Missing UUID for entry being copied by syncrepl to secondary ldap
by Robert Hanson
(Openldap 2.4.17; BDB 4.5)
I have a database that I have set up in non-replicated mode (no syncrepl setup). Now, I've added a second node in a multi-master configuration. When I start slapd on the second node, syncrepl starts up and tries to copy data to the second node. I've stepped through the syncrepl code on the master using a debugger, and it is clear that onespecific node (from the set of nodes in the master database is being queued up and sent to the secondary) has a UUID entry of length 1, and a value of "0".
When that node is sent to the secondary, it is treated as if it has no UUID, which is caught by an assertion. This causes the slapd on the secondary to exit.
Why is the node on the primary missing the UUID? Is there some code I can trace through to determine this? Is there a way to add the UUID to the entry? Or is there a way to patch the syncrepl code to avoid sending the node that is missing the UUID?
14 years, 3 months
How to get some overlays?
by ulises gonzalez
Hello
I'm begining to use Openldap, I'm using the version 2.4.11 which comes
precompiled with Debian Lenny, the problem is that each time I try to load
some overlay the logs saids...
Aug 17 13:56:36 ldap slapd[4935]: @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008
04:13:21)
$#012#011buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd
Aug 17 13:56:36 ldap slapd[4935]: overlay "syncprov" not found
Aug 17 13:56:36 ldap slapd[4935]: slapd stopped.
Aug 17 13:56:36 ldap slapd[4935]: connections_destroy: nothing to destroy.
Aug 17 14:44:23 ldap slapd[5027]: @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008
04:13:21)
$#012#011buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd
Aug 17 14:44:23 ldap slapd[5027]: overlay "unique" not found
Aug 17 14:44:23 ldap slapd[5027]: slapd stopped.
Aug 17 14:44:23 ldap slapd[5027]: connections_destroy: nothing to destroy.
Aug 17 14:49:07 ldap slapd[5040]: @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008
04:13:21)
$#012#011buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd
Aug 17 14:49:08 ldap slapd[5040]: overlay "ppolicy" not found
Aug 17 14:49:08 ldap slapd[5040]: slapd stopped.
Aug 17 14:49:08 ldap slapd[5040]: connections_destroy: nothing to destroy.
And Openldap doesn't start, I've been searching in the Openldap website but I
haven't found any link to download so my question is where I can get
overlays? I need exactly unique and syncprov overlays.
Thanks...
--
Salu2
________________________
Ulinx
Administrador de redes
Ministerio de Finanzas y Precios
Linux user 366775
"En un problema con n ecuaciones
siempre habrá al menos n+1 incógnitas."
14 years, 3 months
OpenLDAP structural object class problems
by Henrik Dige Semark
Hey
Im trying to get OpenLDAP database + SAMBA to work as a unit.
But when I try to create mashine accaunts I get this error:
slapd[28381]: entry failed schema check: structural object class
modification from 'account' to 'inetOrgPerson' not allowed
tail -200f /var/log/syslog | grep slapd
Aug 16 22:43:18 hds-linux slapd[28381]: bdb_idl_insert_key: 15 [80002715]
Aug 16 22:43:18 hds-linux slapd[28381]: bdb_idl_insert_key: 15 [80000203]
Aug 16 22:43:18 hds-linux slapd[28381]: send_ldap_result: err=0
matched="" text=""
Aug 16 22:43:22 hds-linux slapd[28381]: connection_get(17)
Aug 16 22:43:22 hds-linux slapd[28381]: conn=14 op=8 do_modify: dn
(uid=hds$,ou=Computers,dc=semark,dc=dk)
Aug 16 22:43:22 hds-linux slapd[28381]: conn=14 op=8 modifications:
Aug 16 22:43:22 hds-linux slapd[28381]: ^Ireplace: objectClass
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Imultiple values
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaLogonTime
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 1
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaLogoffTime
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaKickoffTime
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPwdCanChange
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 1
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPwdMustChange
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPwdLastSet
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 10
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaAcctFlags
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 13
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaLMPassword
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 32
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaNTPassword
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 32
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaSID
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 47
Aug 16 22:43:22 hds-linux slapd[28381]: ^Iadd: sambaPrimaryGroupSID
Aug 16 22:43:22 hds-linux slapd[28381]: ^I^Ione value, length 45
Aug 16 22:43:22 hds-linux slapd[28381]: hdb_modify:
uid=hds$,ou=Computers,dc=semark,dc=dk
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace
objectClass
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaLogonTime
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaLogoffTime
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaKickoffTime
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaPwdCanChange
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaPwdMustChange
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaPwdLastSet
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaAcctFlags
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaLMPassword
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaNTPassword
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add sambaSID
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: add
sambaPrimaryGroupSID
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace
entryCSN
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace
modifiersName
Aug 16 22:43:22 hds-linux slapd[28381]: bdb_modify_internal: replace
modifyTimestamp
*Aug 16 22:43:22 hds-linux slapd[28381]: entry failed schema check:
structural object class modification from 'account' to 'inetOrgPerson'
not allowed
Aug 16 22:43:22 hds-linux slapd[28381]: send_ldap_result: err=69
matched="" text="structural object class modification from 'account' to
'inetOrgPerson' not allowed"*
Aug 16 22:43:22 hds-linux slapd[28381]: connection_get(17)
Aug 16 22:47:37 hds-linux slapd[28381]: connection_get(25)
Aug 16 22:47:37 hds-linux slapd[28381]: SRCH
"sambaDomainName=SEMARK.DK,dc=semark,dc=dk" 2 0
Aug 16 22:47:37 hds-linux slapd[28381]: 0 15 0
Aug 16 22:47:37 hds-linux slapd[28381]: filter:
(?objectClass=sambaTrustedDomainPassword)
Aug 16 22:47:37 hds-linux slapd[28381]: attrs:
Aug 16 22:47:37 hds-linux slapd[28381]: sambaDomainName
Aug 16 22:47:37 hds-linux slapd[28381]: sambaSID
Aug 16 22:47:37 hds-linux slapd[28381]:
Aug 16 22:47:37 hds-linux slapd[28381]: bdb_idl_fetch_key: [b49d1940]
Aug 16 22:47:37 hds-linux slapd[28381]: send_ldap_result: err=0
matched="" text=""
What do I have to do to allow structural object changes ?
Im running:
Debian Lenny (5.0.2)
Kernel - 2.6.26-2-xen-686
OpenLDAP: slapd 2.4.17 (Jul 29 2009 00:52:57)
Samba Version 3.2.5
Winbind Version 3.2.5
Thanx for the help :)
--
Med Venlig Hilsen / Best regards
Henrik Dige Semark
14 years, 3 months
Regarding using ldap_modif_ext_s for modifying all users globally in AD?
by Santosh Kumar
Hi Everyone,
Please help us to modify all users under "users" container.
could modify for individual user entry for attributes.
Is the the user_dn parameter specified correct?
Will the ldap_modify_ext_s supports the globally users entry modification?
1) Modify the user "tetsuser5"
char *user_dn = "cn=testuser5,cn=users,dc=kpvmpdc,dc=com"
if (ldap_modify_ext_s(ld, user_dn, mods,NULL,NULL) != LDAP_SUCCESS) {
ldap_perror( ld, "ldap_modify_s" );
exit(EXIT_FAILURE);
}
->Works
2)To modify users globally,
used : char *user_dn = "cn=users,dc=kpvmpdc,dc=com"
that gives error
ldap_modify_s: Object class violation (65)
additional info: 0000207D: UpdErr: DSID-03150F9C, problem 6002 (OBJ_CLASS_VIOLATION), data 0
Thanks in advance.
Regards
Santosh
14 years, 3 months
Samba PDC + OpenLDAP (Debian Lenny)
by Henrik Dige Semark
Hey.
I'm trying to move my existing MS-AD over to SAMBA, the place I'm
working for is changing all servers from MS to Debian, but all the
clients is still a mixed environment for now.
We have MAC, *NIX, and Windows clients, so its imported that everything
keeps running in the same or almost the same way as before the change but.
When I try to join a Windows Vista Ultimate ore Windows XP Pro to the
domain it takes 30 sec and then it says "The machine account dos not
exist" but as I understand that is what
"add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"" has to
do right ?
I have pasted my config + log from OpenLDAP and SAMBA, can anybody see
what I have don wrung
# cat /etc/samba/smb.conf
-------------------------
# Defining domain name, hostname
####################################################
[global]
workgroup = MY-DOMAIN
netbios name = HDS-Linux - PDC
server string = Debian Samba-PDC %v
name resolve order = host bcast
hosts allow = 192.168.1. 192.168.2. 127.
wins support = yes
# Network settings #
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
# Security #
security = ads
realm = MY-DOMAIN
nt acl support = Yes
enable privileges = yes
encrypt passwords = Yes
obey pam restrictions = Yes
password server = my-server.my-domain
#min passwd length = 5
#pam password change = no
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = No
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Skift kode: *\n Ny kode*" %n\n "*Gentag ny kode*"
%n\n"
# Log #
log level = 1
syslog = 1
log file = /var/log/samba/samba_my-domain.log
max log size = 100000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
# Logon scripts #
logon script = scripts/logon.bat
logon path = \\%L\profile\%U
logon drive = H:
logon home = \\%L\%u
# Server settings #
time server = Yes
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
# Winbind settings #
winbind use default domain = yes
winbind separator = %
winbind uid = 10000-21000
winbind gid = 10000-21000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
# LDAP settings #
# passdb backend = ldapsam:"ldap://ldap1.company.com
ldap://ldap2.company.com"
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=domain,dc=dk
ldap suffix = dc=domain,dc=dk
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap uid = 10000-21000
idmap gid = 10000-21000
ldap ssl = No
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%u" "%g"
# printers configuration #
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile
folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
comment = Roaming Profiles
#path = /var/lib/samba/profiles
path = /home/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U "Domain Admins"
[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
# queuepause command = /usr/sbin/lpc -U%U@%M stop %p
# queueresume command = /usr/sbin/lpc -U%U@%M start %p
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes
[homes]
path = /home/%u
comment = Home Directories
valid users = %u
read only = No
browseable = Yes
create mode = 0750
# tail -200f /var/log/samba/samba_domain.log
--------------------------
[2009/08/14 18:22:24, 1] param/loadparm.c:lp_do_parameter(7202)
WARNING: The "printer admin" option is deprecated
[2009/08/14 18:22:24, 1] param/loadparm.c:lp_do_parameter(7202)
WARNING: The "printer admin" option is deprecated
[2009/08/14 18:22:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
pdb_get_group_sid: Failed to find Unix account for DomAdmin
[2009/08/14 18:22:24, 1] auth/auth_util.c:make_server_info_sam(562)
User DomAdmin in passdb, but getpwnam() fails!
[2009/08/14 18:22:24, 0] auth/auth_sam.c:check_sam_security(355)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2009/08/14 18:22:47, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
pdb_get_group_sid: Failed to find Unix account for DomAdmin
[2009/08/14 18:22:47, 1] auth/auth_util.c:make_server_info_sam(562)
User DomAdmin in passdb, but getpwnam() fails!
[2009/08/14 18:22:47, 0] auth/auth_sam.c:check_sam_security(355)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
Error: modifications require authentication at
/usr/share/perl5/smbldap_tools.pm line 1083.
[2009/08/14 18:22:48, 0]
passdb/pdb_interface.c:pdb_default_create_user(336)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0
-w -i "hds$"' gave 127
[2009/08/14 18:23:49, 1] param/loadparm.c:lp_do_parameter(7202)
WARNING: The "printer admin" option is deprecated
[2009/08/14 18:23:49, 1] param/loadparm.c:lp_do_parameter(7202)
WARNING: The "printer admin" option is deprecated
[2009/08/14 18:23:49, 1] libads/cldap.c:recv_cldap_netlogon(156)
no reply received to cldap netlogon
[2009/08/14 18:23:49, 0] printing/nt_printing.c:nt_printing_init(664)
nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2009/08/14 18:23:49, 0] groupdb/mapping.c:pdb_create_builtin_alias(802)
pdb_create_builtin_alias: Could not add group mapping entry for alias
545 (NT_STATUS_GROUP_EXISTS)
tail -200f /var/log/syslog | grep slapd
--------------------------
Aug 14 18:32:33 hds-linux slapd[4180]: connection_get(20)
Aug 14 18:32:33 hds-linux slapd[4180]: SRCH
"sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 2 0
Aug 14 18:32:33 hds-linux slapd[4180]: 0 15 0
Aug 14 18:32:33 hds-linux slapd[4180]: filter:
(?objectClass=sambaTrustedDomainPassword)
Aug 14 18:32:33 hds-linux slapd[4180]: attrs:
Aug 14 18:32:33 hds-linux slapd[4180]: sambaDomainName
Aug 14 18:32:33 hds-linux slapd[4180]: sambaSID
Aug 14 18:32:33 hds-linux slapd[4180]:
Aug 14 18:32:33 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:32:33 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text="value does not conform to assertion syntax"
Aug 14 18:32:46 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: ==> hdb_bind: dn:
cn=admin,dc=domain,dc=dk
Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "" 0 0
Aug 14 18:33:01 hds-linux slapd[4180]: 0 0 0
Aug 14 18:33:01 hds-linux slapd[4180]: filter: (objectClass=*)
Aug 14 18:33:01 hds-linux slapd[4180]: attrs:
Aug 14 18:33:01 hds-linux slapd[4180]: supportedControl
Aug 14 18:33:01 hds-linux slapd[4180]:
Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: SRCH
"sambaDomainName=MY-DOMAIN,sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 2 0
Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:01 hds-linux slapd[4180]: filter:
(&(?objectClass=sambaTrustedDomainPassword)(sambaDomainName=MY-DOMAIN))
Aug 14 18:33:01 hds-linux slapd[4180]: attrs:
Aug 14 18:33:01 hds-linux slapd[4180]:
Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=10
matched="sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" text="value does not
conform to assertion syntax"
Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0
Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:01 hds-linux slapd[4180]: filter:
(&(uid=domadmin)(objectClass=sambaSamAccount))
Aug 14 18:33:01 hds-linux slapd[4180]: attrs:
Aug 14 18:33:01 hds-linux slapd[4180]: uid
Aug 14 18:33:01 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:01 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:01 hds-linux slapd[4180]: homeDirectory
Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdLastSet
Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdCanChange
Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdMustChange
Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogonTime
Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogoffTime
Aug 14 18:33:01 hds-linux slapd[4180]: sambaKickoffTime
Aug 14 18:33:01 hds-linux slapd[4180]: cn
Aug 14 18:33:01 hds-linux slapd[4180]: sn
Aug 14 18:33:01 hds-linux slapd[4180]: displayName
Aug 14 18:33:01 hds-linux slapd[4180]: sambaHomeDrive
Aug 14 18:33:01 hds-linux slapd[4180]: sambaHomePath
Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogonScript
Aug 14 18:33:01 hds-linux slapd[4180]: sambaProfilePath
Aug 14 18:33:01 hds-linux slapd[4180]: description
Aug 14 18:33:01 hds-linux slapd[4180]: sambaUserWorkstations
Aug 14 18:33:01 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:01 hds-linux slapd[4180]: sambaPrimaryGroupSID
Aug 14 18:33:01 hds-linux slapd[4180]: sambaLMPassword
Aug 14 18:33:01 hds-linux slapd[4180]: sambaNTPassword
Aug 14 18:33:01 hds-linux slapd[4180]: sambaDomainName
Aug 14 18:33:01 hds-linux slapd[4180]: objectClass
Aug 14 18:33:01 hds-linux slapd[4180]: sambaAcctFlags
Aug 14 18:33:01 hds-linux slapd[4180]: sambaMungedDial
Aug 14 18:33:01 hds-linux slapd[4180]: sambaBadPasswordCount
Aug 14 18:33:01 hds-linux slapd[4180]: sambaBadPasswordTime
Aug 14 18:33:01 hds-linux slapd[4180]: sambaPasswordHistory
Aug 14 18:33:01 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:01 hds-linux slapd[4180]: sambaLogonHours
Aug 14 18:33:01 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:01 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:01 hds-linux slapd[4180]:
Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [08a4f228]
Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [f937ce0f]
Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: SRCH
"sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 0 0
Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:01 hds-linux slapd[4180]: filter: (objectClass=*)
Aug 14 18:33:01 hds-linux slapd[4180]: attrs:
Aug 14 18:33:01 hds-linux slapd[4180]: sambaPwdHistoryLength
Aug 14 18:33:01 hds-linux slapd[4180]:
Aug 14 18:33:01 hds-linux slapd[4180]: base_candidates: base:
"sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" (0x00000011)
Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: SRCH
"sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 0 0
Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:01 hds-linux slapd[4180]: filter: (objectClass=*)
Aug 14 18:33:01 hds-linux slapd[4180]: attrs:
Aug 14 18:33:01 hds-linux slapd[4180]: sambaMaxPwdAge
Aug 14 18:33:01 hds-linux slapd[4180]:
Aug 14 18:33:01 hds-linux slapd[4180]: base_candidates: base:
"sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" (0x00000011)
Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0
Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:01 hds-linux slapd[4180]: filter:
(&(objectClass=sambaGroupMapping)(gidNumber=65534))
Aug 14 18:33:01 hds-linux slapd[4180]: attrs:
Aug 14 18:33:01 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:01 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:01 hds-linux slapd[4180]: sambaGroupType
Aug 14 18:33:01 hds-linux slapd[4180]: sambaSIDList
Aug 14 18:33:01 hds-linux slapd[4180]: description
Aug 14 18:33:01 hds-linux slapd[4180]: displayName
Aug 14 18:33:01 hds-linux slapd[4180]: cn
Aug 14 18:33:01 hds-linux slapd[4180]: objectClass
Aug 14 18:33:01 hds-linux slapd[4180]:
Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2]
Aug 14 18:33:01 hds-linux slapd[4180]: bdb_idl_fetch_key: [8000fffe]
Aug 14 18:33:01 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:02 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:02 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0
Aug 14 18:33:02 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:02 hds-linux slapd[4180]: filter:
(&(uid=hds$)(objectClass=sambaSamAccount))
Aug 14 18:33:02 hds-linux slapd[4180]: attrs:
Aug 14 18:33:02 hds-linux slapd[4180]: uid
Aug 14 18:33:02 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:02 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:02 hds-linux slapd[4180]: homeDirectory
Aug 14 18:33:02 hds-linux slapd[4180]: sambaPwdLastSet
Aug 14 18:33:02 hds-linux slapd[4180]: sambaPwdCanChange
Aug 14 18:33:02 hds-linux slapd[4180]: sambaPwdMustChange
Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogonTime
Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogoffTime
Aug 14 18:33:02 hds-linux slapd[4180]: sambaKickoffTime
Aug 14 18:33:02 hds-linux slapd[4180]: cn
Aug 14 18:33:02 hds-linux slapd[4180]: sn
Aug 14 18:33:02 hds-linux slapd[4180]: displayName
Aug 14 18:33:02 hds-linux slapd[4180]: sambaHomeDrive
Aug 14 18:33:02 hds-linux slapd[4180]: sambaHomePath
Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogonScript
Aug 14 18:33:02 hds-linux slapd[4180]: sambaProfilePath
Aug 14 18:33:02 hds-linux slapd[4180]: description
Aug 14 18:33:02 hds-linux slapd[4180]: sambaUserWorkstations
Aug 14 18:33:02 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:02 hds-linux slapd[4180]: sambaPrimaryGroupSID
Aug 14 18:33:02 hds-linux slapd[4180]: sambaLMPassword
Aug 14 18:33:02 hds-linux slapd[4180]: sambaNTPassword
Aug 14 18:33:02 hds-linux slapd[4180]: sambaDomainName
Aug 14 18:33:02 hds-linux slapd[4180]: objectClass
Aug 14 18:33:02 hds-linux slapd[4180]: sambaAcctFlags
Aug 14 18:33:02 hds-linux slapd[4180]: sambaMungedDial
Aug 14 18:33:02 hds-linux slapd[4180]: sambaBadPasswordCount
Aug 14 18:33:02 hds-linux slapd[4180]: sambaBadPasswordTime
Aug 14 18:33:02 hds-linux slapd[4180]: sambaPasswordHistory
Aug 14 18:33:02 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:02 hds-linux slapd[4180]: sambaLogonHours
Aug 14 18:33:02 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:02 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:02 hds-linux slapd[4180]:
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [a06475a6]
Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:02 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:02 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0
Aug 14 18:33:02 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:02 hds-linux slapd[4180]: filter:
(&(objectClass=sambaGroupMapping)(|(displayName=hds$)(cn=hds$)))
Aug 14 18:33:02 hds-linux slapd[4180]: attrs:
Aug 14 18:33:02 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:02 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:02 hds-linux slapd[4180]: sambaGroupType
Aug 14 18:33:02 hds-linux slapd[4180]: sambaSIDList
Aug 14 18:33:02 hds-linux slapd[4180]: description
Aug 14 18:33:02 hds-linux slapd[4180]: displayName
Aug 14 18:33:02 hds-linux slapd[4180]: cn
Aug 14 18:33:02 hds-linux slapd[4180]: objectClass
Aug 14 18:33:02 hds-linux slapd[4180]:
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2]
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [9767cf87]
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [4194d841]
Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:12 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:12 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:24 hds-linux slapd[4180]: ==> hdb_bind: dn:
cn=admin,dc=domain,dc=dk
Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "" 0 0
Aug 14 18:33:24 hds-linux slapd[4180]: 0 0 0
Aug 14 18:33:24 hds-linux slapd[4180]: filter: (objectClass=*)
Aug 14 18:33:24 hds-linux slapd[4180]: attrs:
Aug 14 18:33:24 hds-linux slapd[4180]: supportedControl
Aug 14 18:33:24 hds-linux slapd[4180]:
Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:24 hds-linux slapd[4180]: SRCH
"sambaDomainName=MY-DOMAIN,sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 2 0
Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:24 hds-linux slapd[4180]: filter:
(&(?objectClass=sambaTrustedDomainPassword)(sambaDomainName=MY-DOMAIN))
Aug 14 18:33:24 hds-linux slapd[4180]: attrs:
Aug 14 18:33:24 hds-linux slapd[4180]:
Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=10
matched="sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" text="value does not
conform to assertion syntax"
Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0
Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:24 hds-linux slapd[4180]: filter:
(&(uid=domadmin)(objectClass=sambaSamAccount))
Aug 14 18:33:24 hds-linux slapd[4180]: attrs:
Aug 14 18:33:24 hds-linux slapd[4180]: uid
Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:24 hds-linux slapd[4180]: homeDirectory
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdLastSet
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdCanChange
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdMustChange
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonTime
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogoffTime
Aug 14 18:33:24 hds-linux slapd[4180]: sambaKickoffTime
Aug 14 18:33:24 hds-linux slapd[4180]: cn
Aug 14 18:33:24 hds-linux slapd[4180]: sn
Aug 14 18:33:24 hds-linux slapd[4180]: displayName
Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomeDrive
Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomePath
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonScript
Aug 14 18:33:24 hds-linux slapd[4180]: sambaProfilePath
Aug 14 18:33:24 hds-linux slapd[4180]: description
Aug 14 18:33:24 hds-linux slapd[4180]: sambaUserWorkstations
Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPrimaryGroupSID
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLMPassword
Aug 14 18:33:24 hds-linux slapd[4180]: sambaNTPassword
Aug 14 18:33:24 hds-linux slapd[4180]: sambaDomainName
Aug 14 18:33:24 hds-linux slapd[4180]: objectClass
Aug 14 18:33:24 hds-linux slapd[4180]: sambaAcctFlags
Aug 14 18:33:24 hds-linux slapd[4180]: sambaMungedDial
Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordCount
Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordTime
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPasswordHistory
Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonHours
Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:24 hds-linux slapd[4180]:
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [08a4f228]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [f937ce0f]
Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0
Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:24 hds-linux slapd[4180]: filter:
(&(objectClass=sambaGroupMapping)(gidNumber=65534))
Aug 14 18:33:24 hds-linux slapd[4180]: attrs:
Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:24 hds-linux slapd[4180]: sambaGroupType
Aug 14 18:33:24 hds-linux slapd[4180]: sambaSIDList
Aug 14 18:33:24 hds-linux slapd[4180]: description
Aug 14 18:33:24 hds-linux slapd[4180]: displayName
Aug 14 18:33:24 hds-linux slapd[4180]: cn
Aug 14 18:33:24 hds-linux slapd[4180]: objectClass
Aug 14 18:33:24 hds-linux slapd[4180]:
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [8000fffe]
Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 0
Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:24 hds-linux slapd[4180]: filter:
(&(uid=hds$)(objectClass=sambaSamAccount))
Aug 14 18:33:24 hds-linux slapd[4180]: attrs:
Aug 14 18:33:24 hds-linux slapd[4180]: uid
Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:24 hds-linux slapd[4180]: homeDirectory
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdLastSet
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdCanChange
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPwdMustChange
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonTime
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogoffTime
Aug 14 18:33:24 hds-linux slapd[4180]: sambaKickoffTime
Aug 14 18:33:24 hds-linux slapd[4180]: cn
Aug 14 18:33:24 hds-linux slapd[4180]: sn
Aug 14 18:33:24 hds-linux slapd[4180]: displayName
Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomeDrive
Aug 14 18:33:24 hds-linux slapd[4180]: sambaHomePath
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonScript
Aug 14 18:33:24 hds-linux slapd[4180]: sambaProfilePath
Aug 14 18:33:24 hds-linux slapd[4180]: description
Aug 14 18:33:24 hds-linux slapd[4180]: sambaUserWorkstations
Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPrimaryGroupSID
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLMPassword
Aug 14 18:33:24 hds-linux slapd[4180]: sambaNTPassword
Aug 14 18:33:24 hds-linux slapd[4180]: sambaDomainName
Aug 14 18:33:24 hds-linux slapd[4180]: objectClass
Aug 14 18:33:24 hds-linux slapd[4180]: sambaAcctFlags
Aug 14 18:33:24 hds-linux slapd[4180]: sambaMungedDial
Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordCount
Aug 14 18:33:24 hds-linux slapd[4180]: sambaBadPasswordTime
Aug 14 18:33:24 hds-linux slapd[4180]: sambaPasswordHistory
Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:24 hds-linux slapd[4180]: sambaLogonHours
Aug 14 18:33:24 hds-linux slapd[4180]: modifyTimestamp
Aug 14 18:33:24 hds-linux slapd[4180]: uidNumber
Aug 14 18:33:24 hds-linux slapd[4180]:
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [a06475a6]
Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:24 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:24 hds-linux slapd[4180]: SRCH "ou=groups,dc=domain,dc=dk" 2 0
Aug 14 18:33:24 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:24 hds-linux slapd[4180]: filter:
(&(objectClass=sambaGroupMapping)(|(displayName=hds$)(cn=hds$)))
Aug 14 18:33:24 hds-linux slapd[4180]: attrs:
Aug 14 18:33:24 hds-linux slapd[4180]: gidNumber
Aug 14 18:33:24 hds-linux slapd[4180]: sambaSID
Aug 14 18:33:24 hds-linux slapd[4180]: sambaGroupType
Aug 14 18:33:24 hds-linux slapd[4180]: sambaSIDList
Aug 14 18:33:24 hds-linux slapd[4180]: description
Aug 14 18:33:24 hds-linux slapd[4180]: displayName
Aug 14 18:33:24 hds-linux slapd[4180]: cn
Aug 14 18:33:24 hds-linux slapd[4180]: objectClass
Aug 14 18:33:24 hds-linux slapd[4180]:
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [9767cf87]
Aug 14 18:33:24 hds-linux slapd[4180]: bdb_idl_fetch_key: [4194d841]
Aug 14 18:33:24 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29)
Aug 14 18:33:25 hds-linux slapd[4180]: SRCH "dc=domain,dc=dk" 2 2
Aug 14 18:33:25 hds-linux slapd[4180]: 0 0 0
Aug 14 18:33:25 hds-linux slapd[4180]: filter:
(&(objectClass=posixAccount)(uid=hds$))
Aug 14 18:33:25 hds-linux slapd[4180]: attrs:
Aug 14 18:33:25 hds-linux slapd[4180]:
Aug 14 18:33:25 hds-linux slapd[4180]: bdb_idl_fetch_key: [b49d1940]
Aug 14 18:33:25 hds-linux slapd[4180]: bdb_idl_fetch_key: [5941c014]
Aug 14 18:33:25 hds-linux slapd[4180]: bdb_idl_fetch_key: [a06475a6]
Aug 14 18:33:25 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29)
Aug 14 18:33:25 hds-linux slapd[4180]: SRCH
"sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" 0 2
Aug 14 18:33:25 hds-linux slapd[4180]: 0 0 0
Aug 14 18:33:25 hds-linux slapd[4180]: filter:
(objectClass=sambaUnixIdPool)
Aug 14 18:33:25 hds-linux slapd[4180]: attrs:
Aug 14 18:33:25 hds-linux slapd[4180]:
Aug 14 18:33:25 hds-linux slapd[4180]: base_candidates: base:
"sambaDomainName=MY-DOMAIN,dc=domain,dc=dk" (0x00000011)
Aug 14 18:33:25 hds-linux slapd[4180]: send_ldap_result: err=0
matched="" text=""
Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29)
Aug 14 18:33:25 hds-linux slapd[4180]: conn=44 op=2 do_modify: dn
(sambaDomainName=MY-DOMAIN,dc=domain,dc=dk)
Aug 14 18:33:25 hds-linux slapd[4180]: conn=44 op=2 modifications:
Aug 14 18:33:25 hds-linux slapd[4180]: ^Ireplace: uidNumber
Aug 14 18:33:25 hds-linux slapd[4180]: ^I^Ione value, length 5
Aug 14 18:33:25 hds-linux slapd[4180]: send_ldap_result: err=8
matched="" text="modifications require authentication"
Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29)
Aug 14 18:33:35 hds-linux slapd[4180]: connection_get(14)
# net groupmap list
--------------------------
Domain Admins (S-1-5-21-3045805106-2558287267-4023452987-512) -> 512
Domain Users (S-1-5-21-3045805106-2558287267-4023452987-513) -> 513
Domain Guests (S-1-5-21-3045805106-2558287267-4023452987-514) -> 514
Domain Computers (S-1-5-21-3045805106-2558287267-4023452987-515) -> 515
Administrators (S-1-5-32-544) -> 544
Account Operators (S-1-5-32-548) -> 548
Print Operators (S-1-5-32-550) -> 550
Backup Operators (S-1-5-32-551) -> 551
Replicators (S-1-5-32-552) -> 552
Users (S-1-5-32-545) -> 10000
System info:
--------------------------
Debian Lenny 5.0.2
Kernel - 2.6.26-2-xen-686
Samba Version 3.2.5
Winbind Version 3.2.5
OpenLDAP Version 2.4.11
if there is more info you need plz just ask :)
14 years, 3 months
v. 2.4.15 , set as provider giving msg: "logdb <suffix>" missing or invalid
by Brian Neu
My apologies if I'm overlooking the obvious, but I'm past deadline, late for my kid's football practice, and my brain is fried.
I've done my best to follow the Admin Guide example at 18.3.2.1.
When issuing a "service ldap restart" or /etc/init.d/ldap restart
I get this output
hdb_db_open: database "dc=accesslog": unclean shutdown detected; attempting recovery.
hdb_db_open: database "dc=accesslog": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
hdb_db_open: database "dc=srg,dc=com": unclean shutdown detected; attempting recovery.
hdb_db_open: database "dc=srg,dc=com": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
accesslog: "logdb <suffix>" missing or invalid.
backend_startup_one: bi_db_open failed! (1)
slap_startup failed (test would succeed using the -u switch)
stale lock files may be present in /var/lib/ldap/accesslog [WARNING]
stale lock files may be present in /var/lib/ldap [WARNING]
I've tried a -s 192 and a -d 192 as an argument to slapd ---- I'm not even sure where the logs are supposed to go, as nothing ends up in /var/log/messages .
Any help would be greatly appreciated.
I put the attached slapd.conf up at pastebin too:
http://pastebin.com/m11dc35a5
Thanks!
14 years, 3 months
Multi-master configuration -- check my slapd.conf files please?
by Robert Hanson
Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out?
==================================================
Server 10.192,252.64
==================================================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema"
include "/opt/cisco/uccx/desktop/schemaconf/corba.schema"
include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"
include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"
include "/opt/cisco/uccx/desktop/schemaconf/nis.schema"
include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid"
argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections,
# and any connections closed by the client,
# are held open by slapd for this number of seconds
#900 = 15 minutes
#300 = 5 minutes
idletimeout 300
sizelimit unlimited
# Max # of threads. Default is 16
#threads 16
# For older Enterprise clients - AM
allow bind_v2
# Maximum # of authenticate connections that can be pending
conn_max_pending_auth 2000
# Don't allow clients to modify anything under People
access to dn.subtree="ou=People,o=OurCompanyName Communications"
by dn="cn=Client,ou=People,o=OurCompanyName Communications" read
by * read
# Allow clients to modify Company and so on
access to *
by dn="cn=Client,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write
by * read
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
# Number of entries mantain in cache. Default is 1000
cachesize 50000
# 8 = 4 MB per thr. Default is 16
searchstack 8
# Root user password
rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain
index objectClass eq
index empID eq
index tid eq
index svrType eq
index ipHostName eq
index keyName eq
# for sync repl
serverID 1
syncrepl rid=123
searchbase="o=OurCompanyName Communications"
provider=ldap://10.192.252.65:3016
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=on
attrs=*
bindmethod=simple
binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications"
credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf
# updateref ldap://10.192.252.84:999
# set the host up as a provider
overlay syncprov
syncprov-checkpoint 100 10
==================================================
Server 10.192,252.65
==================================================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema"
include "/opt/cisco/uccx/desktop/schemaconf/corba.schema"
include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"
include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"
include "/opt/cisco/uccx/desktop/schemaconf/nis.schema"
include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid"
argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections,
# and any connections closed by the client,
# are held open by slapd for this number of seconds
#900 = 15 minutes
#300 = 5 minutes
idletimeout 300
sizelimit unlimited
# Max # of threads. Default is 16
#threads 16
# For older Enterprise clients - AM
allow bind_v2
# Maximum # of authenticate connections that can be pending
conn_max_pending_auth 2000
# Don't allow clients to modify anything under People
access to dn.subtree="ou=People,o=OurCompanyName Communications"
by dn="cn=Client,ou=People,o=OurCompanyName Communications" read
by * read
# Allow clients to modify Company and so on
access to *
by dn="cn=Client,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write
by * read
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
# Number of entries mantain in cache. Default is 1000
cachesize 50000
# 8 = 4 MB per thr. Default is 16
searchstack 8
# Root user password
rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain
index objectClass eq
index empID eq
index tid eq
index svrType eq
index ipHostName eq
index keyName eq
# for sync repl
serverID 2
syncrepl rid=123
searchbase="o=OurCompanyName Communications"
provider=ldap://10.192.252.64:3016
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=on
attrs=*
bindmethod=simple
binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications"
credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf
# updateref ldap://10.192.252.84:999
# set the host up as a provider
overlay syncprov
syncprov-checkpoint 100 10
14 years, 3 months
FW: Multi-master configuration -- check my slapd.conf files please?
by Robert Hanson
I have not had a response yet. Would someone please check the syncrepl setup of the config files (below) to see if there are any issues? In particular, do I need the syncprov-checkpoint ? Thanks.
________________________________
From: Robert Hanson
Sent: Monday, August 03, 2009 4:01 PM
To: openldap-technical(a)openldap.org
Subject: Multi-master configuration -- check my slapd.conf files please?
Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out?
==================================================
Server 10.192,252.64
==================================================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema"
include "/opt/cisco/uccx/desktop/schemaconf/corba.schema"
include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"
include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"
include "/opt/cisco/uccx/desktop/schemaconf/nis.schema"
include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid"
argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections,
# and any connections closed by the client,
# are held open by slapd for this number of seconds
#900 = 15 minutes
#300 = 5 minutes
idletimeout 300
sizelimit unlimited
# Max # of threads. Default is 16
#threads 16
# For older Enterprise clients - AM
allow bind_v2
# Maximum # of authenticate connections that can be pending
conn_max_pending_auth 2000
# Don't allow clients to modify anything under People
access to dn.subtree="ou=People,o=OurCompanyName Communications"
by dn="cn=Client,ou=People,o=OurCompanyName Communications" read
by * read
# Allow clients to modify Company and so on
access to *
by dn="cn=Client,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write
by * read
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
# Number of entries mantain in cache. Default is 1000
cachesize 50000
# 8 = 4 MB per thr. Default is 16
searchstack 8
# Root user password
rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain
index objectClass eq
index empID eq
index tid eq
index svrType eq
index ipHostName eq
index keyName eq
# for sync repl
serverID 1
syncrepl rid=123
searchbase="o=OurCompanyName Communications"
provider=ldap://10.192.252.65:3016
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=on
attrs=*
bindmethod=simple
binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications"
credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf
# updateref ldap://10.192.252.84:999
# set the host up as a provider
overlay syncprov
syncprov-checkpoint 100 10
==================================================
Server 10.192,252.65
==================================================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema"
include "/opt/cisco/uccx/desktop/schemaconf/corba.schema"
include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"
include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"
include "/opt/cisco/uccx/desktop/schemaconf/nis.schema"
include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid"
argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections,
# and any connections closed by the client,
# are held open by slapd for this number of seconds
#900 = 15 minutes
#300 = 5 minutes
idletimeout 300
sizelimit unlimited
# Max # of threads. Default is 16
#threads 16
# For older Enterprise clients - AM
allow bind_v2
# Maximum # of authenticate connections that can be pending
conn_max_pending_auth 2000
# Don't allow clients to modify anything under People
access to dn.subtree="ou=People,o=OurCompanyName Communications"
by dn="cn=Client,ou=People,o=OurCompanyName Communications" read
by * read
# Allow clients to modify Company and so on
access to *
by dn="cn=Client,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write
by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write
by * read
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
# Number of entries mantain in cache. Default is 1000
cachesize 50000
# 8 = 4 MB per thr. Default is 16
searchstack 8
# Root user password
rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain
index objectClass eq
index empID eq
index tid eq
index svrType eq
index ipHostName eq
index keyName eq
# for sync repl
serverID 2
syncrepl rid=123
searchbase="o=OurCompanyName Communications"
provider=ldap://10.192.252.64:3016
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=on
attrs=*
bindmethod=simple
binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications"
credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf
# updateref ldap://10.192.252.84:999
# set the host up as a provider
overlay syncprov
syncprov-checkpoint 100 10
14 years, 3 months
syncrepl problem?
by Tim Tyler
Openldap experts,
We are running 2.3.43 Openldap on Centos 5.3 systems. I have one provider
and two consumers. I believe the consumers were working fine in terms of
receiving replication data and staying synchronized until today. I have
this entry in slapd.conf
syncrepl rid=102
type=refreshAndPersist
interval=00:01:00:00
The problem is that I had to completely restore the provider's entire ldap
database from a backup ldif file after screwing up over 200 accounts. I got
the provider back to the way I wanted, but now the consumers won't
synchronize (replicate) any more.
1. Should syncrepl ultimately be able to replicate after a major
change to the provider such as a ldif restoration? Or should I expect to
have to reload the consumer entries from scratch from a provider generated
ldif in situations like this?
2. I thought I read once that the interval settings was still
important for when refreshandpersist missed an update. Is that true?
Tim Tyler
Network Engineer
Beloit College
14 years, 3 months
Cleaning slapcat(1) LDIF output
by Jordi Espasa Clofent
Hi all,
According slapcat(1) man:
"The output of slapcat is intended to be used as input to slapadd(8).
The output of slapcat cannot generally be used as input to ldapadd(1) or
other LDAP clients without first editing the output. This editing would
normally include reordering the records into superior first order and
removing no-user-modification operational attributes."
So, I've done:
# making normal LDIF using slapcat(1)
$ slapcat -l test_backup.ldif
# cleaning the LDIF and dump the results in another file
$ egrep -ve
'^(entryUUID|creatorsName|structuralObjectClass|createTimestamp|entryCSN|modifiersName|modifyTimestamp):
' \ test_backup.ldif > test_backup_cleaned.ldif
#viewing the differences
$ diff -y test_backup.ldif test_backup_cleaned.ldif | less
¿Is it a correct way to "clean" the initial LDIF you can get with
slapcat(1)?
And another minor question
¿Can I use the slapcat(1) tool on the fly? man pages say nothing about it.
--
Thanks,
Jordi Espasa Clofent
14 years, 3 months