0x82cb5fd len=77 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=7 op=2 do_search daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82cb5b0 ptr=0x82cb5b3 end=0x82cb5fd len=74 >>> dnPrettyNormal: <cn=Subschema> => ldap_bv2dn(cn=Subschema,0) <= ldap_bv2dn(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema> SRCH "cn=Subschema" 0 0begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x82cb5b0 ptr=0x82cb5d2 end=0x82cb5fd len=43 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_get_next ber_dump: buf=0x82cb5b0 ptr=0x82cb5ec end=0x82cb5fd len=17 ldap_read: want=8, got=0 ber_get_next on fd 15 failed errno=0 (Success) connection_read(15): input error=-2 id=6, closing. connection_closing: readying conn=6 sd=15 for close daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_close: conn=6 sd=15 daemon: removing 15 => test_filter => access_allowed: search access to "cn=Subschema" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 7 dn="cn=Subschema" => access_allowed: read access to "cn=Subschema" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) => access_allowed: read access to "cn=Subschema" "objectClasses" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 16753 bytes to sd 16 ldap_write: want=16753, written=13032 ldap_write: want=3721, written=3721 <= send_search_entry: conn 7 exit. send_ldap_result: conn=7 op=2 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=3 tag=101 err=0 ber_flush2: 14 bytes to sd 16 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=7 connection_read(16): checking for input on id=7 ber_get_next ldap_read: want=8, got=8 ldap_read: want=111, got=111 ber_get_next: tag 0x30 len 117 contents: ber_dump: buf=0x82bedb8 ptr=0x82bedb8 end=0x82bee2d len=117 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=7 op=3 do_search ber_scanf fmt ({miiiib) ber: daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL ber_dump: buf=0x82bedb8 ptr=0x82bedbb end=0x82bee2d len=114 >>> dnPrettyNormal: <dc=cse,dc=yorku,dc=ca> => ldap_bv2dn(dc=cse,dc=yorku,dc=ca,0) <= ldap_bv2dn(dc=cse,dc=yorku,dc=ca)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=cse,dc=yorku,dc=ca)=0 <<< dnPrettyNormal: <dc=cse,dc=yorku,dc=ca>, <dc=cse,dc=yorku,dc=ca> SRCH "dc=cse,dc=yorku,dc=ca" 2 0begin get_filter AND begin get_filter_list begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x82bedb8 ptr=0x82bede5 end=0x82bee2d len=72 end get_filter 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x82bedb8 ptr=0x82bee08 end=0x82bee2d len=37 end get_filter 0 end get_filter_list end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82bedb8 ptr=0x82bee1e end=0x82bee2d len=15 ==> limits_get: conn=7 op=3 dn="[anonymous]" => bdb_search bdb_dn2entry("dc=cse,dc=yorku,dc=ca") => access_allowed: search access to "dc=cse,dc=yorku,dc=ca" "entry" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) search_candidates: base="dc=cse,dc=yorku,dc=ca" (0x00000001) scope=2 => bdb_dn2idl("dc=cse,dc=yorku,dc=ca") => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates OR => bdb_list_candidates 0xa1 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [b49d1940] <= bdb_index_read: failed (-30989) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [9bee355f] <= bdb_index_read 2 candidates <= bdb_equality_candidates: id=2, first=3, last=4 <= bdb_filter_candidates: id=2 first=3 last=4 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (ou) <= bdb_equality_candidates: (ou) not indexed <= bdb_filter_candidates: id=-1 first=1 last=7 <= bdb_list_candidates: id=-1 first=3 last=4 <= bdb_filter_candidates: id=-1 first=3 last=4 <= bdb_list_candidates: id=-1 first=3 last=4 <= bdb_filter_candidates: id=-1 first=3 last=4 <= bdb_list_candidates: id=-1 first=3 last=4 <= bdb_filter_candidates: id=-1 first=3 last=4 bdb_search_candidates: id=-1 first=3 last=4 => test_filter => test_filter_and => test_filter => access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => test_filter => access_allowed: search access to "ou=people,dc=cse,dc=yorku,dc=ca" "ou" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 5 <= test_filter_and 5 <= test_filter 5 bdb_search: 3 does not match filter => test_filter => test_filter_and => test_filter => access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => test_filter => access_allowed: search access to "ou=group,dc=cse,dc=yorku,dc=ca" "ou" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 5 <= test_filter_and 5 <= test_filter 5 bdb_search: 4 does not match filter send_ldap_result: conn=7 op=3 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=4 tag=101 err=0 ber_flush2: 14 bytes to sd 16 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=7 connection_read(16): checking for input on id=7 ber_get_next ldap_read: want=8, got=8 ldap_read: want=42, got=42 ber_get_next: tag 0x30 len 48 contents: ber_dump: buf=0x82bbcd8 ptr=0x82bbcd8 end=0x82bbd08 len=48 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL conn=7 op=4 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82bbcd8 ptr=0x82bbcdb end=0x82bbd08 len=45 >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> SRCH "" 0 0begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82bbcd8 ptr=0x82bbcee end=0x82bbd08 len=26 end get_filter 0 ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82bbcd8 ptr=0x82bbcfb end=0x82bbd08 len=13 => test_filter => access_allowed: search access to "" "objectClass" requested => slap_access_allowed: backend default search access granted to "(anonymous)" => access_allowed: search access granted by read(=rscxd) <= test_filter 6 => send_search_entry: conn 7 dn="" => access_allowed: read access to "" "entry" requested => slap_access_allowed: backend default read access granted to "(anonymous)" => access_allowed: read access granted by read(=rscxd) ber_flush2: 11 bytes to sd 16 ldap_write: want=11, written=11 <= send_search_entry: conn 7 exit. send_ldap_result: conn=7 op=4 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=5 tag=101 err=0 ber_flush2: 14 bytes to sd 16 ldap_write: want=14, written=14 daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL connection_get(16) connection_get(16): got connid=7 connection_read(16): checking for input on id=7 ber_get_next ldap_read: want=8, got=7 ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x82cac98 ptr=0x82cac98 end=0x82cac9d len=5 ber_get_next ldap_read: want=8, got=0 ber_get_next on fd 16 failed errno=0 (Success) connection_read(16): input error=-2 id=7, closing. connection_closing: readying conn=7 sd=16 for close connection_close: deferring conn=7 sd=16 conn=7 op=5 do_unbind connection_resched: attempting closing conn=7 sd=16 connection_close: conn=7 sd=16 daemon: removing 16 daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: epoll: listen=9 active_threads=0 tvp=NULL daemon: epoll: listen=10 active_threads=0 tvp=NULL daemon: shutdown requested and initiated. daemon: closing 7 daemon: closing 8 daemon: closing 9 daemon: closing 10

12 years, 10 months

1
0
0 / 0

schema in openldap

by Aravind Arjunan

This is my newely created schema file in my ldap server for adding the attributes. But when i try to restart the ldap service i got the below error, [root@master schema]# service ldap restart Stopping slapd: [FAILED] Checking configuration files for slapd: /etc/openldap/schema/sample.schema: lin e 3: Missing closing parenthesis before AttributeTypeDescription = "(" whsp numericoid whsp ; AttributeType identifier [ "NAME" qdescrs ] ; name used in AttributeType [ "DESC" qdstring ] ; description [ "OBSOLETE" whsp ] [ "SUP" woid ] ; derived from this other ; AttributeType [ "EQUALITY" woid ] ; Matching Rule name [ "ORDERING" woid ] ; Matching Rule name [ "SUBSTR" woid ] ; Matching Rule name [ "SYNTAX" whsp noidlen whsp ] ; see section 4.3 [ "SINGLE-VALUE" whsp ] ; default multi-valued [ "COLLECTIVE" whsp ] ; default not collective [ "NO-USER-MODIFICATION" whsp ]; default user modifiable [ "USAGE" whsp AttributeUsage ]; default userApplications ; userApplications ; directoryOperation ; distributedOperation ; dSAOperation whsp ")" slaptest: bad configuration file! [FAILED] # New attribute definitions: attributetype ( 1.3.6.1.4.1.4203.666.1.90 NAME 'E-mail address' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( 1.3.6.1.4.1.4203.666.1.91 NAME 'Firstname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( 1.3.6.1.4.1.4203.666.1.92 NAME 'Last name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( 1.3.6.1.4.1.4203.666.1.93 NAME 'Nickname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( 1.3.6.1.4.1.4203.666.1.94 NAME 'Additional info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) objectClass ( 1.3.6.1.4.1.4203.666.1.100 NAME 'YoLinuxPerson' DESC 'X-Person' SUP inetOrgPerson STRUCTURAL MAY ( E-mail address $ First name $ Last name $ Nickname $ Additional info ) )

12 years, 10 months

4
3
0 / 0

OpenLDAP and HP iLO

by "Maurice Völkel"

Hello together, Since a couple of weeks, I tried to connect an OpenLDAP server with an iLO board, for an central authentication system. The LDAP server Runs with Open SuSe 10.3 on OpenLDAP 2.3.37 and is configured with PAM, so that a user registration works. My problem is the configuration of the directory settings of iLO. I try to describe my config of the LDAP Server and the problem which I have with the config. In /etc/openldap/slap.conf, I included a schema called ilo.schema. The ilo.schema looks like: attributetype (1.3.6.1.4.1.15959.9.1.1 NAME 'memberOf' DESC 'Group which user belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) objectclass (1.3.6.1.4.1.15959.9.2.1 NAME 'memberOf' SUP top AUXILIARY DESC 'Required by Integrated Lights-Out for OpenLDAP' MUST (memberOf)) objectclass (1.3.6.1.4.1.15959.9.2.2 NAME 'user' SUP top AUXILIARY DESC 'Required by Integrated Lights-Out for OpenLDAP') A test user for the iLO, added on the LDAP like the following schema: # Max, my-domain.de dn: uid = max, ou = Mitarbeiter, ou = users, dc = my-domain, dc = de cn: Max Doe givenName: Max SN: Foo gidNumber: 100 UID: Max uidNumber: 1003 userPassword: SSHA) (passwortmax homeDirectory: / home / max loginShell: / bin / bash Street: postalCode: l: ST: mail: max.mustermann(a)my-domain.de telephoneNumber: +49 shadowExpire: 14152 shadowInactive: 10 shadowLastChange: 14042 shadowMax: 14 shadowMin: 1 shadowWarning: 10 memberOf: cn = iloadmin, ou = groups, dc = my-domain, dc = de description: iLO users Max Mustermann objectClass: shadowAccount objectClass: person objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson objectClass: memberOf objectClass: user objectClass: top the cn = iloadmin, ou = groups, dc = my-domain, dc = de look like: dn: cn = iloadmin, ou = groups, dc = my-domain, dc = de cn: iloadmin objectClass: top objectClass: groupOfNames member: cn = Max Mustermann, ou = Mitarbeiter, ou = users, dc = my-domain, dc = de The settings I config on iLO web interface as follows: Under Administration -> Directory Settings -> Use Directory DefaultSchema: running Directory Server Address: my-domain.de [or IP] Directory Server LDAP Port: 636 Directory User Context 1: ou = Mitarbeiter, ou = users, dc = my-domain, dc = de And under Administration Groups -> Select a group: Administrator -> View / Modify Security Group Distinguished Name: cn = iloadmin, ou = groups, dc = my-domain, dc = de Administer Group and Accounts, Console Remote Access, Virtual Power and Reset, Virtual Media undConfigure iLO settings are enabled. If I had a test run, I get the following message: Overall status: Problem Detected Description Test status Ping Directory Server Passed Directory Server IP Address Not run Directory Server DNS name Passed Connect to Directory Server Passed Connect using SSL Passed Certificate of Directory Server Passed Bind to Directory Server Not run Directory administrator login Not Run User Authentication Failed User Authorization Not Run Directory User Context 1 Not run Directory User Not run Context 2 Directory User Context 3 Not run LOM exists Object Not Run LOM Word Object Not Run Sign Test Initiating diagnostic Directory settings for server my-domain.de Directory Server address my-domain.de resolved to IP address Accepting certificate for Directory Server / C = DE / ST = [state]/ O = [company] / OU = ldapserver / CN = meine-domain.de/EMAIL ca(a)meine-domain.de signed by / C = DE / ST = [state] / L = [place] / O = [company] / OU = [Department] / CN = [person] / EMAIL = ca(a)meine-domain.de Warning: certificate does not match my Address Directory Server-domain.de. Unable to authenticate user test max [Invalid credentials] Ceasing tests. Some diagnostics for server FAILED my-domain.de Complete tests. I read a lot of threads, but nothing could help me to find a mistake. I hope someone could help me to find the mistake. kind regards SysNewbie -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

12 years, 10 months

1
0
0 / 0

Re: schema in openldap

by Buchan Milne

On Wednesday 18 June 2008 12:38:10 Aravind Arjunan wrote: > I like to know whether it is possible to create our own schema and add our > own attributes and objectclass for that or not? It is possible. But, in my opinion, it is not yet necessary for your requirements. If you want to waste your time learning schema design instead of the LDAP basics, that might solve your problem, that's your decision (but I'm not going to waste my time). > If it is possible send me an example file so that i would be very thankfull > to you. > Since am trying to create my own schema and try to add attributes in > that.But when i try to restart the ldap service i got the below error. > > Checking configuration files for slapd: /etc/openldap/schema/att.schema: > line 3: AttributeType SYNTAX or SUPerior required: > "1.3.6.1.4.1.4203.666.1.100.121" > slaptest: bad configuration file! > [FAILED] > please help me with this issue. You didn't supply att.schema, but it seems that your schema definition for your OID 1.3.6.1.4.1.4203.666.1.100.121 does not include the SYNTAX or SUP keywords, one of them is required. And, you really shouldn't be using the OpenLDAP Foundations' OID arc ... Regards, Buchan

12 years, 10 months

1
0
0 / 0

Re: schema in openldap

by Buchan Milne

On Wednesday 18 June 2008 12:34:40 Aravind Arjunan wrote: > Ok i had add entries like what you said, but when i try synchronize the > ldap address book in squirrel mail its saying no such object in ldap. > This could merely be a configuration issue. How did you determine what the exact problem was? Did you see what search squirrelmail was doing? And why it failed? Regards, Buchan

12 years, 10 months

1
0
0 / 0

Fwd: schema in openldap

by Aravind Arjunan

---------- Forwarded message ---------- From: Aravind Arjunan <aravind.arjunan(a)gmail.com> Date: 18 Jun 2008 16:08 Subject: Re: schema in openldap To: Buchan Milne <bgmilne(a)staff.telkomsa.net> I like to know whether it is possible to create our own schema and add our own attributes and objectclass for that or not? If it is possible send me an example file so that i would be very thankfull to you. Since am trying to create my own schema and try to add attributes in that.But when i try to restart the ldap service i got the below error. Checking configuration files for slapd: /etc/openldap/schema/att.schema: line 3: AttributeType SYNTAX or SUPerior required: "1.3.6.1.4.1.4203.666.1.100.121" slaptest: bad configuration file! [FAILED] please help me with this issue. On 18/06/2008, Aravind Arjunan <aravind.arjunan(a)gmail.com> wrote: > > Ok i had add entries like what you said, but when i try synchronize the > ldap address book in squirrel mail its saying no such object in ldap. > > On 18/06/2008, Buchan Milne <bgmilne(a)staff.telkomsa.net> wrote: >> >> On Wednesday 18 June 2008 10:33:47 Aravind Arjunan wrote: >> > This is my newely created schema file in my ldap server for adding the >> > attributes. >> >> Why are you making your life difficult? Just add entries like this: >> >> >> dn: cn=Saju Kuttan,ou=solution,dc=test,dc=com >> objectClass: inetOrgPerson >> cn: Saju Kuttan >> sn: Kuttan >> givenName: Saju >> description: Saju Kuttan in the Oracle team >> telephoneNumber: 9891950975 >> mail: csaju(a)hcl.in >> >> >> There doesn't seem to be an attribute for the Nick Name field in Outlook, >> see: >> http://www.openldap.org/faq/data/cache/294.html >> >> >> Regards, >> Buchan >> >> >

12 years, 10 months

1
0
0 / 0

Re: Openldap fine grained / advanced ACLs

by Faraz R. Khan

So basically I can do: to * by cn=admin,dc=company,dc=com add by cn=faraz,dc=company,dc=com zap That is indeed not documented anywhere. Will start an ITS Pierangelo Masarati wrote: > Faraz R. Khan wrote: >> Is it possible to have fine grained ACLs in OpenLDAP? My problem is >> that the 'write' access is too broad. I wish to be able to control >> ADD, modify and delete separately. I tried looking at >> aacls.sourceforge.net but it involves the setup of a separate server >> and looks abandoned. >> >> Any pointers would be appreciated- maybe the denyop module? I was >> trying to find some docs but all I could find was a FAQ entry. > > OpenLDAP 2.4 allows to split the write privilege into "a" (add) and "z" > (zap). A separate privilege for "modify" does not make too much sense > to me: if a value is added, then one just needs "add"; if a (set of) > value(s) is replaced, then one needs both "zap" (to delete old values) > and "add" (to add new ones), and thus "write" is just fine. On a > related note, I just realized this is not documented anywhere but in the > mailing list. I suggest you file an ITS <http://ww.openldap.org/its/> > to request a documentation update. > > p. > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > ----------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: ando(a)sys-net.it > ----------------------------------- > > -- Faraz R Khan Chief Architect Emergen Consulting Pvt Ltd +92.21.529.0381 x200 www.emergen.biz

12 years, 10 months

2
1
0 / 0

Re: openldap

by Aravind Arjunan

hi buchan, These are the schema files in my server. include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema And i need to add the following attribute, 1)mail id or E-mail address 2)mailbox location 3)First name 4)Last name 5)Additional info 6)Nickname ( this is for squirrelmail address book syncronization with ldap database) On 17/06/2008, Michael Ströder <michael(a)stroeder.com> wrote: > > Aravind Arjunan wrote: > >> ldap_modify: Cannot modify object class (69) >> additional info: structural object class modification from 'person' >> to ' >> inetOrgPerson' not allowed >> > > You cannot change a structural object class. 'person' and 'inetOrgPerson' > are both structural object classes with the latter derived from the former. > In this case you have to delete and re-add the entries. > > See also: > http://www.openldap.org/faq/data/cache/1341.html > > Ciao, Michael. >

12 years, 10 months

1
0
0 / 0

meta config help

by danz＠wustl.edu

We are attempting to setup a configuration that would allow us to bind/search 2 different back-ends with 2 completely different suffixes. Below is our configuration and the error we get back. We are able to connect to both back-ends provided the other is commented out in the slapd.conf file so we are sure the suffix change works for both targets. [slapd.conf] database meta suffix "dc=virtual" lastmod off #rebind-as-user uri "ldap://foo.wuaddev.wustl.edu/dc=virtual" suffixmassage "dc=virtual" "ou=Users,ou=Persons,dc=wuaddev,dc=wustl,dc=edu" #uri "ldap://bar.wustl.edu/dc=virtual" #suffixmassage "dc=virtual" "OU=users,OU=ais" [search command] -bash-3.00# ldapsearch -h localhost -v -b 'dc=virtual' -s sub -D 'cn=ssbinduser,dc=virtual' -w 'foobar' 'cn=ssbinduser' ldapsearch: started Tue Jun 17 13:28:59 2008 ldap_init( localhost, 389 ) ldap_simple_bind: Operations error [Debug output of /usr/local/libexec/slapd] Ldap Err: DSID-0C0906 2B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece. This error comes from the remote LDAP server not accepting the bind request successfully. Your insight is greatly appreciated. Regards, Dan

12 years, 10 months

1
0
0 / 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical June 2008