openldap-technical December 2009

openldap-technical@openldap.org

59 participants
67 discussions

OpenLDAP as a proxy/rewrite/remap to AD for nss_ldap
by Mikolaj Kucharski 10 Dec '09

10 Dec '09

Hi, I have Active Directory server, OpenLDAP server and a client machine. AD is based on Windows Server 2003, OpenLDAP is 2.3.43-3.el5 running on CentOS 5 i386, client machine is as well CentOS 5. Does OpenLDAP server in any version, allows me to rewrite/remap/merge results from: - Active Directory - internal LDAP database (or any database) to make them suitable to nss_ldap? AD doesn't have all attributes which are needed by nss_ldap, so I thought to keep internal LDAP database with missing information (uidNumber, loginShell, etc) and merge, rewrite, remap or meta this information, and then give that result to the nss_ldap. I understand that it is possible to merge with slapd-meta different DIT from different databased as a single DIT, but what I need here is to merge attributes from one db, with second db (Active Directory), then rewrite that, and finaly return result to the querying client. What I mean is, is it possible to rewrite/remap results from AD which look like that: # (sAMAccountName=kucharskim) dn: CN=kucharskim,CN=Users,DC=euops,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: kucharskim distinguishedName: CN=kucharskim,CN=Users,DC=euops,DC=lan instanceType: 4 whenCreated: 20091117183353.0Z whenChanged: 20091117183353.0Z uSNCreated: 15484 uSNChanged: 15488 name: Mikolaj Kucharski objectGUID:: PLah511UiUKib3pt8HCJ+g== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 129041574477164624 lastLogoff: 0 lastLogon: 129046275442578437 pwdLastSet: 129029564332783194 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAA1MNb9pJhAvyslWmgfAcAAA== accountExpires: 9223372036854775807 logonCount: 9 sAMAccountName: kucharskim sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=euops,DC=lan memberOf: CN=testgroup,CN=ActiveDirectoryGroups,DC=euops,DC=lan with pieces missing from another ldap db, to something like that: # (uid=kucharskim) dn: uid=kucharskim,ou=People,dc=ldapdomain,dc=lan uid: kucharskim cn: Mikolaj Kucharski objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 12561 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 10207 gidNumber: 10207 homeDirectory: /home/kucharskim gecos: Mikolaj Kucharski # (memberUid=kucharskim) dn: cn=testgroup,ou=Groups,dc=ldapdomain,dc=lan objectClass: posixGroup objectClass: top cn: testgroup gidNumber: 50201 memberUid: kucharskim memberUid: ldapuser1 memberUid: ldapuser2 I see that this is something overly complicated, but I wanted to know is that possible. If it is, could someone give me which version of OpenLDAP supports it and where I can read how to implement that. Thank you. -- best regards q#

3 2

Query performance degrades over time.
by Laurence Field 10 Dec '09

10 Dec '09

Hi, We are experiencing a decay in query performance over time using OpenLDAP 2.3.43 on CentOS 5. After populating the database with about 70 000 entries, the query response time for one entry is about 0.4s. After about two hours the same query takes over 1s. The slapd.conf file and DB_CONFIG files that we use can be found at the following URLs. http://svnweb.cern.ch/trac/gridinfo/browser/bdii/trunk/etc/bdii-slapd.conf http://svnweb.cern.ch/trac/gridinfo/browser/bdii/trunk/etc/DB_CONFIG Does anyone have an idea about what is happening. Thanks Laurence

8 13

100% CPU loading
by Bad Guy 10 Dec '09

10 Dec '09

Dear all, We have been setup a 4 ways multi-master replication openldap version 2.4.11. It has been running for a year. However, recently, we find that one of the server has 100% high CPU and all the replication can't be replicated to that server. After restart the slapd process, it can be resumed normal. But afraid that high CPU will occur again. What changes recently is that we just added 1 field in the schema file in all the 4 servers, there is no other things changed. Any idea of the high CPU ? What data should be collected in case high CPU occurs again ? Thanks _________________________________________________________________ 嶄新的 Windows 7：找出適合您的電腦。深入了解。 http://windows.microsoft.com/shop

3 4

ldapsearch filter and
by Jeff Huang 09 Dec '09

09 Dec '09

Hi all. How to set a filter to connect tow entrys like SQL of database? For example. entry 1: dn:ou=p,o=test ou=p status=active entry 2: dn:cn=1,ou=p,o=test uid=1 status=active result=test1 entry 3: dn:cn=2,ou=p,o=test uid=2 status=inactive result=test2 I need to do a search and the result is: if the entry1's status=active,then research other entry using the query attribute=uid. if the entry1's status=inactive,the the research returen null result. How can I do this search? And if it can do,how to set the ldap.conf located /etc/ldap.conf?

1 0

openldap-2.4.20 installation
by vishesh kumar 09 Dec '09

09 Dec '09

Dear friends Today i tried to install openldap2.4.20 on RHEL 5.2. After firing ./configure script, i got following error *Configure:error: Berkeley DB version incomptible with BDB/HDB backend. *But after investigation i found that db4 with version 4.3.29 is installed on my system. So what i should do now, Should i replace my Berkeley DB package? I want to be sure that other running programs not get any issue after bdb upgradation. How one know which bdb version is required by current openldap package ? thanks * -- * http://linuxinterviews.blogspot.com

4 4

restrict host login based on group
by Serge Fonville 09 Dec '09

09 Dec '09

Hi, While setting up an LDAP server. I noticed that it is not possible to add a host attribute to a posixGroup. Is there a way to limit a user what host they can logon to based on their group membership? Thanks in advance Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&h…

6 11

How To set things up to allow users to change their passwords
by Robert Heller 08 Dec '09

08 Dec '09

I have Openldap set up on a CentOS 5 system (using the stock 2.3.43 RPMS) and I want to allow users to change their passwords, but I am confused by the documentation (it has both too much and not enough information -- there don't appear to be simple HowTos for common setups). I am not sure what to put in /etc/openldap/slapd.conf (I think I need an ACL). I expect I need something in /etc/openldap/ldap.conf (or prossibly /etc/ldap.conf) to allow the authorization. This is on a LAN with diskless clients, behind a firewall, so I *probably* don't need to set up SSL and certs (but I am unsure of this as well). -- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller(a)deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/

8 16

Password policy : Check_password module for debian
by Smaïne Kahlouch 08 Dec '09

08 Dec '09

Hi, I would like to know how to use the check_password module that comes with the ppolicy overlay. A rpm package exists but i didn't find a debian one. I could compile it but i don't understand how to use the different options. Is there somebody that figured out how to use it on debian ? Do you know a good howto for debian ? thanks, Grifith

2 2

relay backend and dynlist overlay
by Alexander 'Leo' Bergolth 08 Dec '09

08 Dec '09

Hi! I'd like to use the relay backend to make a whole database suffix available under a different naming context because of a domain name change. So far everything works fine except for entries that have attributes expanded by the dynlist overlay. Those entries are not shown at all in the virtual naming context. (Not even those attributes that are not created dynamically, only an empty dn is shown for those entries.) # real naming context: -------------------- 8< -------------------- $ ldapsearch -LLL -h bach-s49 -b 'dc=wu-wien,dc=ac,dc=at' -x '(cn=dynlisttest)' dn: cn=dynlisttest,ou=LDAPgroups,dc=wu-wien,dc=ac,dc=at objectClass: wuDynGroupOfNames objectClass: groupOfURLs objectClass: top cn: dynlisttest memberURL: ldap:///dc=wu-wien,dc=ac,dc=at??sub?(&(objectclass=wuPerson)(uid=be rgolth*)) member: uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at member: uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at -------------------- 8< -------------------- # virtual naming context: -------------------- 8< -------------------- $ ldapsearch -LLL -h bach-s49 -b 'dc=wu,dc=ac,dc=at' -x '(cn=dynlisttest)' dn: -------------------- 8< -------------------- # dynlist config: -------------------- 8< -------------------- dn: olcOverlay={0}dynlist,olcDatabase={1}bdb,cn=config objectClass: olcDynamicList objectClass: olcOverlayConfig olcOverlay: {0}dynlist olcDlAttrSet: {0}posixGroup labeledURI memberUid:uid olcDlAttrSet: {1}wuDynGroupOfNames memberURL member -------------------- 8< -------------------- I have attached the debug output of the second ldapsearch. I'd appreciate any hints! Thanks in advance, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on 1 descriptor Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on: Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: slap_listener_activate(7): Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=7 busy Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=8 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: >>> slap_listener(ldap:///) Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: listen=7, new connection on 15 Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: added 15r (active) listener=(nil) Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 fd=15 ACCEPT from IP=137.208.89.100:39246 (IP=0.0.0.0:389) Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on 2 descriptors Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on: Dec 7 14:09:13 bach-s49 slapd[18802]: 15r Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: read active on 15 Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=7 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=8 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: connection_get(15) Dec 7 14:09:13 bach-s49 slapd[18802]: connection_get(15): got connid=4 Dec 7 14:09:13 bach-s49 slapd[18802]: connection_read(15): checking for input on id=4 Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=0 do_bind Dec 7 14:09:13 bach-s49 slapd[18802]: >>> dnPrettyNormal: <> Dec 7 14:09:13 bach-s49 slapd[18802]: <<< dnPrettyNormal: <>, <> Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=0 BIND dn="" method=128 Dec 7 14:09:13 bach-s49 slapd[18802]: do_bind: version=3 dn="" method=128 Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_result: conn=4 op=0 p=3 Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_result: err=0 matched="" text="" Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_response: msgid=1 tag=97 err=0 Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=0 RESULT tag=97 err=0 text= Dec 7 14:09:13 bach-s49 slapd[18802]: do_bind: v3 anonymous bind Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on 1 descriptor Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on: Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=7 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=8 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on 1 descriptor Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on: Dec 7 14:09:13 bach-s49 slapd[18802]: 15r Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: read active on 15 Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=7 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=8 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: connection_get(15) Dec 7 14:09:13 bach-s49 slapd[18802]: connection_get(15): got connid=4 Dec 7 14:09:13 bach-s49 slapd[18802]: connection_read(15): checking for input on id=4 Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=1 do_search Dec 7 14:09:13 bach-s49 slapd[18802]: >>> dnPrettyNormal: <dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: <<< dnPrettyNormal: <dc=wu,dc=ac,dc=at>, <dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: SRCH "dc=wu,dc=ac,dc=at" 2 0 Dec 7 14:09:13 bach-s49 slapd[18802]: 0 0 0 Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: filter: (cn=dynlisttest) Dec 7 14:09:13 bach-s49 slapd[18802]: attrs: Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=1 SRCH base="dc=wu,dc=ac,dc=at" scope=2 deref=0 filter="(cn=dynlisttest)" Dec 7 14:09:13 bach-s49 slapd[18802]: ==> limits_get: conn=4 op=1 self="[anonymous]" this="dc=wu,dc=ac,dc=at" Dec 7 14:09:13 bach-s49 slapd[18802]: [rw] searchDN: "dc=wu,dc=ac,dc=at" -> "dc=wu-wien,dc=ac,dc=at" Dec 7 14:09:13 bach-s49 slapd[18802]: >>> dnPrettyNormal: <dc=wu-wien,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: <<< dnPrettyNormal: <dc=wu-wien,dc=ac,dc=at>, <dc=wu-wien,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: str2filter "(cn=dynlisttest)" Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_search Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_dn2entry("dc=wu-wien,dc=ac,dc=at") Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "dc=wu-wien,dc=ac,dc=at" "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: search_candidates: base="dc=wu-wien,dc=ac,dc=at" (0x00000001) scope=2 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_dn2idl("dc=wu-wien,dc=ac,dc=at") Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_list_candidates 0xa0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: OR Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_list_candidates 0xa1 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_equality_candidates (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => key_read Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_idl_fetch_key: [b49d1940] Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_index_read: failed (-30988) Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_equality_candidates: id=0, first=0, last=0 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=0 first=0 last=0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_equality_candidates (cn) Dec 7 14:09:13 bach-s49 slapd[18802]: => key_read Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_idl_fetch_key: [35ac39fc] Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_index_read 1 candidates Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_equality_candidates: id=1, first=2233, last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=1 first=2233 last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_list_candidates: id=1 first=2233 last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=1 first=2233 last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_list_candidates: id=1 first=2233 last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=1 first=2233 last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_search_candidates: id=1 first=2233 last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "cn=dynlisttest,ou=LDAPgroups,dc=wu-wien,dc=ac,dc=at" "cn" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr cn Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (cn) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "cn=dynlisttest,ou=LDAPgroups,dc=wu-wien,dc=ac,dc=at", attr "cn" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr cn Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (cn) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "cn=dynlisttest,ou=LDAPgroups,dc=wu-wien,dc=ac,dc=at", attr "cn" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: >>> dnPrettyNormal: <dc=wu-wien,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: <<< dnPrettyNormal: <dc=wu-wien,dc=ac,dc=at>, <dc=wu-wien,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: str2filter "(&(!(objectClass=posixGroup))(&(objectclass=wuPerson)(uid=bergolth*)))" Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter_list Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: NOT Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter_list Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_filter Dec 7 14:09:13 bach-s49 slapd[18802]: SUBSTRINGS Dec 7 14:09:13 bach-s49 slapd[18802]: begin get_ssa Dec 7 14:09:13 bach-s49 slapd[18802]: INITIAL Dec 7 14:09:13 bach-s49 slapd[18802]: end get_ssa Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter_list Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter_list Dec 7 14:09:13 bach-s49 slapd[18802]: end get_filter 0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_search Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_dn2entry("dc=wu-wien,dc=ac,dc=at") Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "dc=wu-wien,dc=ac,dc=at" "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: search_candidates: base="dc=wu-wien,dc=ac,dc=at" (0x00000001) scope=2 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_dn2idl("dc=wu-wien,dc=ac,dc=at") Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_list_candidates 0xa0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: OR Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_list_candidates 0xa1 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_equality_candidates (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => key_read Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_idl_fetch_key: [b49d1940] Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_index_read: failed (-30988) Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_equality_candidates: id=0, first=0, last=0 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=0 first=0 last=0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_list_candidates 0xa0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: NOT Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=-1 first=1 last=2233 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_list_candidates 0xa0 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_equality_candidates (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => key_read Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_idl_fetch_key: [0031ceb6] Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_index_read 1851 candidates Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_equality_candidates: id=1851, first=4, last=2232 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=1851 first=4 last=2232 Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_filter_candidates Dec 7 14:09:13 bach-s49 slapd[18802]: SUBSTRINGS Dec 7 14:09:13 bach-s49 slapd[18802]: => bdb_substring_candidates (uid) Dec 7 14:09:13 bach-s49 slapd[18802]: => key_read Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_idl_fetch_key: [a5239cdb] Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_index_read 3 candidates Dec 7 14:09:13 bach-s49 slapd[18802]: => key_read Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_idl_fetch_key: [09e3cb6a] Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_index_read 2 candidates Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_substring_candidates: 2, first=35, last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_list_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_list_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_list_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_list_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: <= bdb_filter_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: bdb_search_candidates: id=2 first=35 last=1950 Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter_and Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: NOT Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at" "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 5 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter_and Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at" "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: SUBSTRINGS Dec 7 14:09:13 bach-s49 slapd[18802]: begin test_substrings_filter Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at" "uid" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr uid Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (uid) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "uid" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr uid Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (uid) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "uid" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter_and 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter_and 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access to "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at" "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access to "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at" "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter_and Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: NOT Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at" "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 5 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: AND Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter_and Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: EQUALITY Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at" "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr objectClass Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (objectClass) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "objectClass" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to value by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: => test_filter Dec 7 14:09:13 bach-s49 slapd[18802]: SUBSTRINGS Dec 7 14:09:13 bach-s49 slapd[18802]: begin test_substrings_filter Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access to "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at" "uid" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr uid Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (uid) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "uid" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr uid Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (uid) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "uid" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: search access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter_and 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter_and 6 Dec 7 14:09:13 bach-s49 slapd[18802]: <= test_filter 6 Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access to "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at" "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access to "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at" "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: dnMatch -5 "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at" "uid=bergolth2,ou=ldapusers,dc=wu-wien,dc=ac,dc=at" Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_result: conn=4 op=1 p=3 Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_result: err=0 matched="" text="" Dec 7 14:09:13 bach-s49 slapd[18802]: [rw] searchEntryDN: "cn=dynlisttest,ou=LDAPgroups,dc=wu-wien,dc=ac,dc=at" -> "cn=dynlisttest,ou=LDAPgroups,dc=wu,dc=ac,dc=at" Dec 7 14:09:13 bach-s49 slapd[18802]: >>> dnPrettyNormal: <cn=dynlisttest,ou=LDAPgroups,dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: <<< dnPrettyNormal: <cn=dynlisttest,ou=LDAPgroups,dc=wu,dc=ac,dc=at>, <cn=dynlisttest,ou=ldapgroups,dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: [rw] searchAttrDN: "uid=bergolth,ou=users,dc=wu-wien,dc=ac,dc=at" -> "uid=bergolth,ou=users,dc=wu,dc=ac,dc=at" Dec 7 14:09:13 bach-s49 slapd[18802]: >>> dnPrettyNormal: <uid=bergolth,ou=users,dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: <<< dnPrettyNormal: <uid=bergolth,ou=users,dc=wu,dc=ac,dc=at>, <uid=bergolth,ou=users,dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: [rw] searchAttrDN: "uid=bergolth2,ou=LDAPusers,dc=wu-wien,dc=ac,dc=at" -> "uid=bergolth2,ou=LDAPusers,dc=wu,dc=ac,dc=at" Dec 7 14:09:13 bach-s49 slapd[18802]: >>> dnPrettyNormal: <uid=bergolth2,ou=LDAPusers,dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: <<< dnPrettyNormal: <uid=bergolth2,ou=LDAPusers,dc=wu,dc=ac,dc=at>, <uid=bergolth2,ou=ldapusers,dc=wu,dc=ac,dc=at> Dec 7 14:09:13 bach-s49 slapd[18802]: => send_search_entry: conn 4 dn="(null)" Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access to "(null)" "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [1] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "(null)", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] applying +0 (break) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [2] mask: =0 Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_get: [5] attr entry Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: result not in cache (entry) Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: access to entry "(null)", attr "entry" requested Dec 7 14:09:13 bach-s49 slapd[18802]: => acl_mask: to all values by "", (=0) Dec 7 14:09:13 bach-s49 slapd[18802]: <= check a_dn_pat: * Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] applying read(=rscxd) (stop) Dec 7 14:09:13 bach-s49 slapd[18802]: <= acl_mask: [1] mask: read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => slap_access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: => access_allowed: read access granted by read(=rscxd) Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=1 ENTRY dn="(null)" Dec 7 14:09:13 bach-s49 slapd[18802]: <= send_search_entry: conn 4 exit. Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_result: conn=4 op=1 p=3 Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_result: err=0 matched="" text="" Dec 7 14:09:13 bach-s49 slapd[18802]: send_ldap_response: msgid=2 tag=101 err=0 Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on 1 descriptor Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on: Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=7 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=8 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on 1 descriptor Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on: Dec 7 14:09:13 bach-s49 slapd[18802]: 15r Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: read active on 15 Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=7 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=8 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: connection_get(15) Dec 7 14:09:13 bach-s49 slapd[18802]: connection_get(15): got connid=4 Dec 7 14:09:13 bach-s49 slapd[18802]: connection_read(15): checking for input on id=4 Dec 7 14:09:13 bach-s49 slapd[18802]: ber_get_next on fd 15 failed errno=0 (Success) Dec 7 14:09:13 bach-s49 slapd[18802]: connection_read(15): input error=-2 id=4, closing. Dec 7 14:09:13 bach-s49 slapd[18802]: connection_closing: readying conn=4 sd=15 for close Dec 7 14:09:13 bach-s49 slapd[18802]: connection_close: deferring conn=4 sd=15 Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=2 do_unbind Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 op=2 UNBIND Dec 7 14:09:13 bach-s49 slapd[18802]: connection_resched: attempting closing conn=4 sd=15 Dec 7 14:09:13 bach-s49 slapd[18802]: connection_close: conn=4 sd=15 Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: removing 15 Dec 7 14:09:13 bach-s49 slapd[18802]: conn=4 fd=15 closed Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on 1 descriptor Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: activity on: Dec 7 14:09:13 bach-s49 slapd[18802]: Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=7 active_threads=0 tvp=zero Dec 7 14:09:13 bach-s49 slapd[18802]: daemon: epoll: listen=8 active_threads=0 tvp=zero

2 1

userPassword encryption
by Alex Naranjo 08 Dec '09

08 Dec '09

Hi: My problem is the following i need to store user password in an openldap server but the user password can not be encrypted. I know that openldap use hashing algothitm to store this attribute and that i can use clear text, but i want to store user password using a reversible algorithm not clear text. The Active directory accounts has an option (Store Password using Reversible Encryption) that permit this. Is there any option like this in an openldap server? PD: Forgive me my english my native languaje is spanish...

3 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2009