Standard objectClass for representing web services
by Hung Luu
Does anyone know of a standard objectClass that is appropriate for
representing web services in the directory? I want to represent web services
like users in the directory, and assign their DN's to groups for
authorization, so I suppose I'm looking for an inetOrgPerson equivalent for
web services.
Thanks,
Hung.
11 years, 5 months
Multi Master w/ SASL Authentication
by James Dingwall
Hi,
I have been migrating my OpenLDAP 2.3 slapd.conf configuration to a 2.4 slapd.d replacement. Previously I had a single master and two slaves but I have moved it to multi-master with a replicated cn=config and database. I am using Sasl and Heimdal Kerberos with the principles stored in the ldap database.
I have managed to almost complete this but I'm now stuck on the following point, I can only get GSSAPI LDAP authentication to work on the host whose name is equal to the value of olcSaslHost. As I have 3 masters and a replicated cn=config this can only be true on one host at a time. i.e.
olcSaslHost: ldap1.my.domain
ldapsearch -H ldaps://ldap1.my.domain -Y GSSAPI = works
ldapsearch -H ldaps://ldap2.my.domain -Y GSSAPI = fails
ldapsearch -H ldaps://ldap3.my.domain -Y GSSAPI = fails
update olcSaslHost to ldap2.my.domain
ldapsearch -H ldaps://ldap1.my.domain -Y GSSAPI = fails
ldapsearch -H ldaps://ldap2.my.domain -Y GSSAPI = works
ldapsearch -H ldaps://ldap3.my.domain -Y GSSAPI = fails
I tried setting olcSaslHost to localhost but then none work so I assume the olcSaslHost value is being used to build a Kerberos principle. Am I missing a trick or do I have to stop replicating cn=config in order to make it work on all 3? I can post configuration files if this will help.
Thanks,
James
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
11 years, 5 months
Directory layout help
by Hung Luu
Hello,
Suppose I have the following DN's:
inetOrgPerson:
[uid=alice,dc=example,dc=com]
organizationalRole:
[cn=manager,ou=groups,dc=example,dc=com]
[cn=supervisor,ou=groups,dc=example,dc=com]
locality:
[l=phoenix,ou=division,dc=example,dc=com]
[l=portland,ou=division,dc=example,dc=com]
How can I store in my directory the fact that Alice is a manger at the
Phoenix division, but she is only a supervisor at the Portland division? I
know group membership is involved here, but what's the best way to represent
that group membership to optimize searches such as: Return all the people
with a specific role at a specific locality, or return all the roles and
localities for a person.
-Hung.
11 years, 5 months
Syncrepl with Kerberos support
by Jaap Winius
Hi all,
Although I know how to configure syncrepl with the "simple"
bindmethod, using a clear-text password exchange and clear-text
database replication, and I know how to setup an provider server with
MIT Kerberos V encryption support, can anyone explain how to configure
a consumer so that syncrepl also uses Kerberos?
Thanks,
Jaap
11 years, 5 months
Compiling OpenLDAP 2.4.21 on RHEL 5
by Diego Lima
Hello all,
I've recently installed OpenLDAP 2.4.21 on a couple of Debian servers but I
ran into problems while trying to install on some RHEL5 servers:
checking db.h usability... yes
checking db.h presence... yes
checking for db.h... yes
checking for Berkeley DB major version in db.h... 4
checking for Berkeley DB minor version in db.h... 3
checking if Berkeley DB version supported by BDB/HDB backends... no
configure: error: BerkeleyDB version incompatible with BDB/HDB backends
It seems that it doesn't like Red Hat's shipped version of Berkeley DB
(Version: 4.3.29). I installed it via yum (yum install db4-devel). How can I
get around this problem?
Thanks a lot,
--
Diego Lima
11 years, 5 months
overlay "syncprov" not found
by Andrew Debenham
Hello -
I am new to LDAP and I'm trying to setup Sync Replication on a Fedora Core 8 system (2.6.23.9-85.fc8). However, when I start the LDAP service, I get the following error message:
Checking configuration files for slapd: [FAILED]
overlay "syncprov" not found
slaptest: bad configuration file!
I've searched the archived threads for this group (as well as many others) and wasn't able to find any postings that matched what I'm seeing. If I missed an old post by mistake, I apologize in advance. I've included a copy of my slapd.conf file below. The interesting thing is that when I comment out the following lines, LDAP will start without any issues:
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
This leads me to believe that the issue is with the replication process, but I can't figure out what I'm doing wrong. I've followed the examples given in the OpenLDAP Admin Guide, but it just doesn't seem to want to work for me. Also, in case anyone asks, here are the packages installed on the server in question:
openldap-2.3.39-3.fc8
openldap-devel-2.3.39-3.fc8
openldap-servers-2.3.39-3.fc8
openldap-clients-2.3.39-3.fc8
Any information or recommendations to what is happening would be greatly appreciated. Also, please let me know if I need to supply more information. Thanks in advance.
- Andy
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
# moduleload accesslog.la
# moduleload auditlog.la
moduleload back_sql.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Manager,dc=jets,dc=local" write
by * none
access to *
by self write
by dn.base="cn=Manager,dc=jets,dc=local" write
by * read
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=jets,dc=local"
rootdn "cn=Manager,dc=jets,dc=local"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw b0xster
rootpw {SSHA}/5PsWrAXNKNKJmhiZAfUPLkMOUcgbtXN
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryUUID,entryCSN eq
# Replicas of this database
#replogfile /var/lib/ldap/openldap-slave-replog
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
#lastmod on
serverID 2
syncrepl rid=002
provider=ldap://10.xx.x.xx
type=refreshAndPersist
searchbase="dc=jets,dc=local"
schemachecking=on
bindmethod=simple
binddn="cn=mirrormode,dc=jets,dc=local"
credentials=mirrormode
retry="60 +"
#updateref ldap://10.xx.x.xx
mirrormode on
________________________________
This email and any attachments may be confidential and are intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient of this email, the following stipulations govern the use of this information: You may not take any action based upon its contents. You may not copy or show this message or attachments to anyone. You should contact the sender and subsequently delete this message and all attachments.
Any views or opinions expressed are solely those of the author and do not necessarily represent those of Special Operations Technology, Incorporated.
While antivirus software has been applied, you should perform due diligence to check this email and attachments for the presence of viruses. No warranties or assurances are made in relation to the safety and content of this email and attachments. Special Operations Technology, Incorporated accepts no liability for any damages caused by any virus transmitted by or contained in this email and attachments.
No liability is accepted for any consequences arising from this email transmission whatsoever.
Special Operations Technology, Incorporated is a premier IT professional services firm focused in the government and law enforcement space.
11 years, 5 months
OpenLDAP Baseline Security Analyzer
by Inmaculada Bravo
Hello
My name is Inma Bravo, I work at the University of Salamanca (Spain)
mainly administrating our OpenLDAP directory.
I have done a project called OpenLDAP Baseline Security Analyzer.[1] The
project website is written in Spanish and in English.
The purpose of this project is to develop a list of criteria that should
be taken into account for the initial plan of securing the directory,
and to show the most common mistakes that we must try to avoid.
It briefly documents the main attacks and threats that we face as
directory administrators.
It is written to be easy, straightforward, and useful.
These criteria are encoded in XML Schema, adhering to OCIL to use the
OCIL Interpreter.
I presented this project in our technical winter meeting of the
institutions that are affiliated with RedIRIS (the Spanish academic and
research network) [2], and it was well-received by the technicians.
In conclusion, the reason I am writing you is to announce the project
and to ask you for suggestions to improve and to correct it.
I hope the project will be of your interest.
Thanks very much
Inmaculada Bravo García
[1] http://openldap-bsa.forja.rediris.es/
[2] http://www.rediris.es/
11 years, 5 months
Problems allowing users to change their own passowrds
by James Hammett
I know this is an old issue and I've searched on the net and tried
those, but haven't had any luck. I'm using openldap 2.3.43.
In /etc/openldap/slapd.conf, I have set:
access to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
(Of course restarted the slapd), but no luck. Insufficient permissions.
The logs shows the account binding successfully, but then:
vm001 slapd[pid]: => access_allowed: backend default write access denied
to "uid=james,ou=Users,o=dallas"
The complete logs are below. As a test I even tried giving global
write access to the password, but it still doesn't work. (The only one
who is able to change a users password is the Directory administrator)
General log:
------------
vm001 slapd[pid]: conn=2 fd=17 ACCEPT from IP=127.0.0.1:36479
(IP=0.0.0.0:389)
vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt"
method=128
vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt"
mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=2 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=2 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new
vm001 slapd[pid]: conn=2 op=2 UNBIND
vm001 slapd[pid]: conn=2 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=2 fd=17 closed
With Debuging with ACL Listing:
--------------------------------
vm001 slapd[pid]: conn=5 fd=16 ACCEPT from IP=127.0.0.1:47612
(IP=0.0.0.0:389)
vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=users,o=masprt"
method=128
vm001 slapd[pid]: => access_allowed: auth access to
"uid=james,ou=Users,o=masprt" "userPassword" requested
vm001 slapd[pid]: => access_allowed: backend default auth access granted
to "(anonymous)"
vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=Users,o=masprt"
mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=5 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=5 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new
vm001 slapd[pid]: => access_allowed: backend default write access denied
to "uid=james,ou=Users,o=masprt"
vm001 slapd[pid]: conn=5 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=5 op=2 UNBIND
vm001 slapd[pid]: conn=5 fd=16 closed
Any help or idea would be appreciated.
thanks,
James
11 years, 5 months
refint_repair: dependent modify failed: 16
by Hung Luu
Hello,
I haven't had any luck getting referential integrity to work with OpenLDAP
2.4.19 (and BerkeleyDB 4.8). Neither delete nor modify operations on DN's
are triggering referenced member attributes to be removed as expected. I've
tried building the overlays statically into the slapd executable and loading
the overlays as dynamic modules - neither way worked for me.
Thanks in advance for any help you can provide.
*Here's my OpenLDAP configure settings:*
env CPPFLAGS="-I/opt/BerkeleyDB.4.8/include"
LDFLAGS="-L/opt/BerkeleyDB.4.8/lib" ./configure
--prefix=/opt/openldap-2.4.19 --with-tls --enable-crypt --enable-syslog
--enable-modules --enable-overlays=mod
*Here's my slapd.config:*
include /opt/openldap-2.4.19/etc/openldap/schema/core.schema
include /opt/openldap-2.4.19/etc/openldap/schema/cosine.schema
include
/opt/openldap-2.4.19/etc/openldap/schema/inetorgperson.schema
moduleload refint.la
loglevel 16383
database bdb
suffix "dc=phoenix,dc=edu"
rootdn "cn=Manager,dc=phoenix,dc=edu"
rootpw secret
directory /opt/openldap-2.4.19/var/openldap-data/phoenix-edu
index default eq
index cn,uid,member
index objectClass eq
cachesize 10000
checkpoint 128 15
overlay refint
refint_attributes member
refint_nothing "cn=Manager"
*Here's the syslog entries - starting with the delete operation and ending
with the refint error:*
Jan 7 10:00:58 localhost slapd[28030]: conn=0 op=37 *do_delete*
Jan 7 10:00:58 localhost slapd[28030]: >>> dnPrettyNormal: <l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu>
Jan 7 10:00:58 localhost slapd[28030]: <<< dnPrettyNormal: <l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu>, <l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=ed$
Jan 7 10:00:58 localhost slapd[28030]: conn=0 op=37 DEL dn="l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu"
Jan 7 10:00:58 localhost slapd[28030]: bdb_dn2entry("l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu")
Jan 7 10:00:58 localhost slapd[28030]: ==> bdb_delete: l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu
Jan 7 10:00:58 localhost slapd[28030]: bdb_dn2entry("l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu")
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: delete access to
"ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu" "children" requested
Jan 7 10:00:58 localhost slapd[28030]: <= root access granted
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: delete access
granted by manage(=mwrscxd)
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: delete access to
"l=Southern Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu"
"entry" requested
Jan 7 10:00:58 localhost slapd[28030]: <= root access granted
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: delete access
granted by manage(=mwrscxd)
Jan 7 10:00:58 localhost slapd[28030]: => bdb_dn2id_delete 0x8: "l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu"
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_delete_key: 8 @l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_delete_key: 8
%ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_delete_key: 8
@ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_delete_key: 8
@l=southwest,ou=regions,dc=phoenix,dc=edu
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_delete_key: 8
@ou=regions,dc=phoenix,dc=edu
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_dn2id_delete 0x8: 0
Jan 7 10:00:58 localhost slapd[28030]: => index_entry_del( 8, "l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu" )
Jan 7 10:00:58 localhost slapd[28030]: => key_change(DELETE,8)
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_delete_key: 8 [4066d3f2]
Jan 7 10:00:58 localhost slapd[28030]: <= key_change 0
Jan 7 10:00:58 localhost slapd[28030]: => key_change(DELETE,8)
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_delete_key: 8 [0096defd]
Jan 7 10:00:58 localhost slapd[28030]: <= key_change 0
Jan 7 10:00:58 localhost slapd[28030]: <= index_entry_del( 8, "l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu" ) success
Jan 7 10:00:58 localhost slapd[28030]: ====> bdb_cache_delete( 8 )
Jan 7 10:00:58 localhost slapd[28030]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Jan 7 10:00:58 localhost slapd[28030]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Jan 7 10:00:58 localhost slapd[28030]: daemon: activity on 1 descriptor
Jan 7 10:00:58 localhost slapd[28030]: bdb_delete: deleted id=00000008
dn="l=Southern Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu"
Jan 7 10:00:58 localhost slapd[28030]: send_ldap_result: conn=0 op=37 p=3
Jan 7 10:00:58 localhost slapd[28030]: send_ldap_result: err=0 matched=""
text=""
Jan 7 10:00:58 localhost slapd[28030]: send_ldap_response: msgid=38 tag=107
err=0
Jan 7 10:00:58 localhost slapd[28030]: conn=0 op=37 RESULT tag=107 err=0
text=
Jan 7 10:00:58 localhost slapd[28030]: daemon: activity on:
Jan 7 10:00:58 localhost slapd[28030]:
Jan 7 10:00:58 localhost slapd[28030]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Jan 7 10:00:58 localhost slapd[28030]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Jan 7 10:00:58 localhost slapd[28030]: => bdb_search
Jan 7 10:00:58 localhost slapd[28030]: bdb_dn2entry("dc=phoenix,dc=edu")
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: search access to
"dc=phoenix,dc=edu" "entry" requested
Jan 7 10:00:58 localhost slapd[28030]: <= root access granted
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:58 localhost slapd[28030]: search_candidates:
base="dc=phoenix,dc=edu" (0x00000001) scope=2
Jan 7 10:00:58 localhost slapd[28030]: => bdb_dn2idl("dc=phoenix,dc=edu")
Jan 7 10:00:58 localhost slapd[28030]: => bdb_filter_candidates
Jan 7 10:00:58 localhost slapd[28030]: AND
Jan 7 10:00:58 localhost slapd[28030]: => bdb_list_candidates 0xa0
Jan 7 10:00:58 localhost slapd[28030]: => bdb_filter_candidates
Jan 7 10:00:58 localhost slapd[28030]: OR
Jan 7 10:00:58 localhost slapd[28030]: => bdb_list_candidates 0xa1
Jan 7 10:00:58 localhost slapd[28030]: => bdb_filter_candidates
Jan 7 10:00:58 localhost slapd[28030]: EQUALITY
Jan 7 10:00:58 localhost slapd[28030]: => bdb_equality_candidates
(objectClass)
Jan 7 10:00:58 localhost slapd[28030]: => key_read
Jan 7 10:00:58 localhost slapd[28030]: bdb_idl_fetch_key: [b49d1940]
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_index_read: failed (-30988)
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_equality_candidates: id=0,
first=0, last=0
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_filter_candidates: id=0
first=0 last=0
Jan 7 10:00:58 localhost slapd[28030]: => bdb_filter_candidates
Jan 7 10:00:58 localhost slapd[28030]: OR
Jan 7 10:00:58 localhost slapd[28030]: => bdb_list_candidates 0xa1
Jan 7 10:00:58 localhost slapd[28030]: => bdb_filter_candidates
Jan 7 10:00:58 localhost slapd[28030]: EXT
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_filter_candidates: id=-1
first=1 last=15
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_list_candidates: id=-1
first=1 last=15
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_filter_candidates: id=-1
first=1 last=15
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_list_candidates: id=-1
first=1 last=15
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_filter_candidates: id=-1
first=1 last=15
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_list_candidates: id=-1
first=1 last=15
Jan 7 10:00:58 localhost slapd[28030]: <= bdb_filter_candidates: id=-1
first=1 last=15
Jan 7 10:00:58 localhost slapd[28030]: bdb_search_candidates: id=-1 first=1
last=15
Jan 7 10:00:58 localhost slapd[28030]: => test_filter
Jan 7 10:00:58 localhost slapd[28030]: OR
Jan 7 10:00:58 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:58 localhost slapd[28030]: => test_filter
Jan 7 10:00:58 localhost slapd[28030]: EXT
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: search access to
"dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:58 localhost slapd[28030]: <= root access granted
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:58 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:58 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:58 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:58 localhost slapd[28030]: bdb_search: 1 does not match filter
Jan 7 10:00:58 localhost slapd[28030]: => test_filter
Jan 7 10:00:58 localhost slapd[28030]: OR
Jan 7 10:00:58 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:58 localhost slapd[28030]: => test_filter
Jan 7 10:00:58 localhost slapd[28030]: EXT
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: search access to
"ou=people,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:58 localhost slapd[28030]: <= root access granted
Jan 7 10:00:58 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:58 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:58 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:58 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:58 localhost slapd[28030]: bdb_search: 2 does not match filter
Jan 7 10:00:58 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"ou=groups,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 3 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"ou=regions,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 4 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"l=Southwest,ou=regions,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 5 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 6 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"l=Phoenix,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu" "member"
requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 7 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"cn=enc,ou=groups,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 9 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"cn=enm,ou=groups,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 10 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"cn=aac,ou=groups,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 11 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"uid=alice,ou=people,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 12 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"uid=bob,ou=people,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 13 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"cn=enm,uid=alice,ou=people,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: >>> dnNormalize:
<l=Southwest,ou=regions,dc=phoenix,dc=edu>
Jan 7 10:00:59 localhost slapd[28030]: <<< dnNormalize:
<l=southwest,ou=regions,dc=phoenix,dc=edu>
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 5
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 5
Jan 7 10:00:59 localhost slapd[28030]: bdb_search: 14 does not match filter
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: OR
Jan 7 10:00:59 localhost slapd[28030]: => test_filter_or
Jan 7 10:00:59 localhost slapd[28030]: => test_filter
Jan 7 10:00:59 localhost slapd[28030]: EXT
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access to
"cn=enc,uid=bob,ou=people,dc=phoenix,dc=edu" "member" requested
Jan 7 10:00:59 localhost slapd[28030]: <= root access granted
Jan 7 10:00:59 localhost slapd[28030]: => access_allowed: search access
granted by manage(=mwrscxd)
Jan 7 10:00:59 localhost slapd[28030]: >>> dnNormalize: <l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu>
Jan 7 10:00:59 localhost slapd[28030]: <<< dnNormalize: <l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu>
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 6
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter_or 6
Jan 7 10:00:59 localhost slapd[28030]: <= test_filter 6
Jan 7 10:00:59 localhost slapd[28030]: refint_search_cb
<cn=enc,uid=bob,ou=people,dc=phoenix,dc=edu>
Jan 7 10:00:59 localhost slapd[28030]: refint_search_cb: member: l=Southern
Arizona,ou=campuses,l=Southwest,ou=regions,dc=phoenix,dc=edu (#1)
Jan 7 10:00:59 localhost slapd[28030]: send_ldap_result: conn=-1 op=0 p=0
Jan 7 10:00:59 localhost slapd[28030]: send_ldap_result: err=0 matched=""
text=""
Jan 7 10:00:59 localhost slapd[28030]: refint_search_cb <NOTHING>
Jan 7 10:00:59 localhost slapd[28030]: bdb_modify:
cn=enc,uid=bob,ou=people,dc=phoenix,dc=edu
Jan 7 10:00:59 localhost slapd[28030]:
bdb_dn2entry("cn=enc,uid=bob,ou=people,dc=phoenix,dc=edu")
Jan 7 10:00:59 localhost slapd[28030]: bdb_modify_internal: 0x0000000f:
cn=enc,uid=bob,ou=people,dc=phoenix,dc=edu
Jan 7 10:00:59 localhost slapd[28030]: <= acl_access_allowed: granted to
database root
Jan 7 10:00:59 localhost slapd[28030]: bdb_modify_internal: delete member
Jan 7 10:00:59 localhost slapd[28030]: dnMatch 0 "l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=edu" "l=southern
arizona,ou=campuses,l=southwest,ou=regions,dc=phoenix,dc=e$
Jan 7 10:00:59 localhost slapd[28030]: bdb_modify_internal: replace
modifiersName
Jan 7 10:00:59 localhost slapd[28030]: bdb_modify_internal: delete member
Jan 7 10:00:59 localhost slapd[28030]: bdb_modify_internal: 16
modify/delete: member: no such attribute
Jan 7 10:00:59 localhost slapd[28030]: bdb_modify: modify failed (16)
Jan 7 10:00:59 localhost slapd[28030]: send_ldap_result: conn=-1 op=0 p=0
Jan 7 10:00:59 localhost slapd[28030]: send_ldap_result: err=16 matched=""
text="modify/delete: member: no such attribute"
Jan 7 10:00:59 localhost slapd[28030]: *refint_repair: dependent modify
failed: 16*
11 years, 5 months
Error configuring monitor database
by Diego Lima
Hello all,
I'm trying to set up monitoring via slapd.conf according to this guide:
http://www.openldap.org/devel/admin/monitoringslapd.html
However after setting it up and trying to test it I receive the following
error message:
root@gilead:/opt/fedora-ds# bin/ldapsearch -x -D "cn=Directory
Manager,o=xxx,o=xxx,c=br" -W -b 'cn=monitor' -s base '(objectClass=*)' '*'
'+'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=monitor> with scope baseObject
# filter: (objectClass=*)
# requesting: * +
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
This is what I've added to my slapd.conf:
database monitor
access to *
by dn.exact="cn=Directory Manager,o=xxx,o=xxx,c=br"
by * none
I've restarted slapd after adding the entries above. Is there something else
that must be done? Thanks!
--
Diego Lima
11 years, 5 months
