December 2012 - openldap-technical

by Venish Khant

Hi all I am using cpan Net::LDAP module to access LDAP entries. I want to search LDAP entries using Net::LDAP search method. When I do search, I want some limited number of entries from search result, for this(searching) process I am using Net::LDAP::Control::VLV module. But I get error on VLV response control. Please, any one have idea about this error. * Error:* Died at vlv.pl line 50, This is my example. I changed the font style of line 50 #!/usr/bin/perl -w use Net::LDAP; use Net::LDAP::Control::VLV; use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE ); use Net::LDAP::Control::Sort; sub procentry { my ( $mesg, $entry) = @_; # Return if there is no entry to process if ( !defined($entry) ) { return; } print "dn: " . $entry->dn() . "\n"; @attrs = $entry->attributes(); foreach $attr (@attrs) { #printf("\t%s: %s\n", $attr, $entry->get_value($attr)); $attrvalue = $entry->get_value($attr,asref=>1); #print $attr.":". $entry->get_value($attr)."\n"; foreach $value(@$attrvalue) { print "$attr: $value\n"; } } $mesg->pop_entry; print "\n"; } $ldap = Net::LDAP->new( "localhost" ); # Get the first 20 entries $vlv = Net::LDAP::Control::VLV->new( before => 0, # No entries from before target entry after => 19, # 19 entries after target entry content => 0, # List size unknown offset => 1, # Target entry is the first ); my $sort = Net::LDAP::Control::Sort->new( order => 'cn' ); @args = ( base => "dc=example,dc=co,dc=in", scope => "subtree", filter => "(objectClass=inetOrgPerson)", callback => \&procentry, # Call this sub for each entry control => [ $sort, $vlv ], ); $mesg = $ldap->search( @args ); # Get VLV response control *($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;* $vlv->response( $resp ); # Set the control to get the last 20 entries $vlv->end; $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); # Now get the previous page $vlv->scroll_page( -1 ); $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mes # Now page with first entry starting with "B" in the middle $vlv->before(9); # Change page to show 9 before $vlv->after(10); # Change page to show 10 after $vlv->assert("B"); # assert "B" $mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); -- Venish Khant www.deeproot.co.in

7 years

4
11
0 / 0

OpenLDAP and dynalogin (two-factor auth with HOTP)

by Daniel Pocock

Some time ago I created the dynalogin ( http://www.dynalogin.org ) solution for two-factor authentication. I'm just contemplating how to make it easier to integrate, and making it convenient to use with OpenLDAP seems like a good strategy: can anyone comment on that? The initial thoughts that I have about the subject: - SASL based solution (dynalogin has digest capability already, so it could be adapted for SASL PLAIN or DIGEST-MD5) - should not prevent password logins (user should be able to use either password or HOTP code) - should enable people to use it indirectly (e.g. if someone already has pam_ldap working, they should be able to add dynalogin to their OpenLDAP server and get immediate benefit) - use cases: UNIX login, high-security webmail login, VPN and OpenID provider backed by OpenLDAP I know that SASL already supports OTP, but that is not HOTP, it is OPIE (or S/Key) RFC 2289: http://tools.ietf.org/html/rfc2289 whereas HOTP is RFC 4226: http://www.ietf.org/rfc/rfc4226.txt HOTP is considered more secure and more widely implemented.

7 years, 11 months

5
6
0 / 0

trouble with slapo-pcache

by btb＠bitrate.net

hi- i'm having a few different issues with slapo-pcache. i did a bit of searching in the its and did not find any items which seemed to match my symptoms. i'm using 2.4.31, on ubuntu 12.10. the first is that i so to not be able to add, via ldapadd, additional olcPcacheTemplate attributes to the config entry. i was able to add the first one using ldapadd, but subsequent modify operations to add another complain "no equality matching rule": >ldapsearch -LLLZZxWH 'ldap://localhost/' -D 'cn=config' -b 'olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config' -s base Enter LDAP Password: dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config objectClass: olcPcacheConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {0}pcache olcPcache: mdb 1000 100 1000 60 olcPcacheAttrset: 0 "*" "+" olcPcacheTemplate: "(uid=)" 0 3600 >cat template.ldif dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config changetype: modify add: olcPcacheTemplate olcPcacheTemplate: "(cn=)" 0 3600 >ldapadd -ZZxWH 'ldap://localhost/' -D 'cn=config' -f template.ldif Enter LDAP Password: modifying entry "olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config" ldap_modify: Inappropriate matching (18) additional info: modify/add: olcPcacheTemplate: no equality matching rule Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 op=0 STARTTLS Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 op=0 RESULT oid= err=0 text= Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 fd=12 ACCEPT from IP=127.0.0.1:32916 (IP=0.0.0.0:389) Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 fd=12 TLS established tls_ssf=128 ssf=128 Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=1 BIND dn="cn=config" method=128 Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=1 BIND dn="cn=config" mech=SIMPLE ssf=0 Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=1 RESULT tag=97 err=0 text= Oct 29 20:01:32 dsa1 slapd[8250]: connection_input: conn=1003 deferring operation: binding Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=2 MOD dn="olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config" Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=2 MOD attr=olcPcacheTemplate Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=2 RESULT tag=103 err=18 text=modify/add: olcPcacheTemplate: no equality matching rule Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=3 UNBIND Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 fd=12 closed adding the attribute "manually" [e.g. slapcat, modify ldif, slapadd] seems to be fine: >ldapsearch -LLLZZxWH 'ldap://localhost/' -D 'cn=config' -b 'olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config' -s base Enter LDAP Password: dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config objectClass: olcPcacheConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {0}pcache olcPcache: mdb 1000 100 1000 60 olcPcacheAttrset: 0 "*" "+" olcPcacheTemplate: "(objectclass=)" 0 3600 olcPcacheTemplate: "(uid=)" 0 3600 my second problem is with caching when slapo-nssov is involved. it appears to not cache [QUERY NOT ANSWERABLE/QUERY NOT CACHEABLE] when a query occurs via nss: >getent passwd flash flash:x:2013:2013:flash gordon:/home/flash:/bin/bash Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on: Oct 31 08:42:15 deepfield slapd[12862]: 11r Oct 31 08:42:15 deepfield slapd[12862]: Oct 31 08:42:15 deepfield slapd[12862]: daemon: read active on 11 Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:42:15 deepfield slapd[12862]: connection_get(11) Oct 31 08:42:15 deepfield slapd[12862]: connection_get(11): got connid=0 Oct 31 08:42:15 deepfield slapd[12862]: nssov: connection from uid=0 gid=0 Oct 31 08:42:15 deepfield slapd[12862]: nssov_passwd_byname(flash) Oct 31 08:42:15 deepfield slapd[12862]: str2filter "(&(objectClass=posixAccount)(uid=flash))" Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter Oct 31 08:42:15 deepfield slapd[12862]: AND Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter_list Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter Oct 31 08:42:15 deepfield slapd[12862]: EQUALITY Oct 31 08:42:15 deepfield slapd[12862]: end get_filter 0 Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:42:15 deepfield slapd[12862]: EQUALITY Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on: Oct 31 08:42:15 deepfield slapd[12862]: end get_filter 0 Oct 31 08:42:15 deepfield slapd[12862]: Oct 31 08:42:15 deepfield slapd[12862]: end get_filter_list Oct 31 08:42:15 deepfield slapd[12862]: end get_filter 0 Oct 31 08:42:15 deepfield slapd[12862]: query template of incoming query = (&(objectClass=)(uid=)) Oct 31 08:42:15 deepfield slapd[12862]: QUERY NOT ANSWERABLE Oct 31 08:42:15 deepfield slapd[12862]: QUERY NOT CACHEABLE Oct 31 08:42:15 deepfield slapd[12862]: =>ldap_back_getconn: conn 0xb51f8ee8 fetched refcnt=1. Oct 31 08:42:15 deepfield slapd[12862]: => ldap_back_munge_filter "(&(objectClass=posixAccount)(uid=flash))" Oct 31 08:42:15 deepfield slapd[12862]: <= ldap_back_munge_filter "(&(objectClass=posixAccount)(uid=flash))" (0) Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:42:15 deepfield slapd[12862]: >>> dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net> Oct 31 08:42:15 deepfield slapd[12862]: <<< dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net>, <uid=flash,ou=people,ou=accounts,dc=example,dc=net> Oct 31 08:42:15 deepfield slapd[12862]: send_ldap_result: conn=-1 op=0 p=0 Oct 31 08:42:15 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text="" although i believe i have a matching query template defined in the config: dn: olcDatabase={2}ldap,cn=config objectClass: olcLDAPConfig objectClass: olcDatabaseConfig objectClass: olcConfig objectClass: top olcDatabase: {2}ldap olcSuffix: dc=example,dc=net olcLastMod: TRUE olcReadOnly: TRUE olcRootDN: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net olcMonitoring: TRUE olcDbURI: ldap://dsa1.example.net/ olcDbStartTLS: start tls_cacert="/etc/pki/trusted_roots/example_networks_roo t_ca-cert.pem" tls_reqcert="demand" olcDbACLBind: bindmethod=simple binddn="cn=slapd,ou=deepfield,ou=services,ou=a ccounts,dc=example,dc=net" credentials="xxxxxxxxxxxxxxx" s tarttls="critical" tls_cacert="/etc/pki/trusted_roots/example_networks_root _ca-cert.pem" tls_reqcert="demand" olcDbIDAssertBind: bindmethod=simple binddn="cn=slapd,ou=deepfield,ou=services ,ou=accounts,dc=example,dc=net" credentials="xxxxxxxxxxxxxxx" structuralObjectClass: olcLDAPConfig entryUUID: f24e435a-b35a-1031-8f37-336141b7bc90 creatorsName: cn=config createTimestamp: 20121026014812Z entryCSN: 20121031023501.089672Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121031023501Z dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config objectClass: olcPcacheConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {0}pcache olcPcache: mdb 1000 100 1000 60 olcPcacheAttrset: 0 "*" "+" olcPcacheTemplate: "(objectClass=)" 0 3600 olcPcacheTemplate: "(uid=)" 0 3600 olcPcacheTemplate: "(&(objectClass=)(uid=))" 0 3600 olcPcacheBind: "(uid=)" 0 60 "sub" "dc=example,dc=net" structuralObjectClass: olcPcacheConfig entryUUID: ddb05d7e-b4fa-1031-811e-353e11fff366 creatorsName: cn=config createTimestamp: 20121028032528Z entryCSN: 20121030002115.179177Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121030002115Z dn: olcDatabase={0}mdb,olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config objectClass: olcPcacheDatabase objectClass: olcMdbConfig objectClass: olcDatabaseConfig objectClass: olcConfig objectClass: top olcDatabase: {0}mdb olcDbDirectory: /var/lib/ldap/example.net/ olcLastMod: TRUE olcMaxDerefDepth: 15 olcDbNoSync: FALSE olcDbIndex: certfingerprint eq olcDbIndex: cn eq olcDbIndex: default eq olcDbIndex: description eq olcDbIndex: entrycsn eq olcDbIndex: entryuuid eq olcDbIndex: gidnumber pres,eq olcDbIndex: host eq olcDbIndex: iphostnumber eq olcDbIndex: ipserviceport eq olcDbIndex: ipserviceprotocol eq olcDbIndex: mail eq olcDbIndex: maillocaladdress eq olcDbIndex: member eq olcDbIndex: memberof eq olcDbIndex: memberuid eq olcDbIndex: objectclass eq olcDbIndex: rfc822mailmember eq olcDbIndex: sudoUser eq olcDbIndex: uid pres,eq,sub olcDbIndex: uidnumber pres,eq olcDbMode: 0600 olcDbSearchStack: 16 structuralObjectClass: olcMdbConfig entryUUID: 88b37716-b590-1031-8c75-439de7087923 creatorsName: cn=config createTimestamp: 20121028211650Z entryCSN: 20121029021315.039143Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121029021315Z dn: olcOverlay={1}nssov,olcDatabase={2}ldap,cn=config objectClass: olcNssOvConfig objectClass: olcOverlayConfig objectClass: olcConfig olcOverlay: {1}nssov olcNssMap: group uniquemember member olcNssPam: authz2dn hostservice olcNssPamSession: sshd olcNssPamSession: login structuralObjectClass: olcNssOvConfig entryUUID: 47ecaef0-b73e-1031-8761-9f0bff5d3212 creatorsName: cn=config createTimestamp: 20121031003305Z entryCSN: 20121031003305.637051Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121031003305Z and if i perform the same query using ldapsearch: >ldapsearch -LLLZZxH 'ldap://localhost/' -D 'uid=flash,ou=people,ou=accounts,dc=example,dc=net' -w 'test' '(&(objectClass=posixAccount)(uid=flash))' dn: uid=flash,ou=people,ou=accounts,dc=example,dc=net initials: fg givenName: flash loginShell: /bin/bash uidNumber: 2013 gidNumber: 2013 uid: flash objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: extensibleObject c: us homeDirectory: /home/flash sn: gordon cn: flash gordon displayName: flash_gordon mail: user(a)example.com it does seem to cache it: Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: slap_listener_activate(8): Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 busy Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: >>> slap_listener(ldap:///) Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: listen=8, new connection on 18 Oct 31 08:55:37 deepfield slapd[12862]: daemon: added 18r (active) listener=(nil) Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 fd=18 ACCEPT from IP=127.0.0.1:37220 (IP=0.0.0.0:389) Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: 18r Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18 Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18) Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003 Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003 Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: op tag 0x77, time 1351688137 Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 do_extended Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Oct 31 08:55:37 deepfield slapd[12862]: do_extended: oid=1.3.6.1.4.1.1466.20037 Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 STARTTLS Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_extended: err=0 oid= len=0 Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_response: msgid=1 tag=120 err=0 Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 RESULT oid= err=0 text= Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: 18r Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18 Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18) Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003 Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003 Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: 18r Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18 Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18) Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003 Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003 Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): unable to get TLS client DN, error=49 id=1003 Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 fd=18 TLS established tls_ssf=128 ssf=128 Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: 18r Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18 Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18) Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003 Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003 Oct 31 08:55:37 deepfield slapd[12862]: op tag 0x60, time 1351688137 Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 do_bind Oct 31 08:55:37 deepfield slapd[12862]: >>> dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net> Oct 31 08:55:37 deepfield slapd[12862]: <<< dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net>, <uid=flash,ou=people,ou=accounts,dc=example,dc=net> Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 BIND dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net" method=128 Oct 31 08:55:37 deepfield slapd[12862]: do_bind: version=3 dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net" method=128 Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_get: ndn: "uid=flash,ou=people,ou=accounts,dc=example,dc=net" Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_get: oc: "(null)", at: "(null)" Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("uid=flash,ou=people,ou=accounts,dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("uid=flash,ou=people,ou=accounts,dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x4 Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode: Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_decode Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_get: found entry: "uid=flash,ou=people,ou=accounts,dc=example,dc=net" Oct 31 08:55:37 deepfield slapd[12862]: mdb_entry_get: rc=0 Oct 31 08:55:37 deepfield slapd[12862]: str2filter "(uid=flash)" Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0 Oct 31 08:55:37 deepfield slapd[12862]: Lock QC index = 0xb867e250 Oct 31 08:55:37 deepfield slapd[12862]: Base of added query = dc=example,dc=net Oct 31 08:55:37 deepfield slapd[12862]: QUERY ANSWERABLE (answered 5 times) Oct 31 08:55:37 deepfield slapd[12862]: => mdb_search Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("uid=flash,ou=people,ou=accounts,dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("uid=flash,ou=people,ou=accounts,dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x4 Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode: Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_decode Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access to "uid=flash,ou=people,ou=accounts,dc=example,dc=net" "entry" requested Oct 31 08:55:37 deepfield slapd[12862]: <= root access granted Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access granted by manage(=mwrscxd) Oct 31 08:55:37 deepfield slapd[12862]: base_candidates: base: "uid=flash,ou=people,ou=accounts,dc=example,dc=net" (0x00000004) Oct 31 08:55:37 deepfield slapd[12862]: => test_filter Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access to "uid=flash,ou=people,ou=accounts,dc=example,dc=net" "uid" requested Oct 31 08:55:37 deepfield slapd[12862]: <= root access granted Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access granted by manage(=mwrscxd) Oct 31 08:55:37 deepfield slapd[12862]: <= test_filter 6 Oct 31 08:55:37 deepfield slapd[12862]: pc_bind_search: cache is stale, reftime: 1351688135, current time: 1351688137 Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: conn=1003 op=1 p=3 Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text="" Oct 31 08:55:37 deepfield slapd[12862]: =>ldap_back_getconn: conn=1003 op=1: lc=0xb38f9788 inserted refcnt=1 rc=0 Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 BIND dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net" mech=SIMPLE ssf=0 Oct 31 08:55:37 deepfield slapd[12862]: do_bind: v3 bind: "uid=flash,ou=people,ou=accounts,dc=example,dc=net" to "uid=flash,ou=people,ou=accounts,dc=example,dc=net" Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: conn=1003 op=1 p=3 Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text="" Oct 31 08:55:37 deepfield slapd[12862]: pc_setpw: CACHING BIND for uid=flash,ou=people,ou=accounts,dc=example,dc=net Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify: uid=flash,ou=people,ou=accounts,dc=example,dc=net Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("uid=flash,ou=people,ou=accounts,dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("uid=flash,ou=people,ou=accounts,dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x4 Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode: Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_decode Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify_internal: 0x00000004: uid=flash,ou=people,ou=accounts,dc=example,dc=net Oct 31 08:55:37 deepfield slapd[12862]: <= acl_access_allowed: granted to database root Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify_internal: replace userPassword Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_encode(0x00000004): uid=flash,ou=people,ou=accounts,dc=example,dc=net Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_encode(0x00000004): uid=flash,ou=people,ou=accounts,dc=example,dc=net Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify: updated id=00000004 dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net" Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: conn=1003 op=1 p=3 Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text="" Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_response: msgid=2 tag=97 err=0 Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 RESULT tag=97 err=0 text= Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: 18r Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18 Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18) Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003 Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003 Oct 31 08:55:37 deepfield slapd[12862]: op tag 0x63, time 1351688137 Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=2 do_search Oct 31 08:55:37 deepfield slapd[12862]: >>> dnPrettyNormal: <dc=example,dc=net> Oct 31 08:55:37 deepfield slapd[12862]: <<< dnPrettyNormal: <dc=example,dc=net>, <dc=example,dc=net> Oct 31 08:55:37 deepfield slapd[12862]: SRCH "dc=example,dc=net" 2 0 Oct 31 08:55:37 deepfield slapd[12862]: 0 60 0 Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter Oct 31 08:55:37 deepfield slapd[12862]: AND Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter_list Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0 Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0 Oct 31 08:55:37 deepfield slapd[12862]: end get_filter_list Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0 Oct 31 08:55:37 deepfield slapd[12862]: filter: (&(objectClass=posixAccount)(uid=flash)) Oct 31 08:55:37 deepfield slapd[12862]: attrs: Oct 31 08:55:37 deepfield slapd[12862]: Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=2 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=flash))" Oct 31 08:55:37 deepfield slapd[12862]: ==> limits_get: conn=1003 op=2 self="uid=flash,ou=people,ou=accounts,dc=example,dc=net" this="dc=example,dc=net" Oct 31 08:55:37 deepfield slapd[12862]: query template of incoming query = (&(objectClass=)(uid=)) Oct 31 08:55:37 deepfield slapd[12862]: Entering QC, querystr = (&(objectClass=posixAccount)(uid=flash)) Oct 31 08:55:37 deepfield slapd[12862]: Lock QC index = 0xb867e350 Oct 31 08:55:37 deepfield slapd[12862]: Base of added query = dc=example,dc=net Oct 31 08:55:37 deepfield slapd[12862]: QUERY ANSWERABLE (answered 1 times) Oct 31 08:55:37 deepfield slapd[12862]: => mdb_search Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("dc=example,dc=net") Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x1 Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode: what am i doing wrong? -ben

10 years, 2 months

2
2
0 / 0

Bind failing with "critical extension is unavailable" error when used with pagedresultscontrol

by Cannady, Mike

I have a program that works with Microsoft LDAP that I'm trying to get to work with openldap. The program is from a third-party and I have NO access to the code. I was able to duplicate the behavior with Perl code (testPaged.pl) later in this email. The bind is to a domain that uses the BDB backend. If my test code ignores the error from bind, it does the paged results just fine. The problem is the third-party program stops if it sees the error in bind. I've captured network traffic to the Microsoft LDAP server and see that it generates NO error. The version I'm running is: [root@radius1 openldap]# slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Jul 31 2012 10:47:00) $ mockbuild@x86-001.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd Is this a bug? I have the perl code, the debug run of the perl code, the slapd.d structure, dumps of the olcDatabase entries, and the results of "slapd -d -1" output. ##==============================================================testPaged.pl [mcannady@vmHTCradius1 ldap]$ cat testPaged.pl use Net::LDAP; use Net::LDAP::Control::Paged; use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); ################################## sub ProcessSearch { my ( $msg, $result ) = @_; ## Nothing to do return if ( ! defined($result) ); if ( $result->isa("Net::LDAP::Reference") ) { ## a reference... just mention it. } else { $result->dump( ); print "\n"; } } ##################################### $ldap = Net::LDAP->new( "radius1.pbx.htc.internal" ); $page = Net::LDAP::Control::Paged->new( size => 10 , critical => true ); $mesg = $ldap->bind( "uid=NuPoint,dc=htc,dc=com", password => "XXXXXXX[redacted]XXXXXXXXXXX" , control => [ $page ] ); if ( $mesg->code ) { ## print error print "error on bind: ", $mesg->error(), "\n"; return; } @args = ( base => "cn=Users,dc=htc,dc=com", scope => "subtree", filter => "(objectClass=user)", callback => \&ProcessSearch, # Call this sub for each entry control => [ $page ], ); my $cookie; while(1) { # Perform search my $mesg = $ldap->search( @args ); # Only continue on LDAP_SUCCESS $mesg->code and last; # Get cookie from paged control my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last; $cookie = $resp->cookie or last; # Set cookie in paged control $page->cookie($cookie); } if ($cookie) { # We had an abnormal exit, so let the server know we do not want any more $page->cookie($cookie); $page->size(0); $ldap->search( @args ); } [mcannady@vmHTCradius1 ldap]$ ##================================================================ perl debug-mode test [mcannady@vmHTCradius1 ldap]$ perl -d testPaged.pl Loading DB routines from perl5db.pl version 1.32 Editor support available. Enter h or `h h' for help, or `man perldebug' for more help. main::(testPaged.pl:20): $ldap = Net::LDAP->new( "radius1.pbx.htc.internal" ); DB<1> n main::(testPaged.pl:22): $page = Net::LDAP::Control::Paged->new( size => 10 , critical => true ); DB<1> n main::(testPaged.pl:24): $mesg = $ldap->bind( "uid=NuPoint,dc=htc,dc=com", main::(testPaged.pl:25): password => "XXXXXXXXX[redacted]XXXXXX" , main::(testPaged.pl:26): control => [ $page ] main::(testPaged.pl:27): ); DB<1> n main::(testPaged.pl:28): if ( $mesg->code ) { DB<1> n main::(testPaged.pl:30): print "error on bind: ", $mesg->error(), "\n"; DB<1> n error on bind: critical extension is unavailable main::(testPaged.pl:31): return; ##====================================================================================== [root@radius1 slapd.d]# find . -print . ./cn=config.ldif ./cn=config ./cn=config/cn=include{1}.ldif ./cn=config/cn=schema ./cn=config/cn=schema/cn={1}cosine.ldif ./cn=config/cn=schema/cn={4}ad.ldif ./cn=config/cn=schema/cn={2}inetorgperson.ldif ./cn=config/cn=schema/cn={3}nis.ldif ./cn=config/cn=schema/cn={0}core.ldif ./cn=config/cn=include{3}.ldif ./cn=config/olcDatabase={1}bdb.ldif ./cn=config/olcDatabase={2}bdb.ldif ./cn=config/olcDatabase={0}config.ldif ./cn=config/cn=schema.ldif ./cn=config/cn=include{2}.ldif ./cn=config/cn=include{0}.ldif ./cn=config/olcDatabase={3}monitor.ldif ./cn=config/olcDatabase={-1}frontend.ldif ##======================================================================================= ======================================================== cat olcDatabase={0}config.ldif dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,cn=config olcRootPW:: XXXredactedXXX structuralObjectClass: olcDatabaseConfig entryUUID: ac0d8a60-c861-1031-9bd4-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z ======================================================== cat olcDatabase={1}bdb.ldif dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcSuffix: dc=htc,dc=com olcAccess: {0}to * by dn.base="uid=push-master,cn=nupointproxy,dc=internal" w rite by * +0 break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read olcAccess: {3}to dn.subtree="cn=monitor" by users read by * none olcAccess: {4}to * by self write by * read olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootPW:: XXXXXXXXXXXXXXXXXXXXredactedXXXXXXXXXXXX olcDbDirectory: /var/lib/ldap/htc.com olcDbCacheSize: 150000 olcDbCheckpoint: 102400 1 olcDbConfig: {0}set_cachesize 0 268435465 1 olcDbConfig: {1}set_lg_bsize 2097152 olcDbConfig: {2}set_lg_regionmax 262144 olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE olcDbNoSync: TRUE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 150000 olcDbIndex: objectClass pres,eq olcDbIndex: cn pres,eq,sub olcDbIndex: ou pres,eq,sub olcDbIndex: mail pres,eq,sub olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbLinearIndex: FALSE olcDbMode: 384 olcDbSearchStack: 16 olcDbShmKey: 12321 olcDbCacheFree: 1 structuralObjectClass: olcBdbConfig entryUUID: ac0da28e-c861-1031-9bd5-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z olcRootDN: uid=Manager,dc=htc,dc=com olcUpdateDN: uid=Push-Master,cn=NupointProxy,dc=internal entryCSN: 20121212180425.846656Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20121212180425Z ======================================================== cat olcDatabase={-1}frontend.ldif dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema structuralObjectClass: olcDatabaseConfig entryUUID: ac0d771e-c861-1031-9bd3-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z olcTimeLimit: unlimited olcSizeLimit: unlimited entryCSN: 20121214201101.233668Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20121214201101Z ======================================================== cat olcDatabase={2}bdb.ldif dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcSuffix: dc=internal olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,cn=config olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap/htc.internal olcDbCacheSize: 1000 olcDbCheckpoint: 100 63 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 92ff370e-dcc9-1031-8a59-533cee5baf07 creatorsName: cn=config createTimestamp: 20121217191324Z entryCSN: 20121217191324.652465Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121217191324Z ======================================================== cat olcDatabase={3}monitor.ldif dn: olcDatabase={3}monitor objectClass: olcDatabaseConfig olcDatabase: {3}monitor olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 54da1e50-d8df-1031-85bf-235d062b63b6 creatorsName: cn=config createTimestamp: 20121212193904Z entryCSN: 20121212193904.665758Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121212193904Z ======================================================== Script started on Tue 18 Dec 2012 01:56:28 PM EST [root@radius1 openldap]# slapd -u ldap -d -1 @(#) $OpenLDAP: slapd 2.4.23 (Jul 31 2012 10:47:00) $ mockbuild@x86-001.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd ldap_pvt_gethostbyname_a: host=radius1.pbx.htc.internal, r=0 daemon_init: <null> daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap:///) daemon: listener initialized ldap:/// daemon_init: 2 listeners opened ldap_create slapd init: initiated server. slap_sasl_init: initialized! bdb_back_initialize: initialize BDB backend bdb_back_initialize: Berkeley DB 4.7.25: (March 5, 2012) hdb_back_initialize: initialize HDB backend hdb_back_initialize: Berkeley DB 4.7.25: (March 5, 2012) null_back_initialize: initialize null backend backend_startup_one: starting "cn=config" ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config.ldif" => str2entry: "dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /etc/openldap/slapd.conf olcConfigDir: /etc/openldap/slapd.d olcAllows: bind_v2 olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcTLSCACertificateFile: /etc/pki/tls/certs/ca-bundle.crt olcTLSCertificateFile: /etc/pki/tls/certs/slapd.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.pem olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcLocalSSF: 71 olcLogLevel: Stats olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReplicationInterval: 0 olcReverseLookup: FALSE olcSaslHost: htcRadius1.htc.internal olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCRLCheck: none olcTLSVerifyClient: never olcToolThreads: 1 structuralObjectClass: olcGlobal entryUUID: ac065c7c-c861-1031-9bc9-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z " >>> dnPrettyNormal: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnPrettyNormal: <cn=config>, <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn=config) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 olcTLSCRLCheck: value #0: keyword <TLSCRLCheck> ignored olcTLSCRLCheck: value #0: keyword <TLSCRLCheck> ignored olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored) ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{0}.ldif" => str2entry: "dn: cn=include{0} objectClass: olcIncludeFile cn: include{0} olcInclude: /etc/openldap/schema/core.schema structuralObjectClass: olcIncludeFile entryUUID: ac0c28d2-c861-1031-9bca-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z " >>> dnPrettyNormal: <cn=include{0}> => ldap_bv2dn(cn=include{0},0) <= ldap_bv2dn(cn=include{0})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{0})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{0})=0 <<< dnPrettyNormal: <cn=include{0}>, <cn=include{0}> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn=include{0}) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn=include{0},cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{1}.ldif" => str2entry: "dn: cn=include{1} objectClass: olcIncludeFile cn: include{1} olcInclude: /etc/openldap/schema/cosine.schema structuralObjectClass: olcIncludeFile entryUUID: ac0c434e-c861-1031-9bcb-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z " >>> dnPrettyNormal: <cn=include{1}> => ldap_bv2dn(cn=include{1},0) <= ldap_bv2dn(cn=include{1})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{1})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{1})=0 <<< dnPrettyNormal: <cn=include{1}>, <cn=include{1}> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn=include{1}) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn=include{1},cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{2}.ldif" => str2entry: "dn: cn=include{2} objectClass: olcIncludeFile cn: include{2} olcInclude: /etc/openldap/schema/inetorgperson.schema structuralObjectClass: olcIncludeFile entryUUID: ac0c54f6-c861-1031-9bcc-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z " >>> dnPrettyNormal: <cn=include{2}> => ldap_bv2dn(cn=include{2},0) <= ldap_bv2dn(cn=include{2})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{2})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{2})=0 <<< dnPrettyNormal: <cn=include{2}>, <cn=include{2}> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn=include{2}) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn=include{2},cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{3}.ldif" => str2entry: "dn: cn=include{3} objectClass: olcIncludeFile cn: include{3} olcInclude: /etc/openldap/schema/nis.schema structuralObjectClass: olcIncludeFile entryUUID: ac0c6496-c861-1031-9bcd-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z " >>> dnPrettyNormal: <cn=include{3}> => ldap_bv2dn(cn=include{3},0) <= ldap_bv2dn(cn=include{3})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{3})=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=include{3})=0 <<< dnPrettyNormal: <cn=include{3}>, <cn=include{3}> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn=include{3}) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn=include{3},cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema.ldif" => str2entry: "dn: cn=schema objectClass: olcSchemaConfig cn: schema olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.666.11.1 olcObjectIdentifier: OLcfgAt OLcfg:3 olcObjectIdentifier: OLcfgGlAt OLcfgAt:0 olcObjectIdentifier: OLcfgBkAt OLcfgAt:1 olcObjectIdentifier: OLcfgDbAt OLcfgAt:2 olcObjectIdentifier: OLcfgOvAt OLcfgAt:3 olcObjectIdentifier: OLcfgOc OLcfg:4 olcObjectIdentifier: OLcfgGlOc OLcfgOc:0 olcObjectIdentifier: OLcfgBkOc OLcfgOc:1 olcObjectIdentifier: OLcfgDbOc OLcfgOc:2 olcObjectIdentifier: OLcfgOvOc OLcfgOc:3 olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1 olcObjectIdentifier: OMsInteger OMsyn:27 olcObjectIdentifier: OMsBoolean OMsyn:7 olcObjectIdentifier: OMsDN OMsyn:12 olcObjectIdentifier: OMsDirectoryString OMsyn:15 olcObjectIdentifier: OMsOctetString OMsyn:40 olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.38 ) olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'X.500(93): st ructural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpera tion ) olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC2252: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFIC ATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC2252: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalized TimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-M ODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC2252: name of creat or' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING LE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC2252: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has ch ildren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU E NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC2252: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperat ion ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.33 NAME 'entryDN' DESC 'DN of the entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 S INGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VA LUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change seq uence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatc h SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION US AGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change s equence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrder ingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICA TION USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syn crepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFI CATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the lar gest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFI>>> dnPrettyNormal: <cn=schema> => ldap_bv2dn(cn=schema,0) <= ldap_bv2dn(cn=schema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=schema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=schema)=0 <<< dnPrettyNormal: <cn=schema>, <cn=schema> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn=schema) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif" => str2entry: "dn: cn={0}core objectClass: olcSchemaConfig cn: {0}core olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{32768} ) olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f amily) name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO- 3166 country 2-letter code' SUP name SINGLE-VALUE ) olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc ality which this object resides in' SUP name ) olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2 256: state or province which this object resides in' SUP name ) olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 : organization this object belongs to' SUP name ) olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC ' RFC2256: organizational unit this object belongs to' SUP name ) olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ) olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15{40} ) olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{40} ) olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.22 ) olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.36{15} ) olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256 : international ISDN number' EQUALITY numericStringMatch SUBSTR numericString SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d estination indicator' EQUALITY caseIgnoreMatch SUBSTR cas>>> dnPrettyNormal: <cn={0}core> => ldap_bv2dn(cn={0}core,0) <= ldap_bv2dn(cn={0}core)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={0}core)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={0}core)=0 <<< dnPrettyNormal: <cn={0}core>, <cn={0}core> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn={0}core) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn={0}core,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif" => str2entry: "dn: cn={1}cosine objectClass: olcSchemaConfig cn: {1}cosine olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15{256} ) olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 ) olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.50 ) olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.12 ) olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAM>>> dnPrettyNormal: <cn={1}cosine> => ldap_bv2dn(cn={1}cosine,0) <= ldap_bv2dn(cn={1}cosine)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={1}cosine)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={1}cosine)=0 <<< dnPrettyNormal: <cn={1}cosine>, <cn={1}cosine> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn={1}cosine) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn={1}cosine,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif" => str2entry: "dn: cn={2}inetorgperson objectClass: olcSchemaConfig cn: {2}inetorgperson olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF C2798: numerically identifies an employee within an organization' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.5 ) olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.5 ) olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) structuralObjectClass: olcSchemaConfig entryUUID: ac0d4294-c861-1031-9bd1-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z " >>> dnPrettyNormal: <cn={2}inetorgperson> => ldap_bv2dn(cn={2}inetorgperson,0) <= ldap_bv2dn(cn={2}inetorgperson)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={2}inetorgperson)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={2}inetorgperson)=0 <<< dnPrettyNormal: <cn={2}inetorgperson>, <cn={2}inetorgperson> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn={2}inetorgperson) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn={2}inetorgperson,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={3}nis.ldif" => str2entry: "dn: cn={3}nis objectClass: olcSchemaConfig cn: {3}nis olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 ) olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI NGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI NGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26{1024} SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a ttributes for shadow passwords'>>> dnPrettyNormal: <cn={3}nis> => ldap_bv2dn(cn={3}nis,0) <= ldap_bv2dn(cn={3}nis)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={3}nis)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={3}nis)=0 <<< dnPrettyNormal: <cn={3}nis>, <cn={3}nis> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn={3}nis) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn={3}nis,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={4}ad.ldif" => str2entry: "dn: cn={4}AD objectClass: olcSchemaConfig cn: {4}AD olcAttributeTypes: {0}( 1.2.840.113556.1.2.447 NAME 'mailNickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.2.840.113556.1.4.782 NAME 'objectCategory' SYNTA X 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcObjectClasses: {0}( 1.2.840.113556.1.5.9 NAME 'user' SUP organizational Person STRUCTURAL MAY ( objectCategory $ mailNickname $ sAMAccountName $ di splayName $ mail ) ) olcObjectClasses: {1}( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRU CTURAL MUST cn ) structuralObjectClass: olcSchemaConfig entryUUID: 6feaa26c-cf6d-1031-986d-79eaa697be5e creatorsName: cn=config createTimestamp: 20121130191106Z entryCSN: 20121130191106Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121130191106Z " >>> dnPrettyNormal: <cn={4}AD> => ldap_bv2dn(cn={4}AD,0) <= ldap_bv2dn(cn={4}AD)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={4}AD)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn={4}ad)=0 <<< dnPrettyNormal: <cn={4}AD>, <cn={4}ad> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(cn={4}AD) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "cn={4}AD,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif" => str2entry: "dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema structuralObjectClass: olcDatabaseConfig entryUUID: ac0d771e-c861-1031-9bd3-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z olcTimeLimit: unlimited olcSizeLimit: unlimited entryCSN: 20121214201101.233668Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20121214201101Z " >>> dnPrettyNormal: <olcDatabase={-1}frontend> => ldap_bv2dn(olcDatabase={-1}frontend,0) <= ldap_bv2dn(olcDatabase={-1}frontend)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={-1}frontend)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={-1}frontend)=0 <<< dnPrettyNormal: <olcDatabase={-1}frontend>, <olcDatabase={-1}frontend> >>> dnNormalize: <cn=Subschema> => ldap_bv2dn(cn=Subschema,0) <= ldap_bv2dn(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 <<< dnNormalize: <cn=subschema> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnNormalize: <cn=admin,cn=config> <= str2entry(olcDatabase={-1}frontend) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "olcDatabase={-1}frontend,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 >>> dnPrettyNormal: <cn=Subschema> => ldap_bv2dn(cn=Subschema,0) <= ldap_bv2dn(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema> >>> dnPrettyNormal: <cn=Subschema> => ldap_bv2dn(cn=Subschema,0) <= ldap_bv2dn(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema> ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif" => str2entry: "dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,cn=config olcRootPW:: Y29uZmln structuralObjectClass: olcDatabaseConfig entryUUID: ac0d8a60-c861-1031-9bd4-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z entryCSN: 20121121195915Z#000000#00#000000 modifiersName: cn=config modifyTimestamp: 20121121195915Z " >>> dnPrettyNormal: <olcDatabase={0}config> => ldap_bv2dn(olcDatabase={0}config,0) <= ldap_bv2dn(olcDatabase={0}config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={0}config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={0}config)=0 <<< dnPrettyNormal: <olcDatabase={0}config>, <olcDatabase={0}config> >>> dnNormalize: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnNormalize: <cn=admin,cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(olcDatabase={0}config) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "olcDatabase={0}config,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 >>> dnPrettyNormal: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config> >>> dnPrettyNormal: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config> ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif" => str2entry: "dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcSuffix: dc=htc,dc=com olcAccess: {0}to * by dn.base="uid=push-master,cn=nupointproxy,dc=internal" w rite by * +0 break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read olcAccess: {3}to dn.subtree="cn=monitor" by users read by * none olcAccess: {4}to * by self write by * read olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootPW:: e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9 olcDbDirectory: /var/lib/ldap/htc.com olcDbCacheSize: 150000 olcDbCheckpoint: 102400 1 olcDbConfig: {0}set_cachesize 0 268435465 1 olcDbConfig: {1}set_lg_bsize 2097152 olcDbConfig: {2}set_lg_regionmax 262144 olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE olcDbNoSync: TRUE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 150000 olcDbIndex: objectClass pres,eq olcDbIndex: cn pres,eq,sub olcDbIndex: ou pres,eq,sub olcDbIndex: mail pres,eq,sub olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbLinearIndex: FALSE olcDbMode: 384 olcDbSearchStack: 16 olcDbShmKey: 12321 olcDbCacheFree: 1 structuralObjectClass: olcBdbConfig entryUUID: ac0da28e-c861-1031-9bd5-5591ba7dfe32 creatorsName: cn=config createTimestamp: 20121121195915Z olcRootDN: uid=Manager,dc=htc,dc=com olcUpdateDN: uid=Push-Master,cn=NupointProxy,dc=internal entryCSN: 20121212180425.846656Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20121212180425Z " >>> dnPrettyNormal: <olcDatabase={1}bdb> => ldap_bv2dn(olcDatabase={1}bdb,0) <= ldap_bv2dn(olcDatabase={1}bdb)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={1}bdb)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={1}bdb)=0 <<< dnPrettyNormal: <olcDatabase={1}bdb>, <olcDatabase={1}bdb> >>> dnNormalize: <dc=htc,dc=com> => ldap_bv2dn(dc=htc,dc=com,0) <= ldap_bv2dn(dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=htc,dc=com)=0 <<< dnNormalize: <dc=htc,dc=com> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <uid=Manager,dc=htc,dc=com> => ldap_bv2dn(uid=Manager,dc=htc,dc=com,0) <= ldap_bv2dn(uid=Manager,dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=manager,dc=htc,dc=com)=0 <<< dnNormalize: <uid=manager,dc=htc,dc=com> >>> dnNormalize: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnNormalize: <cn=admin,cn=config> <= str2entry(olcDatabase={1}bdb) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "olcDatabase={1}bdb,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 >>> dnPrettyNormal: <dc=htc,dc=com> => ldap_bv2dn(dc=htc,dc=com,0) <= ldap_bv2dn(dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=htc,dc=com)=0 <<< dnPrettyNormal: <dc=htc,dc=com>, <dc=htc,dc=com> >>> dnPrettyNormal: <uid=Manager,dc=htc,dc=com> => ldap_bv2dn(uid=Manager,dc=htc,dc=com,0) <= ldap_bv2dn(uid=Manager,dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=Manager,dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=manager,dc=htc,dc=com)=0 <<< dnPrettyNormal: <uid=Manager,dc=htc,dc=com>, <uid=manager,dc=htc,dc=com> >>> dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal> => ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal,0) <= ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=Push-Master,cn=NupointProxy,dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=push-master,cn=nupointproxy,dc=internal)=0 <<< dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal>, <uid=push-master,cn=nupointproxy,dc=internal> bdb_db_init: Initializing BDB database >>> dnPrettyNormal: <dc=htc,dc=com> => ldap_bv2dn(dc=htc,dc=com,0) <= ldap_bv2dn(dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=htc,dc=com)=0 <<< dnPrettyNormal: <dc=htc,dc=com>, <dc=htc,dc=com> >>> dnNormalize: <uid=push-master,cn=nupointproxy,dc=internal> => ldap_bv2dn(uid=push-master,cn=nupointproxy,dc=internal,0) <= ldap_bv2dn(uid=push-master,cn=nupointproxy,dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=push-master,cn=nupointproxy,dc=internal)=0 <<< dnNormalize: <uid=push-master,cn=nupointproxy,dc=internal> Backend ACL: access to * by dn.base="uid=push-master,cn=nupointproxy,dc=internal" write by * +0 break /etc/openldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context >>> dnNormalize: <> <<< dnNormalize: <> Backend ACL: access to dn.base="" by * read /etc/openldap/slapd.d: line 1: warning: ACL appears to be out of scope within backend naming context >>> dnNormalize: <cn=subschema> => ldap_bv2dn(cn=subschema,0) <= ldap_bv2dn(cn=subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 <<< dnNormalize: <cn=subschema> Backend ACL: access to dn.base="cn=subschema" by * read /etc/openldap/slapd.d: line 1: warning: ACL appears to be out of scope within backend naming context >>> dnNormalize: <cn=monitor> => ldap_bv2dn(cn=monitor,0) <= ldap_bv2dn(cn=monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=monitor)=0 <<< dnNormalize: <cn=monitor> Backend ACL: access to dn.subtree="cn=monitor" by users read by * none /etc/openldap/slapd.d: line 1: warning: ACL appears to be out of scope within backend naming context Backend ACL: access to * by self write by * read /etc/openldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context >>> dnPrettyNormal: <uid=Manager,dc=htc,dc=com> => ldap_bv2dn(uid=Manager,dc=htc,dc=com,0) <= ldap_bv2dn(uid=Manager,dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=Manager,dc=htc,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=manager,dc=htc,dc=com)=0 <<< dnPrettyNormal: <uid=Manager,dc=htc,dc=com>, <uid=manager,dc=htc,dc=com> >>> dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal> => ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal,0) <= ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=Push-Master,cn=NupointProxy,dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=push-master,cn=nupointproxy,dc=internal)=0 <<< dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal>, <uid=push-master,cn=nupointproxy,dc=internal> index objectClass 0x0006 index cn 0x0716 index ou 0x0716 index mail 0x0716 index sn 0x0716 index givenName 0x0716 ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif" => str2entry: "dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcSuffix: dc=internal olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,cn=config olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap/htc.internal olcDbCacheSize: 1000 olcDbCheckpoint: 100 63 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 92ff370e-dcc9-1031-8a59-533cee5baf07 creatorsName: cn=config createTimestamp: 20121217191324Z entryCSN: 20121217191324.652465Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121217191324Z " >>> dnPrettyNormal: <olcDatabase={2}bdb> => ldap_bv2dn(olcDatabase={2}bdb,0) <= ldap_bv2dn(olcDatabase={2}bdb)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={2}bdb)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={2}bdb)=0 <<< dnPrettyNormal: <olcDatabase={2}bdb>, <olcDatabase={2}bdb> >>> dnNormalize: <dc=internal> => ldap_bv2dn(dc=internal,0) <= ldap_bv2dn(dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=internal)=0 <<< dnNormalize: <dc=internal> >>> dnNormalize: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnNormalize: <cn=admin,cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(olcDatabase={2}bdb) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "olcDatabase={2}bdb,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 >>> dnPrettyNormal: <dc=internal> => ldap_bv2dn(dc=internal,0) <= ldap_bv2dn(dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=internal)=0 <<< dnPrettyNormal: <dc=internal>, <dc=internal> >>> dnPrettyNormal: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config> bdb_db_init: Initializing BDB database >>> dnPrettyNormal: <dc=internal> => ldap_bv2dn(dc=internal,0) <= ldap_bv2dn(dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=internal)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=internal)=0 <<< dnPrettyNormal: <dc=internal>, <dc=internal> >>> dnPrettyNormal: <cn=admin,cn=config> => ldap_bv2dn(cn=admin,cn=config,0) <= ldap_bv2dn(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,cn=config)=0 <<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config> ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={3}monitor.ldif" => str2entry: "dn: olcDatabase={3}monitor objectClass: olcDatabaseConfig olcDatabase: {3}monitor olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 54da1e50-d8df-1031-85bf-235d062b63b6 creatorsName: cn=config createTimestamp: 20121212193904Z entryCSN: 20121212193904.665758Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20121212193904Z " >>> dnPrettyNormal: <olcDatabase={3}monitor> => ldap_bv2dn(olcDatabase={3}monitor,0) <= ldap_bv2dn(olcDatabase={3}monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={3}monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={3}monitor)=0 <<< dnPrettyNormal: <olcDatabase={3}monitor>, <olcDatabase={3}monitor> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 <<< dnNormalize: <cn=config> <= str2entry(olcDatabase={3}monitor) -> 0x7fcb0f61d108 => test_filter PRESENT => access_allowed: search access to "olcDatabase={3}monitor,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 >>> dnPrettyNormal: <cn=Monitor> => ldap_bv2dn(cn=Monitor,0) <= ldap_bv2dn(cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=monitor)=0 <<< dnPrettyNormal: <cn=Monitor>, <cn=monitor> send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=0 matched="" text="" matching_rule_use_init 1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) ) 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) ) 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) ) 2.5.13.39 (certificateListMatch): 2.5.13.38 (certificateListExactMatch): matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) ) 2.5.13.35 (certificateMatch): 2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) ) 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) ) 2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) ) 2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) ) 2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation ) 2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember ) 2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) 2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) ) 2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) ) 2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) 2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) ) 2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $ olcDbNoUndefFilter ) ) 2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) ) 2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) ) 2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName $ mailNickname $ sAMAccountName ) ) 2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName $ mailNickname $ sAMAccountName ) ) 1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcRelay $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect $ objectCategory ) ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) slapd startup: initiated. backend_startup_one: starting "cn=config" config_back_db_open Backend ACL: access to * by * none config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context backend_startup_one: starting "dc=htc,dc=com" bdb_db_open: "dc=htc,dc=com" bdb_db_open: database "dc=htc,dc=com": dbenv_open(/var/lib/ldap/htc.com). backend_startup_one: starting "dc=internal" bdb_db_open: "dc=internal" bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap/htc.internal: (2). Expect poor performance for suffix "dc=internal". bdb_db_open: database "dc=internal": dbenv_open(/var/lib/ldap/htc.internal). backend_startup_one: starting "cn=Monitor" >>> dnNormalize: <cn=Monitor> <<< dnNormalize: <cn=monitor> >>> dnPretty: <cn=Backends> => ldap_bv2dn(cn=Backends,0) <= ldap_bv2dn(cn=Backends)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Backends)=0 <<< dnPretty: <cn=Backends> >>> dnNormalize: <cn=Backends> <<< dnNormalize: <cn=backends> >>> dnPretty: <cn=Connections> => ldap_bv2dn(cn=Connections,0) <= ldap_bv2dn(cn=Connections)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Connections)=0 <<< dnPretty: <cn=Connections> >>> dnNormalize: <cn=Connections> <<< dnNormalize: <cn=connections> >>> dnPretty: <cn=Databases> => ldap_bv2dn(cn=Databases,0) <= ldap_bv2dn(cn=Databases)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Databases)=0 <<< dnPretty: <cn=Databases> >>> dnNormalize: <cn=Databases> <<< dnNormalize: <cn=databases> >>> dnPretty: <cn=Listeners> => ldap_bv2dn(cn=Listeners,0) <= ldap_bv2dn(cn=Listeners)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Listeners)=0 <<< dnPretty: <cn=Listeners> >>> dnNormalize: <cn=Listeners> <<< dnNormalize: <cn=listeners> >>> dnPretty: <cn=Log> => ldap_bv2dn(cn=Log,0) <= ldap_bv2dn(cn=Log)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Log)=0 <<< dnPretty: <cn=Log> >>> dnNormalize: <cn=Log> <<< dnNormalize: <cn=log> >>> dnPretty: <cn=Operations> => ldap_bv2dn(cn=Operations,0) <= ldap_bv2dn(cn=Operations)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Operations)=0 <<< dnPretty: <cn=Operations> >>> dnNormalize: <cn=Operations> <<< dnNormalize: <cn=operations> >>> dnPretty: <cn=Overlays> => ldap_bv2dn(cn=Overlays,0) <= ldap_bv2dn(cn=Overlays)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Overlays)=0 <<< dnPretty: <cn=Overlays> >>> dnNormalize: <cn=Overlays> <<< dnNormalize: <cn=overlays> >>> dnPretty: <cn=SASL> => ldap_bv2dn(cn=SASL,0) <= ldap_bv2dn(cn=SASL)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=SASL)=0 <<< dnPretty: <cn=SASL> >>> dnNormalize: <cn=SASL> <<< dnNormalize: <cn=sasl> >>> dnPretty: <cn=Statistics> => ldap_bv2dn(cn=Statistics,0) <= ldap_bv2dn(cn=Statistics)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Statistics)=0 <<< dnPretty: <cn=Statistics> >>> dnNormalize: <cn=Statistics> <<< dnNormalize: <cn=statistics> >>> dnPretty: <cn=Threads> => ldap_bv2dn(cn=Threads,0) <= ldap_bv2dn(cn=Threads)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Threads)=0 <<< dnPretty: <cn=Threads> >>> dnNormalize: <cn=Threads> <<< dnNormalize: <cn=threads> >>> dnPretty: <cn=Time> => ldap_bv2dn(cn=Time,0) <= ldap_bv2dn(cn=Time)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Time)=0 <<< dnPretty: <cn=Time> >>> dnNormalize: <cn=Time> <<< dnNormalize: <cn=time> >>> dnPretty: <cn=TLS> => ldap_bv2dn(cn=TLS,0) <= ldap_bv2dn(cn=TLS)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=TLS)=0 <<< dnPretty: <cn=TLS> >>> dnNormalize: <cn=TLS> <<< dnNormalize: <cn=tls> >>> dnPretty: <cn=Waiters> => ldap_bv2dn(cn=Waiters,0) <= ldap_bv2dn(cn=Waiters)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Waiters)=0 <<< dnPretty: <cn=Waiters> >>> dnNormalize: <cn=Waiters> <<< dnNormalize: <cn=waiters> >>> dnNormalize: <cn=Backend 0> <<< dnNormalize: <cn=backend 0> >>> dnNormalize: <cn=Database 0,cn=Databases,cn=Monitor> => ldap_bv2dn(cn=Database 0,cn=Databases,cn=Monitor,0) <= ldap_bv2dn(cn=Database 0,cn=Databases,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=database 0,cn=databases,cn=monitor)=0 <<< dnNormalize: <cn=database 0,cn=databases,cn=monitor> >>> dnNormalize: <cn=Backend 1> <<< dnNormalize: <cn=backend 1> >>> dnNormalize: <cn=Backend 2> <<< dnNormalize: <cn=backend 2> >>> dnNormalize: <cn=Database 3,cn=Databases,cn=Monitor> => ldap_bv2dn(cn=Database 3,cn=Databases,cn=Monitor,0) <= ldap_bv2dn(cn=Database 3,cn=Databases,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=database 3,cn=databases,cn=monitor)=0 <<< dnNormalize: <cn=database 3,cn=databases,cn=monitor> >>> dnNormalize: <cn=Backend 3> <<< dnNormalize: <cn=backend 3> >>> dnNormalize: <cn=Database 1,cn=Databases,cn=Monitor> => ldap_bv2dn(cn=Database 1,cn=Databases,cn=Monitor,0) <= ldap_bv2dn(cn=Database 1,cn=Databases,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=database 1,cn=databases,cn=monitor)=0 <<< dnNormalize: <cn=database 1,cn=databases,cn=monitor> >>> dnNormalize: <cn=Database 2,cn=Databases,cn=Monitor> => ldap_bv2dn(cn=Database 2,cn=Databases,cn=Monitor,0) <= ldap_bv2dn(cn=Database 2,cn=Databases,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=database 2,cn=databases,cn=monitor)=0 <<< dnNormalize: <cn=database 2,cn=databases,cn=monitor> >>> dnNormalize: <cn=Backend 4> <<< dnNormalize: <cn=backend 4> >>> dnNormalize: <cn=Backend 5> <<< dnNormalize: <cn=backend 5> >>> dnNormalize: <cn=Backend 6> <<< dnNormalize: <cn=backend 6> >>> dnNormalize: <cn=Backend 7> <<< dnNormalize: <cn=backend 7> >>> dnNormalize: <cn=Backend 8> <<< dnNormalize: <cn=backend 8> >>> dnNormalize: <cn=Backend 9> <<< dnNormalize: <cn=backend 9> >>> dnNormalize: <cn=Backend 10> <<< dnNormalize: <cn=backend 10> >>> dnNormalize: <cn=Backend 11> <<< dnNormalize: <cn=backend 11> >>> dnNormalize: <cn=Max File Descriptors> <<< dnNormalize: <cn=max file descriptors> >>> dnNormalize: <cn=Total> <<< dnNormalize: <cn=total> >>> dnNormalize: <cn=Current> <<< dnNormalize: <cn=current> >>> dnNormalize: <cn=Frontend> <<< dnNormalize: <cn=frontend> >>> dnNormalize: <cn=Database 0> <<< dnNormalize: <cn=database 0> >>> dnNormalize: <cn=Backend 0,cn=Backends,cn=Monitor> => ldap_bv2dn(cn=Backend 0,cn=Backends,cn=Monitor,0) <= ldap_bv2dn(cn=Backend 0,cn=Backends,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=backend 0,cn=backends,cn=monitor)=0 <<< dnNormalize: <cn=backend 0,cn=backends,cn=monitor> >>> dnNormalize: <cn=Database 1> <<< dnNormalize: <cn=database 1> >>> dnNormalize: <cn=Backend 3,cn=Backends,cn=Monitor> => ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor,0) <= ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=backend 3,cn=backends,cn=monitor)=0 <<< dnNormalize: <cn=backend 3,cn=backends,cn=monitor> >>> dnNormalize: <cn=Database 2> <<< dnNormalize: <cn=database 2> >>> dnNormalize: <cn=Backend 3,cn=Backends,cn=Monitor> => ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor,0) <= ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=backend 3,cn=backends,cn=monitor)=0 <<< dnNormalize: <cn=backend 3,cn=backends,cn=monitor> >>> dnNormalize: <cn=Database 3> <<< dnNormalize: <cn=database 3> >>> dnNormalize: <cn=Backend 2,cn=Backends,cn=Monitor> => ldap_bv2dn(cn=Backend 2,cn=Backends,cn=Monitor,0) <= ldap_bv2dn(cn=Backend 2,cn=Backends,cn=Monitor)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=backend 2,cn=backends,cn=monitor)=0 <<< dnNormalize: <cn=backend 2,cn=backends,cn=monitor> >>> dnNormalize: <cn=Listener 0> <<< dnNormalize: <cn=listener 0> >>> dnNormalize: <cn=Listener 1> <<< dnNormalize: <cn=listener 1> >>> dnNormalize: <cn=Bind> <<< dnNormalize: <cn=bind> >>> dnNormalize: <cn=Unbind> <<< dnNormalize: <cn=unbind> >>> dnNormalize: <cn=Search> <<< dnNormalize: <cn=search> >>> dnNormalize: <cn=Compare> <<< dnNormalize: <cn=compare> >>> dnNormalize: <cn=Modify> <<< dnNormalize: <cn=modify> >>> dnNormalize: <cn=Modrdn> <<< dnNormalize: <cn=modrdn> >>> dnNormalize: <cn=Add> <<< dnNormalize: <cn=add> >>> dnNormalize: <cn=Delete> <<< dnNormalize: <cn=delete> >>> dnNormalize: <cn=Abandon> <<< dnNormalize: <cn=abandon> >>> dnNormalize: <cn=Extended> <<< dnNormalize: <cn=extended> >>> dnNormalize: <cn=Overlay 0> <<< dnNormalize: <cn=overlay 0> >>> dnNormalize: <cn=Overlay 1> <<< dnNormalize: <cn=overlay 1> >>> dnNormalize: <cn=Overlay 2> <<< dnNormalize: <cn=overlay 2> >>> dnNormalize: <cn=Overlay 3> <<< dnNormalize: <cn=overlay 3> >>> dnNormalize: <cn=Bytes> <<< dnNormalize: <cn=bytes> >>> dnNormalize: <cn=PDU> <<< dnNormalize: <cn=pdu> >>> dnNormalize: <cn=Entries> <<< dnNormalize: <cn=entries> >>> dnNormalize: <cn=Referrals> <<< dnNormalize: <cn=referrals> >>> dnNormalize: <cn=Max> <<< dnNormalize: <cn=max> >>> dnNormalize: <cn=Max Pending> <<< dnNormalize: <cn=max pending> >>> dnNormalize: <cn=Open> <<< dnNormalize: <cn=open> >>> dnNormalize: <cn=Starting> <<< dnNormalize: <cn=starting> >>> dnNormalize: <cn=Active> <<< dnNormalize: <cn=active> >>> dnNormalize: <cn=Pending> <<< dnNormalize: <cn=pending> >>> dnNormalize: <cn=Backload> <<< dnNormalize: <cn=backload> >>> dnNormalize: <cn=State> <<< dnNormalize: <cn=state> >>> dnNormalize: <cn=Runqueue> <<< dnNormalize: <cn=runqueue> >>> dnNormalize: <cn=Tasklist> <<< dnNormalize: <cn=tasklist> >>> dnNormalize: <cn=Start> <<< dnNormalize: <cn=start> >>> dnNormalize: <cn=Current> <<< dnNormalize: <cn=current> >>> dnNormalize: <cn=Uptime> <<< dnNormalize: <cn=uptime> >>> dnNormalize: <cn=Read> <<< dnNormalize: <cn=read> >>> dnNormalize: <cn=Write> <<< dnNormalize: <cn=write> slapd starting daemon: added 4r listener=(nil) daemon: added 7r listener=0x7fcb0f5bc2d0 daemon: added 8r listener=0x7fcb0f5bc390 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7): daemon: epoll: listen=7 busy daemon: epoll: listen=8 active_threads=0 tvp=zero >>> slap_listener(ldap:///) daemon: activity on 1 descriptor daemon: activity on:daemon: listen=7, new connection on 16 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: added 16r (active) listener=(nil) conn=1000 fd=16 ACCEPT from IP=172.24.10.201:23867 (IP=0.0.0.0:389) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero connection_get(16) connection_get(16): got connid=1000 connection_read(16): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 60 02 01 01 60 33 02 0`...`3. ldap_read: want=90, got=90 0000: 01 03 04 19 75 69 64 3d 4e 75 50 6f 69 6e 74 2c ....uid=NuPoint, 0010: 64 63 3d 68 74 63 2c 64 63 3d 63 6f 6d 80 13 64 dc=htc,dc=com..d 0020: 65 63 20 31 33 20 32 30 31 32 20 63 72 65 61 74 ec 13 2012 creat 0030: 65 64 a0 26 30 24 04 16 31 2e 32 2e 38 34 30 2e ed.&0$..1.2.840. 0040: 31 31 33 35 35 36 2e 31 2e 34 2e 33 31 39 01 01 113556.1.4.319.. 0050: ff 04 07 30 05 02 01 0a 04 00 ...0...... ber_get_next: tag 0x30 len 96 contents: ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000920 end=0x7fcad8000980 len=96 0000: 02 01 01 60 33 02 01 03 04 19 75 69 64 3d 4e 75 ...`3.....uid=Nu 0010: 50 6f 69 6e 74 2c 64 63 3d 68 74 63 2c 64 63 3d Point,dc=htc,dc= 0020: 63 6f 6d 80 13 64 65 63 20 31 33 20 32 30 31 32 com..dec 13 2012 0030: 20 63 72 65 61 74 65 64 a0 26 30 24 04 16 31 2e created.&0$..1. 0040: 32 2e 38 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2.840.113556.1.4 0050: 2e 33 31 39 01 01 ff 04 07 30 05 02 01 0a 04 00 .319.....0...... op tag 0x60, time 1355857467 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: conn=1000 op=0 do_bind daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero ber_scanf fmt ({imt) ber: ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000923 end=0x7fcad8000980 len=93 0000: 60 33 02 01 03 04 19 75 69 64 3d 4e 75 50 6f 69 `3.....uid=NuPoi 0010: 6e 74 2c 64 63 3d 68 74 63 2c 64 63 3d 63 6f 6d nt,dc=htc,dc=com 0020: 80 13 64 65 63 20 31 33 20 32 30 31 32 20 63 72 ..dec 13 2012 cr 0030: 65 61 74 65 64 a0 26 30 24 04 16 31 2e 32 2e 38 eated.&0$..1.2.8 0040: 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 33 31 40.113556.1.4.31 0050: 39 01 01 ff 04 07 30 05 02 01 0a 04 00 9.....0...... ber_scanf fmt (m}) ber: ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000943 end=0x7fcad8000980 len=61 0000: 00 13 64 65 63 20 31 33 20 32 30 31 32 20 63 72 ..dec 13 2012 cr 0010: 65 61 74 65 64 a0 26 30 24 04 16 31 2e 32 2e 38 eated.&0$..1.2.8 0020: 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 33 31 40.113556.1.4.31 0030: 39 01 01 ff 04 07 30 05 02 01 0a 04 00 9.....0...... => get_ctrls ber_scanf fmt ({m) ber: ber_dump: buf=0x7fcad8000920 ptr=0x7fcad800095a end=0x7fcad8000980 len=38 0000: 30 24 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 0$..1.2.840.1135 0010: 35 36 2e 31 2e 34 2e 33 31 39 01 01 ff 04 07 30 56.1.4.319.....0 0020: 05 02 01 0a 04 00 ...... ber_scanf fmt (b) ber: ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000974 end=0x7fcad8000980 len=12 0000: 00 01 ff 04 07 30 05 02 01 0a 04 00 .....0...... ber_scanf fmt (m) ber: ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000977 end=0x7fcad8000980 len=9 0000: 04 07 30 05 02 01 0a 04 00 ..0...... => get_ctrls: oid="1.2.840.113556.1.4.319" (critical) <= get_ctrls: n=1 rc=12 err="critical extension is unavailable" send_ldap_result: conn=1000 op=0 p=3 send_ldap_result: err=12 matched="" text="critical extension is unavailable" send_ldap_response: msgid=1 tag=97 err=12 ber_flush2: 47 bytes to sd 16 0000: 30 2d 02 01 01 61 28 0a 01 0c 04 00 04 21 63 72 0-...a(......!cr 0010: 69 74 69 63 61 6c 20 65 78 74 65 6e 73 69 6f 6e itical extension 0020: 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 is unavailable ldap_write: want=47, written=47 0000: 30 2d 02 01 01 61 28 0a 01 0c 04 00 04 21 63 72 0-...a(......!cr 0010: 69 74 69 63 61 6c 20 65 78 74 65 6e 73 69 6f 6e itical extension 0020: 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 is unavailable conn=1000 op=0 RESULT tag=97 err=12 text=critical extension is unavailable conn=1000 op=0 do_bind: get_ctrls failed daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 16r daemon: read active on 16 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero connection_get(16) connection_get(16): got connid=1000 connection_read(16): checking for input on id=1000 ber_get_next ldap_read: want=8, got=0 ber_get_next on fd 16 failed errno=0 (Success) connection_read(16): input error=-2 id=1000, closing. connection_closing: readying conn=1000 sd=16 for close connection_close: conn=1000 sd=16 daemon: activity on 1 descriptor daemon: activity on: daemon: removing 16 conn=1000 fd=16 closed (connection lost) daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero ^Cdaemon: shutdown requested and initiated. daemon: closing 7 daemon: closing 8 slapd shutdown: waiting for 0 operations/tasks to finish slapd shutdown: initiated ====> bdb_cache_release_all ====> bdb_cache_release_all slapd destroy: freeing system resources. slapd stopped. [root@radius1 openldap]# exit exit Script done on Tue 18 Dec 2012 03:06:10 PM EST ********************************************************************** HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. **********************************************************************

10 years, 5 months

3
2
0 / 0

Forcing TLS, but keep working SASL authentication

by Wiebe Cazemier

Hi, I want to force SSL on my OpenLDAP server (2.4.21-0ubuntu5.7, Ubuntu 10.04 LTS), but then the SASL authentication breaks. I did this to enable tls-only: # feed to ldapmodify dn: cn=config changetype: modify add: olcSecurity olcSecurity: tls=1 But, then I can't use "-Y EXTERNAL" anymore, because it then demands a TLS connection. When I enable TLS (-ZZ) on tools like ldapmodify and use ldap://hostname/ and bind with my rootDN (admin user), it doesn't work (insufficient access (50)). I guess it needs the socket to know I'm root. Inspecting all DB's with "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config", it appears the config DB's have an olcAccess rule like: olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break gid and uid = 0, so I guess it's the system's root account. I tried adding an olcRootDN and olcRootPW to olcDatabase={0}config,cn=config so that I could modify the cn=config, but adding them gave an error: "<olcRootPW> can only be set when rootdn is under suffix". When I tried adding olcSuffix to "dc=domain,dc=tld", it said: "<olcSuffix> handler exited with 1". I also tried specifying a olcRootDN only (no olcRootPW) (like cn=admin,dc=domain,dc=tld) and then add that user to "dc=domain,dc=tld", but it didn't work. Unfortunately, I don't remember what went wrong. So, is there a way to enforce TLS but still use the SASL authentication? Any help is appreciated. Thanks in advance, Wiebe Cazemier

10 years, 5 months

2
3
0 / 0

sasl Kerberos authentication with subordinate

by Wu, James C.

Hi, I am trying to set up an OpenLDAP and Kerberos authentication for testing purpose. The setup contains a pair of internal ldap server and Kerberos server and the pair of external ldap server and Kerberos server. I made the tree of the internal ldap server to be a subordinate of the external server and enabled the saslauthd for authentication on both the internal and the external ldap server to the respective Kerberos server. I have tested that the LDAP authentication through saslauthd using Kerberos works well on both the internal ldap and Kerberos pair and the external ldap Kerberos pair. However, when I point the client machine to the external ldap server and the add the subordinate relationship, I could not get the authentication for the uses in the internal ldap directory to work. For example, when I used "su - peter" where peter is a user in the external ldap server and the password is {SASL}peter(a)EXAMPLE.COM<mailto:%7bSASL%7dpeter@EXAMPLE.COM>. The authentication works. However, when I use "su - James" where james is a user defined in the internal ldap server with password {SASL}james(a)SUB.EXAMPLE.COM<mailto:%7bSASL%7djames@SUB.EXAMPLE.COM>, then the authentication failed. I check the log file, the internal server did get the search request forwarded from the external ldap server and returned the correct information back. However, I did not see the saslauthd process on either the external or the internal ldap server get any inquiry for the authentication. I tried to modify the /etc/krb5.conf and added the realms for both EXAMPLE.COM and SUB.EXAMPLE.COM. Still, the authentication does not work for users defined in the internal ldap server. Could anyone give me some hints for this issue? james

10 years, 5 months

2
12
0 / 0

GDM + pwdPolicy problem

by cbulist

Hi, We have a problem using Red Hat 5.7, gdm 2.16.0-59 y pwdPolicy. When an account gets pwdMaxAge limit and the user try to login using GUI the user doesn't receive any warning about expiration account, it just requests the user and password like a normal login and it fail. The warning works if the user try login by SSH. If we use pwdReset the user get the warning message and it is able to change the password. We comment pwdPolicy rules and using shadow attributes gdm works fine. We tried the same configuration with a Red Hat 6 server and everything works fine but we are not able to change our Red Hat version now. Our requirements are keep the password history and we tried pam_unix remember=3 option in /etc/pam.d/system-auth with /etc/security/opasswd but It did not work. We can go with shadow attributes as long as we keep the password history. Any idea? Thanks in advance!

10 years, 5 months

2
1
0 / 0

olcToolthreads and slapadd -n0

by Василий Молостов

i have migrated server side config for my db and I have found some strange behavior of slapadd: I've got started migration from converting slapd.conf containing my db config and a 'tool-threads' parameter (with value above 1) into common ldif file, in which an 'olcToolThreads' was defined appropriately (i.e above 1). It was the simplest and clear step. The next step was to 'slapadd -n 0' this ldif file into an empty server config (having slapd stopped), but just at adding 'cn=config' object (which contains olcToolThreads with value > 1) 'slapadd' stuck indefinitely at shed_yelds() call (I have observed this via strace tool from ubuntu). So as a result slapadd had been in processing its operation indefinitely without any output but was capable to stop working by Ctrl-C handler. Setting olcToolThreads to 0 or 1 has solved this problem. I dont know is this a bug or my misconfiguration?

10 years, 5 months

3
2
0 / 0

missing structuralObjectClass

by Dusty Doris

I recently migrated a client's ldap directories to new servers. I setup replication from the new servers to the old servers to do the initial build of the directory and to keep up to date with changes before the cutover. In the process we also moved from 2.4.12 to 2.4.33. I've run into an issue since then with an object that was missing a structuralObjectClass. When we try to commit modifications to that object, we received an error that says: ldap_modify: Other (e.g., implementation specific) error (80) additional info: no structuralObjectClass operational attribute Doing a search on that object with +, shows that it is in fact missing a structuralObjectClass. Other users that we can modify, show that they do have that attribute. I was able to solve this problem by doing an ldapsearch on the user and saving to an ldif, ldapdelete the user, then ldapadd the user back from the ldif file. When re-adding that user, the structuralObjectClass was created. It looks like about 50% of our objects are missing that attribute. To get those numbers, I am searching with: '(&(objectClass=*)(!(structuralObjectClass=*)))' + VS '(&(objectClass=*)(structuralObjectClass=*))' + What would be the best way for me to fix these issues on every object that is missing the structuralObjectClass? Also, in the future, would you recommend I do a slapcat/slapadd or something like that to populate a new database instead of letting syncrepl load it for me? Would that have fixed this problem from the start? Thanks for any suggestions. - Dusty Doris

10 years, 5 months

2
3
0 / 0

Re: Multi-Master OpenLDAP Replication for 3 nodes -- slapadd command failing

by fal patel

Hey Quanah, Thank you very much for the debugging tip! -- Using it I got further in. Now I get an error "<= str2entry: str2ad(UR1): attribute type undefined". I must be setting my external variables (such as UR1) incorrectly in my LDIF file. What is the correct syntax for setting them, please? I tried each of the following sentences, none of which worked: URI1: ldap://host1.hq.mycompany.com:389/ URI1: ldap://host1.hq.mycompany.com:389 URI1: "ldap://host1.hq.mycompany.com:389/" URI1="ldap://host1.hq.mycompany.com:389/" URI1="ldap://host1.hq.mycompany.com:389" URI1 ldap://host1.hq.mycompany.com:389/ This is the command I execute (after removing all contents from slapd.d): slapadd -d -1 -v -F /etc/openldap/slapd.d -n 0 -l /etc/openldap/nwaymmr.ldif >& output.txt For completeness I've attached my LDIF file "nwaymmr.ldif" and the output "output.txt" utilizing the first line above. Thank you very much, in advance. Fal On Sat, Dec 29, 2012 at 9:02 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Saturday, December 29, 2012 9:01 AM -0800 fal patel < > fal0patel(a)gmail.com> wrote: > > (3) Where It's Failing: >> ================= >> I first executed the following: >> >> slapadd -v -F /usr/local/etc/openldap/slapd.**d -b bdb -l mmr.ldif >> > > This is nonsensical. You are adding a cn=config DB. Thus you cannot use > a base of "bdb". Remember that -b is the suffix you are adding (in this > case, cn=config). Not the database type. > > > So I suppose I must create the database beforehand? >> > > No. But the directory (/usr/local/etc/openldap/**slapd.d) must exist > before slapadd will work. > > I would suggest you run: > > slapadd -d -1 -v -F /usr/local/etc/openldap/slapd.**d -n 0 -l mmr.ldif > > So you can see exactly why it is failing. My guess is you didn't create > the directory. > > --Quanah > > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

10 years, 5 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2012