openldap-technical August 2009

openldap-technical@openldap.org

65 participants
73 discussions

Missing UUID for entry being copied by syncrepl to secondary ldap
by Robert Hanson 18 Aug '09

18 Aug '09

(Openldap 2.4.17; BDB 4.5) I have a database that I have set up in non-replicated mode (no syncrepl setup). Now, I've added a second node in a multi-master configuration. When I start slapd on the second node, syncrepl starts up and tries to copy data to the second node. I've stepped through the syncrepl code on the master using a debugger, and it is clear that onespecific node (from the set of nodes in the master database is being queued up and sent to the secondary) has a UUID entry of length 1, and a value of "0". When that node is sent to the secondary, it is treated as if it has no UUID, which is caught by an assertion. This causes the slapd on the secondary to exit. Why is the node on the primary missing the UUID? Is there some code I can trace through to determine this? Is there a way to add the UUID to the entry? Or is there a way to patch the syncrepl code to avoid sending the node that is missing the UUID?

1 0

How to get some overlays?
by ulises gonzalez 18 Aug '09

18 Aug '09

Hello I'm begining to use Openldap, I'm using the version 2.4.11 which comes precompiled with Debian Lenny, the problem is that each time I try to load some overlay the logs saids... Aug 17 13:56:36 ldap slapd[4935]: @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008 04:13:21) $#012#011buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd Aug 17 13:56:36 ldap slapd[4935]: overlay "syncprov" not found Aug 17 13:56:36 ldap slapd[4935]: slapd stopped. Aug 17 13:56:36 ldap slapd[4935]: connections_destroy: nothing to destroy. Aug 17 14:44:23 ldap slapd[5027]: @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008 04:13:21) $#012#011buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd Aug 17 14:44:23 ldap slapd[5027]: overlay "unique" not found Aug 17 14:44:23 ldap slapd[5027]: slapd stopped. Aug 17 14:44:23 ldap slapd[5027]: connections_destroy: nothing to destroy. Aug 17 14:49:07 ldap slapd[5040]: @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008 04:13:21) $#012#011buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd Aug 17 14:49:08 ldap slapd[5040]: overlay "ppolicy" not found Aug 17 14:49:08 ldap slapd[5040]: slapd stopped. Aug 17 14:49:08 ldap slapd[5040]: connections_destroy: nothing to destroy. And Openldap doesn't start, I've been searching in the Openldap website but I haven't found any link to download so my question is where I can get overlays? I need exactly unique and syncprov overlays. Thanks... -- Salu2 ________________________ Ulinx Administrador de redes Ministerio de Finanzas y Precios Linux user 366775 "En un problema con n ecuaciones siempre habrá al menos n+1 incógnitas."

2 2

OpenLDAP structural object class problems
by Henrik Dige Semark 17 Aug '09

17 Aug '09

Hey Im trying to get OpenLDAP database + SAMBA to work as a unit. But when I try to create mashine accaunts I get this error: slapd[28381]: entry failed schema check: structural object class modification from 'account' to 'inetOrgPerson' not allowed tail -200f /var/log/syslog | grep slapd Aug 16 22:43:18 hds-linux slapd[28381]: bdb_idl_insert_key: 15 [80002715] Aug 16 22:43:18 hds-linux slapd[28381]: bdb_idl_insert_key: 15 [80000203] Aug 16 22:43:18 hds-linux slapd[28381]: send_ldap_result: err=0 matched="" text="" Aug 16 22:43:22 hds-linux slapd[28381]: connection_get(17) Aug 16 22:43:22 hds-linux slapd[28381]: conn=14 op=8 do_modify: dn (uid=hds$,ou=Computers,dc=semark,dc=dk) Aug 16 22:43:22 hds-linux slapd[28381]: conn=14 op=8 modifications: Aug 16 22:43:22 hds-linux slapd[28381]: ^Ireplace: objectClass Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Imultiple values Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaLogonTime Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 1 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaLogoffTime Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaKickoffTime Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPwdCanChange Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 1 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPwdMustChange Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPwdLastSet Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaAcctFlags Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 13 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaLMPassword Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 32 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaNTPassword Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 32 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaSID Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 47 Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPrimaryGroupSID Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 45 Aug 16 22:43:22 hds-linux slapd[28381]: hdb_modify: uid=hds$,ou=Computers,dc=semark,dc=dk Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace objectClass Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaLogonTime Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaLogoffTime Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaKickoffTime Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaPwdCanChange Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaPwdMustChange Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaPwdLastSet Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaAcctFlags Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaLMPassword Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaNTPassword Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaSID Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaPrimaryGroupSID Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace entryCSN Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace modifiersName Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace modifyTimestamp *Aug 16 22:43:22 hds-linux slapd[28381]: entry failed schema check: structural object class modification from 'account' to 'inetOrgPerson' not allowed Aug 16 22:43:22 hds-linux slapd[28381]: send_ldap_result: err=69 matched="" text="structural object class modification from 'account' to 'inetOrgPerson' not allowed"* Aug 16 22:43:22 hds-linux slapd[28381]: connection_get(17) Aug 16 22:47:37 hds-linux slapd[28381]: connection_get(25) Aug 16 22:47:37 hds-linux slapd[28381]: SRCH "sambaDomainName=SEMARK.DK,dc=semark,dc=dk" 2 0 Aug 16 22:47:37 hds-linux slapd[28381]: 0 15 0 Aug 16 22:47:37 hds-linux slapd[28381]: filter: (?objectClass=sambaTrustedDomainPassword) Aug 16 22:47:37 hds-linux slapd[28381]: attrs: Aug 16 22:47:37 hds-linux slapd[28381]: sambaDomainName Aug 16 22:47:37 hds-linux slapd[28381]: sambaSID Aug 16 22:47:37 hds-linux slapd[28381]: Aug 16 22:47:37 hds-linux slapd[28381]: bdb_idl_fetch_key: [b49d1940] Aug 16 22:47:37 hds-linux slapd[28381]: send_ldap_result: err=0 matched="" text="" What do I have to do to allow structural object changes ? Im running: Debian Lenny (5.0.2) Kernel - 2.6.26-2-xen-686 OpenLDAP: slapd 2.4.17 (Jul 29 2009 00:52:57) Samba Version 3.2.5 Winbind Version 3.2.5 Thanx for the help :) -- Med Venlig Hilsen / Best regards Henrik Dige Semark

3 4

Regarding using ldap_modif_ext_s for modifying all users globally in AD?
by Santosh Kumar 17 Aug '09

17 Aug '09

Hi Everyone, Please help us to modify all users under "users" container. could modify for individual user entry for attributes. Is the the user_dn parameter specified correct? Will the ldap_modify_ext_s supports the globally users entry modification? 1) Modify the user "tetsuser5" char *user_dn = "cn=testuser5,cn=users,dc=kpvmpdc,dc=com" if (ldap_modify_ext_s(ld, user_dn, mods,NULL,NULL) != LDAP_SUCCESS) { ldap_perror( ld, "ldap_modify_s" ); exit(EXIT_FAILURE); } ->Works 2)To modify users globally, used : char *user_dn = "cn=users,dc=kpvmpdc,dc=com" that gives error ldap_modify_s: Object class violation (65) additional info: 0000207D: UpdErr: DSID-03150F9C, problem 6002 (OBJ_CLASS_VIOLATION), data 0 Thanks in advance. Regards Santosh

1 0

Samba PDC + OpenLDAP (Debian Lenny)
by Henrik Dige Semark 15 Aug '09

15 Aug '09

Hey. I'm trying to move my existing MS-AD over to SAMBA, the place I'm working for is changing all servers from MS to Debian, but all the clients is still a mixed environment for now. We have MAC, *NIX, and Windows clients, so its imported that everything keeps running in the same or almost the same way as before the change but. When I try to join a Windows Vista Ultimate ore Windows XP Pro to the domain it takes 30 sec and then it says "The machine account dos not exist" but as I understand that is what "add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"" has to do right ? I have pasted my config + log from OpenLDAP and SAMBA, can anybody see what I have don wrung # cat /etc/samba/smb.conf ------------------------- # Defining domain name, hostname #################################################### [global] workgroup = MY-DOMAIN netbios name = HDS-Linux - PDC server string = Debian Samba-PDC %v name resolve order = host bcast hosts allow = 192.168.1. 192.168.2. 127. wins support = yes # Network settings # #interfaces = 192.168.5.11 #username map = /etc/samba/smbusers # Security # security = ads realm = MY-DOMAIN nt acl support = Yes enable privileges = yes encrypt passwords = Yes obey pam restrictions = Yes password server = my-server.my-domain #min passwd length = 5 #pam password change = no # method 1: #unix password sync = no #ldap passwd sync = yes # method 2: unix password sync = No ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd -u "%u" passwd chat = "Skift kode: *\n Ny kode*" %n\n "*Gentag ny kode*" %n\n" # Log # log level = 1 syslog = 1 log file = /var/log/samba/samba_my-domain.log max log size = 100000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 # Logon scripts # logon script = scripts/logon.bat logon path = \\%L\profile\%U logon drive = H: logon home = \\%L\%u # Server settings # time server = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes # Winbind settings # winbind use default domain = yes winbind separator = % winbind uid = 10000-21000 winbind gid = 10000-21000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U # LDAP settings # # passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com" passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=admin,dc=domain,dc=dk ldap suffix = dc=domain,dc=dk ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap idmap uid = 10000-21000 idmap gid = 10000-21000 ldap ssl = No ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -a -m "%u" add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%u" "%g" # printers configuration # printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 #force create mode = 0640 #force directory mode = 0750 printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] comment = Roaming Profiles #path = /var/lib/samba/profiles path = /home/profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U "Domain Admins" [printers] comment = Network Printers printer admin = @"Print Operators" guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j # print command = /usr/bin/lpr -U%U@%M -P%p -r %s # lpq command = /usr/bin/lpq -U%U@%M -P%p # lprm command = /usr/bin/lprm -U%U@%M -P%p %j # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j # queuepause command = /usr/sbin/lpc -U%U@%M stop %p # queueresume command = /usr/sbin/lpc -U%U@%M start %p [print$] path = /home/printers guest ok = No browseable = Yes read only = Yes valid users = @"Print Operators" write list = @"Print Operators" create mask = 0664 directory mask = 0775 [public] path = /tmp guest ok = yes browseable = Yes writable = yes [homes] path = /home/%u comment = Home Directories valid users = %u read only = No browseable = Yes create mode = 0750 # tail -200f /var/log/samba/samba_domain.log -------------------------- [2009/08/14 18:22:24, 1] param/loadparm.c:lp_do_parameter(7202) WARNING: The "printer admin" option is deprecated [2009/08/14 18:22:24, 1] param/loadparm.c:lp_do_parameter(7202) WARNING: The "printer admin" option is deprecated [2009/08/14 18:22:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for DomAdmin [2009/08/14 18:22:24, 1] auth/auth_util.c:make_server_info_sam(562) User DomAdmin in passdb, but getpwnam() fails! [2009/08/14 18:22:24, 0] auth/auth_sam.c:check_sam_security(355) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2009/08/14 18:22:47, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for DomAdmin [2009/08/14 18:22:47, 1] auth/auth_util.c:make_server_info_sam(562) User DomAdmin in passdb, but getpwnam() fails! [2009/08/14 18:22:47, 0] auth/auth_sam.c:check_sam_security(355) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083. [2009/08/14 18:22:48, 0] passdb/pdb_interface.c:pdb_default_create_user(336) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w -i "hds$"' gave 127 [2009/08/14 18:23:49, 1] param/loadparm.c:lp_do_parameter(7202) WARNING: The "printer admin" option is deprecated [2009/08/14 18:23:49, 1] param/loadparm.c:lp_do_parameter(7202) WARNING: The "printer admin" option is deprecated [2009/08/14 18:23:49, 1] libads/cldap.c:recv_cldap_netlogon(156) no reply received to cldap netlogon [2009/08/14 18:23:49, 0] printing/nt_printing.c:nt_printing_init(664) nt_printing_init: error checking published printers: WERR_ACCESS_DENIED [2009/08/14 18:23:49, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 545 (NT_STATUS_GROUP_EXISTS) tail -200f /var/log/syslog | grep slapd -------------------------- Aug 14 18:32:33 hds-linux slapd[4180]: connection_get(20) Aug 14 18:32:33 hds-linux slapd[4180]: SRCH "sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 2 0 Aug 14 18:32:33 hds-linux slapd[4180]: 0 15 0 Aug 14 18:32:33 hds-linux slapd[4180]: filter: (?objectClass=sambaTrustedDomainPassword) Aug 14 18:32:33 hds-linux slapd[4180]: attrs: Aug 14 18:32:33 hds-linux slapd[4180]: sambaDomainName Aug 14 18:32:33 hds-linux slapd[4180]: sambaSID Aug 14 18:32:33 hds-linux slapd[4180]: Aug 14 18:32:33 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:32:33 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="value does not conform to assertion syntax" Aug 14 18:32:46 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: ==> hdb_bind: dn: cn=admin,dc=domain,dc=dk Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "" 0 0 Aug 14 18:33:01 hds-linux slapd[4180]: 0 0 0 Aug 14 18:33:01 hds-linux slapd[4180]: filter: (objectClass=*) Aug 14 18:33:01 hds-linux slapd[4180]: attrs: Aug 14 18:33:01 hds-linux slapd[4180]: supportedControl Aug 14 18:33:01 hds-linux slapd[4180]: Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "sambaDomainName=MY-DOMAIN,sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 2 0 Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:01 hds-linux slapd[4180]: filter: (&(?objectClass=sambaTrustedDomainPassword)(sambaDomainName=MY-DOMAIN)) Aug 14 18:33:01 hds-linux slapd[4180]: attrs: Aug 14 18:33:01 hds-linux slapd[4180]: Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=10 matched="sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" text="value does not conform to assertion syntax" Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0 Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:01 hds-linux slapd[4180]: filter: (&(uid=domadmin)(objectClass=sambaSamAccount)) Aug 14 18:33:01 hds-linux slapd[4180]: attrs: Aug 14 18:33:01 hds-linux slapd[4180]: uid Aug 14 18:33:01 hds-linux slapd[4180]: uidNumber Aug 14 18:33:01 hds-linux slapd[4180]: gidNumber Aug 14 18:33:01 hds-linux slapd[4180]: homeDirectory Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdLastSet Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdCanChange Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdMustChange Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogonTime Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogoffTime Aug 14 18:33:01 hds-linux slapd[4180]: sambaKickoffTime Aug 14 18:33:01 hds-linux slapd[4180]: cn Aug 14 18:33:01 hds-linux slapd[4180]: sn Aug 14 18:33:01 hds-linux slapd[4180]: displayName Aug 14 18:33:01 hds-linux slapd[4180]: sambaHomeDrive Aug 14 18:33:01 hds-linux slapd[4180]: sambaHomePath Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogonScript Aug 14 18:33:01 hds-linux slapd[4180]: sambaProfilePath Aug 14 18:33:01 hds-linux slapd[4180]: description Aug 14 18:33:01 hds-linux slapd[4180]: sambaUserWorkstations Aug 14 18:33:01 hds-linux slapd[4180]: sambaSID Aug 14 18:33:01 hds-linux slapd[4180]: sambaPrimaryGroupSID Aug 14 18:33:01 hds-linux slapd[4180]: sambaLMPassword Aug 14 18:33:01 hds-linux slapd[4180]: sambaNTPassword Aug 14 18:33:01 hds-linux slapd[4180]: sambaDomainName Aug 14 18:33:01 hds-linux slapd[4180]: objectClass Aug 14 18:33:01 hds-linux slapd[4180]: sambaAcctFlags Aug 14 18:33:01 hds-linux slapd[4180]: sambaMungedDial Aug 14 18:33:01 hds-linux slapd[4180]: sambaBadPasswordCount Aug 14 18:33:01 hds-linux slapd[4180]: sambaBadPasswordTime Aug 14 18:33:01 hds-linux slapd[4180]: sambaPasswordHistory Aug 14 18:33:01 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogonHours Aug 14 18:33:01 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:01 hds-linux slapd[4180]: uidNumber Aug 14 18:33:01 hds-linux slapd[4180]: Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [08a4f228] Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [f937ce0f] Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 0 0 Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:01 hds-linux slapd[4180]: filter: (objectClass=*) Aug 14 18:33:01 hds-linux slapd[4180]: attrs: Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdHistoryLength Aug 14 18:33:01 hds-linux slapd[4180]: Aug 14 18:33:01 hds-linux slapd[4180]: base_candidates: base: "sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" (0x00000011) Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 0 0 Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:01 hds-linux slapd[4180]: filter: (objectClass=*) Aug 14 18:33:01 hds-linux slapd[4180]: attrs: Aug 14 18:33:01 hds-linux slapd[4180]: sambaMaxPwdAge Aug 14 18:33:01 hds-linux slapd[4180]: Aug 14 18:33:01 hds-linux slapd[4180]: base_candidates: base: "sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" (0x00000011) Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0 Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:01 hds-linux slapd[4180]: filter: (&(objectClass=sambaGroupMapping)(gidNumber=65534)) Aug 14 18:33:01 hds-linux slapd[4180]: attrs: Aug 14 18:33:01 hds-linux slapd[4180]: gidNumber Aug 14 18:33:01 hds-linux slapd[4180]: sambaSID Aug 14 18:33:01 hds-linux slapd[4180]: sambaGroupType Aug 14 18:33:01 hds-linux slapd[4180]: sambaSIDList Aug 14 18:33:01 hds-linux slapd[4180]: description Aug 14 18:33:01 hds-linux slapd[4180]: displayName Aug 14 18:33:01 hds-linux slapd[4180]: cn Aug 14 18:33:01 hds-linux slapd[4180]: objectClass Aug 14 18:33:01 hds-linux slapd[4180]: Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2] Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [8000fffe] Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:02 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:02 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0 Aug 14 18:33:02 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:02 hds-linux slapd[4180]: filter: (&(uid=hds$)(objectClass=sambaSamAccount)) Aug 14 18:33:02 hds-linux slapd[4180]: attrs: Aug 14 18:33:02 hds-linux slapd[4180]: uid Aug 14 18:33:02 hds-linux slapd[4180]: uidNumber Aug 14 18:33:02 hds-linux slapd[4180]: gidNumber Aug 14 18:33:02 hds-linux slapd[4180]: homeDirectory Aug 14 18:33:02 hds-linux slapd[4180]: sambaPwdLastSet Aug 14 18:33:02 hds-linux slapd[4180]: sambaPwdCanChange Aug 14 18:33:02 hds-linux slapd[4180]: sambaPwdMustChange Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogonTime Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogoffTime Aug 14 18:33:02 hds-linux slapd[4180]: sambaKickoffTime Aug 14 18:33:02 hds-linux slapd[4180]: cn Aug 14 18:33:02 hds-linux slapd[4180]: sn Aug 14 18:33:02 hds-linux slapd[4180]: displayName Aug 14 18:33:02 hds-linux slapd[4180]: sambaHomeDrive Aug 14 18:33:02 hds-linux slapd[4180]: sambaHomePath Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogonScript Aug 14 18:33:02 hds-linux slapd[4180]: sambaProfilePath Aug 14 18:33:02 hds-linux slapd[4180]: description Aug 14 18:33:02 hds-linux slapd[4180]: sambaUserWorkstations Aug 14 18:33:02 hds-linux slapd[4180]: sambaSID Aug 14 18:33:02 hds-linux slapd[4180]: sambaPrimaryGroupSID Aug 14 18:33:02 hds-linux slapd[4180]: sambaLMPassword Aug 14 18:33:02 hds-linux slapd[4180]: sambaNTPassword Aug 14 18:33:02 hds-linux slapd[4180]: sambaDomainName Aug 14 18:33:02 hds-linux slapd[4180]: objectClass Aug 14 18:33:02 hds-linux slapd[4180]: sambaAcctFlags Aug 14 18:33:02 hds-linux slapd[4180]: sambaMungedDial Aug 14 18:33:02 hds-linux slapd[4180]: sambaBadPasswordCount Aug 14 18:33:02 hds-linux slapd[4180]: sambaBadPasswordTime Aug 14 18:33:02 hds-linux slapd[4180]: sambaPasswordHistory Aug 14 18:33:02 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogonHours Aug 14 18:33:02 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:02 hds-linux slapd[4180]: uidNumber Aug 14 18:33:02 hds-linux slapd[4180]: Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [a06475a6] Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:02 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:02 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0 Aug 14 18:33:02 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:02 hds-linux slapd[4180]: filter: (&(objectClass=sambaGroupMapping)(|(displayName=hds$)(cn=hds$))) Aug 14 18:33:02 hds-linux slapd[4180]: attrs: Aug 14 18:33:02 hds-linux slapd[4180]: gidNumber Aug 14 18:33:02 hds-linux slapd[4180]: sambaSID Aug 14 18:33:02 hds-linux slapd[4180]: sambaGroupType Aug 14 18:33:02 hds-linux slapd[4180]: sambaSIDList Aug 14 18:33:02 hds-linux slapd[4180]: description Aug 14 18:33:02 hds-linux slapd[4180]: displayName Aug 14 18:33:02 hds-linux slapd[4180]: cn Aug 14 18:33:02 hds-linux slapd[4180]: objectClass Aug 14 18:33:02 hds-linux slapd[4180]: Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2] Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [9767cf87] Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [4194d841] Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:12 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:12 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:24 hds-linux slapd[4180]: ==> hdb_bind: dn: cn=admin,dc=domain,dc=dk Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "" 0 0 Aug 14 18:33:24 hds-linux slapd[4180]: 0 0 0 Aug 14 18:33:24 hds-linux slapd[4180]: filter: (objectClass=*) Aug 14 18:33:24 hds-linux slapd[4180]: attrs: Aug 14 18:33:24 hds-linux slapd[4180]: supportedControl Aug 14 18:33:24 hds-linux slapd[4180]: Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "sambaDomainName=MY-DOMAIN,sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 2 0 Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:24 hds-linux slapd[4180]: filter: (&(?objectClass=sambaTrustedDomainPassword)(sambaDomainName=MY-DOMAIN)) Aug 14 18:33:24 hds-linux slapd[4180]: attrs: Aug 14 18:33:24 hds-linux slapd[4180]: Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=10 matched="sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" text="value does not conform to assertion syntax" Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0 Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:24 hds-linux slapd[4180]: filter: (&(uid=domadmin)(objectClass=sambaSamAccount)) Aug 14 18:33:24 hds-linux slapd[4180]: attrs: Aug 14 18:33:24 hds-linux slapd[4180]: uid Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber Aug 14 18:33:24 hds-linux slapd[4180]: homeDirectory Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdLastSet Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdCanChange Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdMustChange Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonTime Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogoffTime Aug 14 18:33:24 hds-linux slapd[4180]: sambaKickoffTime Aug 14 18:33:24 hds-linux slapd[4180]: cn Aug 14 18:33:24 hds-linux slapd[4180]: sn Aug 14 18:33:24 hds-linux slapd[4180]: displayName Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomeDrive Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomePath Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonScript Aug 14 18:33:24 hds-linux slapd[4180]: sambaProfilePath Aug 14 18:33:24 hds-linux slapd[4180]: description Aug 14 18:33:24 hds-linux slapd[4180]: sambaUserWorkstations Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID Aug 14 18:33:24 hds-linux slapd[4180]: sambaPrimaryGroupSID Aug 14 18:33:24 hds-linux slapd[4180]: sambaLMPassword Aug 14 18:33:24 hds-linux slapd[4180]: sambaNTPassword Aug 14 18:33:24 hds-linux slapd[4180]: sambaDomainName Aug 14 18:33:24 hds-linux slapd[4180]: objectClass Aug 14 18:33:24 hds-linux slapd[4180]: sambaAcctFlags Aug 14 18:33:24 hds-linux slapd[4180]: sambaMungedDial Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordCount Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordTime Aug 14 18:33:24 hds-linux slapd[4180]: sambaPasswordHistory Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonHours Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber Aug 14 18:33:24 hds-linux slapd[4180]: Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [08a4f228] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [f937ce0f] Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0 Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:24 hds-linux slapd[4180]: filter: (&(objectClass=sambaGroupMapping)(gidNumber=65534)) Aug 14 18:33:24 hds-linux slapd[4180]: attrs: Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID Aug 14 18:33:24 hds-linux slapd[4180]: sambaGroupType Aug 14 18:33:24 hds-linux slapd[4180]: sambaSIDList Aug 14 18:33:24 hds-linux slapd[4180]: description Aug 14 18:33:24 hds-linux slapd[4180]: displayName Aug 14 18:33:24 hds-linux slapd[4180]: cn Aug 14 18:33:24 hds-linux slapd[4180]: objectClass Aug 14 18:33:24 hds-linux slapd[4180]: Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [8000fffe] Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0 Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:24 hds-linux slapd[4180]: filter: (&(uid=hds$)(objectClass=sambaSamAccount)) Aug 14 18:33:24 hds-linux slapd[4180]: attrs: Aug 14 18:33:24 hds-linux slapd[4180]: uid Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber Aug 14 18:33:24 hds-linux slapd[4180]: homeDirectory Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdLastSet Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdCanChange Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdMustChange Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonTime Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogoffTime Aug 14 18:33:24 hds-linux slapd[4180]: sambaKickoffTime Aug 14 18:33:24 hds-linux slapd[4180]: cn Aug 14 18:33:24 hds-linux slapd[4180]: sn Aug 14 18:33:24 hds-linux slapd[4180]: displayName Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomeDrive Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomePath Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonScript Aug 14 18:33:24 hds-linux slapd[4180]: sambaProfilePath Aug 14 18:33:24 hds-linux slapd[4180]: description Aug 14 18:33:24 hds-linux slapd[4180]: sambaUserWorkstations Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID Aug 14 18:33:24 hds-linux slapd[4180]: sambaPrimaryGroupSID Aug 14 18:33:24 hds-linux slapd[4180]: sambaLMPassword Aug 14 18:33:24 hds-linux slapd[4180]: sambaNTPassword Aug 14 18:33:24 hds-linux slapd[4180]: sambaDomainName Aug 14 18:33:24 hds-linux slapd[4180]: objectClass Aug 14 18:33:24 hds-linux slapd[4180]: sambaAcctFlags Aug 14 18:33:24 hds-linux slapd[4180]: sambaMungedDial Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordCount Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordTime Aug 14 18:33:24 hds-linux slapd[4180]: sambaPasswordHistory Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonHours Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber Aug 14 18:33:24 hds-linux slapd[4180]: Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [a06475a6] Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14) Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0 Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0 Aug 14 18:33:24 hds-linux slapd[4180]: filter: (&(objectClass=sambaGroupMapping)(|(displayName=hds$)(cn=hds$))) Aug 14 18:33:24 hds-linux slapd[4180]: attrs: Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID Aug 14 18:33:24 hds-linux slapd[4180]: sambaGroupType Aug 14 18:33:24 hds-linux slapd[4180]: sambaSIDList Aug 14 18:33:24 hds-linux slapd[4180]: description Aug 14 18:33:24 hds-linux slapd[4180]: displayName Aug 14 18:33:24 hds-linux slapd[4180]: cn Aug 14 18:33:24 hds-linux slapd[4180]: objectClass Aug 14 18:33:24 hds-linux slapd[4180]: Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [9767cf87] Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [4194d841] Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29) Aug 14 18:33:25 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 2 Aug 14 18:33:25 hds-linux slapd[4180]: 0 0 0 Aug 14 18:33:25 hds-linux slapd[4180]: filter: (&(objectClass=posixAccount)(uid=hds$)) Aug 14 18:33:25 hds-linux slapd[4180]: attrs: Aug 14 18:33:25 hds-linux slapd[4180]: Aug 14 18:33:25 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940] Aug 14 18:33:25 hds-linux slapd[4180]: bdb_idl_fetch_key: [5941c014] Aug 14 18:33:25 hds-linux slapd[4180]: bdb_idl_fetch_key: [a06475a6] Aug 14 18:33:25 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29) Aug 14 18:33:25 hds-linux slapd[4180]: SRCH "sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 0 2 Aug 14 18:33:25 hds-linux slapd[4180]: 0 0 0 Aug 14 18:33:25 hds-linux slapd[4180]: filter: (objectClass=sambaUnixIdPool) Aug 14 18:33:25 hds-linux slapd[4180]: attrs: Aug 14 18:33:25 hds-linux slapd[4180]: Aug 14 18:33:25 hds-linux slapd[4180]: base_candidates: base: "sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" (0x00000011) Aug 14 18:33:25 hds-linux slapd[4180]: send_ldap_result: err=0 matched="" text="" Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29) Aug 14 18:33:25 hds-linux slapd[4180]: conn=44 op=2 do_modify: dn (sambaDomainName=MY-DOMAIN,dc=domain,dc=dk) Aug 14 18:33:25 hds-linux slapd[4180]: conn=44 op=2 modifications: Aug 14 18:33:25 hds-linux slapd[4180]: ^Ireplace: uidNumber Aug 14 18:33:25 hds-linux slapd[4180]: ^I^Ione value, length 5 Aug 14 18:33:25 hds-linux slapd[4180]: send_ldap_result: err=8 matched="" text="modifications require authentication" Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29) Aug 14 18:33:35 hds-linux slapd[4180]: connection_get(14) # net groupmap list -------------------------- Domain Admins (S-1-5-21-3045805106-2558287267-4023452987-512) -> 512 Domain Users (S-1-5-21-3045805106-2558287267-4023452987-513) -> 513 Domain Guests (S-1-5-21-3045805106-2558287267-4023452987-514) -> 514 Domain Computers (S-1-5-21-3045805106-2558287267-4023452987-515) -> 515 Administrators (S-1-5-32-544) -> 544 Account Operators (S-1-5-32-548) -> 548 Print Operators (S-1-5-32-550) -> 550 Backup Operators (S-1-5-32-551) -> 551 Replicators (S-1-5-32-552) -> 552 Users (S-1-5-32-545) -> 10000 System info: -------------------------- Debian Lenny 5.0.2 Kernel - 2.6.26-2-xen-686 Samba Version 3.2.5 Winbind Version 3.2.5 OpenLDAP Version 2.4.11 if there is more info you need plz just ask :)

2 1

v. 2.4.15 , set as provider giving msg: "logdb <suffix>" missing or invalid
by Brian Neu 14 Aug '09

14 Aug '09

My apologies if I'm overlooking the obvious, but I'm past deadline, late for my kid's football practice, and my brain is fried. I've done my best to follow the Admin Guide example at 18.3.2.1. When issuing a "service ldap restart" or /etc/init.d/ldap restart I get this output hdb_db_open: database "dc=accesslog": unclean shutdown detected; attempting recovery. hdb_db_open: database "dc=accesslog": recovery skipped in read-only mode. Run manual recovery if errors are encountered. hdb_db_open: database "dc=srg,dc=com": unclean shutdown detected; attempting recovery. hdb_db_open: database "dc=srg,dc=com": recovery skipped in read-only mode. Run manual recovery if errors are encountered. accesslog: "logdb <suffix>" missing or invalid. backend_startup_one: bi_db_open failed! (1) slap_startup failed (test would succeed using the -u switch) stale lock files may be present in /var/lib/ldap/accesslog [WARNING] stale lock files may be present in /var/lib/ldap [WARNING] I've tried a -s 192 and a -d 192 as an argument to slapd ---- I'm not even sure where the logs are supposed to go, as nothing ends up in /var/log/messages . Any help would be greatly appreciated. I put the attached slapd.conf up at pastebin too: http://pastebin.com/m11dc35a5 Thanks!

2 1

Multi-master configuration -- check my slapd.conf files please?
by Robert Hanson 14 Aug '09

14 Aug '09

Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out? ================================================== Server 10.192,252.64 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database" include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema" pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args" # inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300 sizelimit unlimited # Max # of threads. Default is 16 #threads 16 # For older Enterprise clients - AM allow bind_v2 # Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000 # Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8 # Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database" # Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq # for sync repl serverID 1 syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.65:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385 mirrormode true # ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999 # set the host up as a provider overlay syncprov syncprov-checkpoint 100 10 ================================================== Server 10.192,252.65 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database" include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema" pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args" # inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300 sizelimit unlimited # Max # of threads. Default is 16 #threads 16 # For older Enterprise clients - AM allow bind_v2 # Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000 # Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8 # Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database" # Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq # for sync repl serverID 2 syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.64:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385 mirrormode true # ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999 # set the host up as a provider overlay syncprov syncprov-checkpoint 100 10

2 2

FW: Multi-master configuration -- check my slapd.conf files please?
by Robert Hanson 14 Aug '09

14 Aug '09

I have not had a response yet. Would someone please check the syncrepl setup of the config files (below) to see if there are any issues? In particular, do I need the syncprov-checkpoint ? Thanks. ________________________________ From: Robert Hanson Sent: Monday, August 03, 2009 4:01 PM To: openldap-technical(a)openldap.org Subject: Multi-master configuration -- check my slapd.conf files please? Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out? ================================================== Server 10.192,252.64 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database" include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema" pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args" # inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300 sizelimit unlimited # Max # of threads. Default is 16 #threads 16 # For older Enterprise clients - AM allow bind_v2 # Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000 # Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8 # Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database" # Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq # for sync repl serverID 1 syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.65:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385 mirrormode true # ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999 # set the host up as a provider overlay syncprov syncprov-checkpoint 100 10 ================================================== Server 10.192,252.65 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database" include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema" pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args" # inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300 sizelimit unlimited # Max # of threads. Default is 16 #threads 16 # For older Enterprise clients - AM allow bind_v2 # Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000 # Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8 # Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database" # Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq # for sync repl serverID 2 syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.64:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385 mirrormode true # ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999 # set the host up as a provider overlay syncprov syncprov-checkpoint 100 10

2 1

syncrepl problem?
by Tim Tyler 14 Aug '09

14 Aug '09

Openldap experts, We are running 2.3.43 Openldap on Centos 5.3 systems. I have one provider and two consumers. I believe the consumers were working fine in terms of receiving replication data and staying synchronized until today. I have this entry in slapd.conf syncrepl rid=102 type=refreshAndPersist interval=00:01:00:00 The problem is that I had to completely restore the provider's entire ldap database from a backup ldif file after screwing up over 200 accounts. I got the provider back to the way I wanted, but now the consumers won't synchronize (replicate) any more. 1. Should syncrepl ultimately be able to replicate after a major change to the provider such as a ldif restoration? Or should I expect to have to reload the consumer entries from scratch from a provider generated ldif in situations like this? 2. I thought I read once that the interval settings was still important for when refreshandpersist missed an update. Is that true? Tim Tyler Network Engineer Beloit College

3 3

Cleaning slapcat(1) LDIF output
by Jordi Espasa Clofent 14 Aug '09

14 Aug '09

Hi all, According slapcat(1) man: "The output of slapcat is intended to be used as input to slapadd(8). The output of slapcat cannot generally be used as input to ldapadd(1) or other LDAP clients without first editing the output. This editing would normally include reordering the records into superior first order and removing no-user-modification operational attributes." So, I've done: # making normal LDIF using slapcat(1) $ slapcat -l test_backup.ldif # cleaning the LDIF and dump the results in another file $ egrep -ve '^(entryUUID|creatorsName|structuralObjectClass|createTimestamp|entryCSN|modifiersName|modifyTimestamp): ' \ test_backup.ldif > test_backup_cleaned.ldif #viewing the differences $ diff -y test_backup.ldif test_backup_cleaned.ldif | less ¿Is it a correct way to "clean" the initial LDIF you can get with slapcat(1)? And another minor question ¿Can I use the slapcat(1) tool on the fly? man pages say nothing about it. -- Thanks, Jordi Espasa Clofent

3 5

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2009