Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years
OpenLDAP and dynalogin (two-factor auth with HOTP)
by Daniel Pocock
Some time ago I created the dynalogin ( http://www.dynalogin.org )
solution for two-factor authentication.
I'm just contemplating how to make it easier to integrate, and making it
convenient to use with OpenLDAP seems like a good strategy: can anyone
comment on that?
The initial thoughts that I have about the subject:
- SASL based solution (dynalogin has digest capability already, so it
could be adapted for SASL PLAIN or DIGEST-MD5)
- should not prevent password logins (user should be able to use either
password or HOTP code)
- should enable people to use it indirectly (e.g. if someone already has
pam_ldap working, they should be able to add dynalogin to their OpenLDAP
server and get immediate benefit)
- use cases: UNIX login, high-security webmail login, VPN and OpenID
provider backed by OpenLDAP
I know that SASL already supports OTP, but that is not HOTP, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
7 years, 11 months
trouble with slapo-pcache
by btb@bitrate.net
hi-
i'm having a few different issues with slapo-pcache. i did a bit of searching in the its and did not find any items which seemed to match my symptoms. i'm using 2.4.31, on ubuntu 12.10.
the first is that i so to not be able to add, via ldapadd, additional olcPcacheTemplate attributes to the config entry. i was able to add the first one using ldapadd, but subsequent modify operations to add another complain "no equality matching rule":
>ldapsearch -LLLZZxWH 'ldap://localhost/' -D 'cn=config' -b 'olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config' -s base
Enter LDAP Password:
dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config
objectClass: olcPcacheConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {0}pcache
olcPcache: mdb 1000 100 1000 60
olcPcacheAttrset: 0 "*" "+"
olcPcacheTemplate: "(uid=)" 0 3600
>cat template.ldif
dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config
changetype: modify
add: olcPcacheTemplate
olcPcacheTemplate: "(cn=)" 0 3600
>ldapadd -ZZxWH 'ldap://localhost/' -D 'cn=config' -f template.ldif
Enter LDAP Password:
modifying entry "olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config"
ldap_modify: Inappropriate matching (18)
additional info: modify/add: olcPcacheTemplate: no equality matching rule
Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 op=0 STARTTLS
Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 op=0 RESULT oid= err=0 text=
Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 fd=12 ACCEPT from IP=127.0.0.1:32916 (IP=0.0.0.0:389)
Oct 29 20:01:30 dsa1 slapd[8250]: conn=1003 fd=12 TLS established tls_ssf=128 ssf=128
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=1 BIND dn="cn=config" method=128
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=1 BIND dn="cn=config" mech=SIMPLE ssf=0
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=1 RESULT tag=97 err=0 text=
Oct 29 20:01:32 dsa1 slapd[8250]: connection_input: conn=1003 deferring operation: binding
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=2 MOD dn="olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config"
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=2 MOD attr=olcPcacheTemplate
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=2 RESULT tag=103 err=18 text=modify/add: olcPcacheTemplate: no equality matching rule
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 op=3 UNBIND
Oct 29 20:01:32 dsa1 slapd[8250]: conn=1003 fd=12 closed
adding the attribute "manually" [e.g. slapcat, modify ldif, slapadd] seems to be fine:
>ldapsearch -LLLZZxWH 'ldap://localhost/' -D 'cn=config' -b 'olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config' -s base
Enter LDAP Password:
dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config
objectClass: olcPcacheConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {0}pcache
olcPcache: mdb 1000 100 1000 60
olcPcacheAttrset: 0 "*" "+"
olcPcacheTemplate: "(objectclass=)" 0 3600
olcPcacheTemplate: "(uid=)" 0 3600
my second problem is with caching when slapo-nssov is involved. it appears to not cache [QUERY NOT ANSWERABLE/QUERY NOT CACHEABLE] when a query occurs via nss:
>getent passwd flash
flash:x:2013:2013:flash gordon:/home/flash:/bin/bash
Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:42:15 deepfield slapd[12862]: 11r
Oct 31 08:42:15 deepfield slapd[12862]:
Oct 31 08:42:15 deepfield slapd[12862]: daemon: read active on 11
Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:42:15 deepfield slapd[12862]: connection_get(11)
Oct 31 08:42:15 deepfield slapd[12862]: connection_get(11): got connid=0
Oct 31 08:42:15 deepfield slapd[12862]: nssov: connection from uid=0 gid=0
Oct 31 08:42:15 deepfield slapd[12862]: nssov_passwd_byname(flash)
Oct 31 08:42:15 deepfield slapd[12862]: str2filter "(&(objectClass=posixAccount)(uid=flash))"
Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter
Oct 31 08:42:15 deepfield slapd[12862]: AND
Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter_list
Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter
Oct 31 08:42:15 deepfield slapd[12862]: EQUALITY
Oct 31 08:42:15 deepfield slapd[12862]: end get_filter 0
Oct 31 08:42:15 deepfield slapd[12862]: begin get_filter
Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:42:15 deepfield slapd[12862]: EQUALITY
Oct 31 08:42:15 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:42:15 deepfield slapd[12862]: end get_filter 0
Oct 31 08:42:15 deepfield slapd[12862]:
Oct 31 08:42:15 deepfield slapd[12862]: end get_filter_list
Oct 31 08:42:15 deepfield slapd[12862]: end get_filter 0
Oct 31 08:42:15 deepfield slapd[12862]: query template of incoming query = (&(objectClass=)(uid=))
Oct 31 08:42:15 deepfield slapd[12862]: QUERY NOT ANSWERABLE
Oct 31 08:42:15 deepfield slapd[12862]: QUERY NOT CACHEABLE
Oct 31 08:42:15 deepfield slapd[12862]: =>ldap_back_getconn: conn 0xb51f8ee8 fetched refcnt=1.
Oct 31 08:42:15 deepfield slapd[12862]: => ldap_back_munge_filter "(&(objectClass=posixAccount)(uid=flash))"
Oct 31 08:42:15 deepfield slapd[12862]: <= ldap_back_munge_filter "(&(objectClass=posixAccount)(uid=flash))" (0)
Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:42:15 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:42:15 deepfield slapd[12862]: >>> dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net>
Oct 31 08:42:15 deepfield slapd[12862]: <<< dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net>, <uid=flash,ou=people,ou=accounts,dc=example,dc=net>
Oct 31 08:42:15 deepfield slapd[12862]: send_ldap_result: conn=-1 op=0 p=0
Oct 31 08:42:15 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text=""
although i believe i have a matching query template defined in the config:
dn: olcDatabase={2}ldap,cn=config
objectClass: olcLDAPConfig
objectClass: olcDatabaseConfig
objectClass: olcConfig
objectClass: top
olcDatabase: {2}ldap
olcSuffix: dc=example,dc=net
olcLastMod: TRUE
olcReadOnly: TRUE
olcRootDN: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net
olcMonitoring: TRUE
olcDbURI: ldap://dsa1.example.net/
olcDbStartTLS: start tls_cacert="/etc/pki/trusted_roots/example_networks_roo
t_ca-cert.pem" tls_reqcert="demand"
olcDbACLBind: bindmethod=simple binddn="cn=slapd,ou=deepfield,ou=services,ou=a
ccounts,dc=example,dc=net" credentials="xxxxxxxxxxxxxxx" s
tarttls="critical" tls_cacert="/etc/pki/trusted_roots/example_networks_root
_ca-cert.pem" tls_reqcert="demand"
olcDbIDAssertBind: bindmethod=simple binddn="cn=slapd,ou=deepfield,ou=services
,ou=accounts,dc=example,dc=net" credentials="xxxxxxxxxxxxxxx"
structuralObjectClass: olcLDAPConfig
entryUUID: f24e435a-b35a-1031-8f37-336141b7bc90
creatorsName: cn=config
createTimestamp: 20121026014812Z
entryCSN: 20121031023501.089672Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121031023501Z
dn: olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config
objectClass: olcPcacheConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {0}pcache
olcPcache: mdb 1000 100 1000 60
olcPcacheAttrset: 0 "*" "+"
olcPcacheTemplate: "(objectClass=)" 0 3600
olcPcacheTemplate: "(uid=)" 0 3600
olcPcacheTemplate: "(&(objectClass=)(uid=))" 0 3600
olcPcacheBind: "(uid=)" 0 60 "sub" "dc=example,dc=net"
structuralObjectClass: olcPcacheConfig
entryUUID: ddb05d7e-b4fa-1031-811e-353e11fff366
creatorsName: cn=config
createTimestamp: 20121028032528Z
entryCSN: 20121030002115.179177Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121030002115Z
dn: olcDatabase={0}mdb,olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config
objectClass: olcPcacheDatabase
objectClass: olcMdbConfig
objectClass: olcDatabaseConfig
objectClass: olcConfig
objectClass: top
olcDatabase: {0}mdb
olcDbDirectory: /var/lib/ldap/example.net/
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcDbNoSync: FALSE
olcDbIndex: certfingerprint eq
olcDbIndex: cn eq
olcDbIndex: default eq
olcDbIndex: description eq
olcDbIndex: entrycsn eq
olcDbIndex: entryuuid eq
olcDbIndex: gidnumber pres,eq
olcDbIndex: host eq
olcDbIndex: iphostnumber eq
olcDbIndex: ipserviceport eq
olcDbIndex: ipserviceprotocol eq
olcDbIndex: mail eq
olcDbIndex: maillocaladdress eq
olcDbIndex: member eq
olcDbIndex: memberof eq
olcDbIndex: memberuid eq
olcDbIndex: objectclass eq
olcDbIndex: rfc822mailmember eq
olcDbIndex: sudoUser eq
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidnumber pres,eq
olcDbMode: 0600
olcDbSearchStack: 16
structuralObjectClass: olcMdbConfig
entryUUID: 88b37716-b590-1031-8c75-439de7087923
creatorsName: cn=config
createTimestamp: 20121028211650Z
entryCSN: 20121029021315.039143Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121029021315Z
dn: olcOverlay={1}nssov,olcDatabase={2}ldap,cn=config
objectClass: olcNssOvConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
olcOverlay: {1}nssov
olcNssMap: group uniquemember member
olcNssPam: authz2dn hostservice
olcNssPamSession: sshd
olcNssPamSession: login
structuralObjectClass: olcNssOvConfig
entryUUID: 47ecaef0-b73e-1031-8761-9f0bff5d3212
creatorsName: cn=config
createTimestamp: 20121031003305Z
entryCSN: 20121031003305.637051Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121031003305Z
and if i perform the same query using ldapsearch:
>ldapsearch -LLLZZxH 'ldap://localhost/' -D 'uid=flash,ou=people,ou=accounts,dc=example,dc=net' -w 'test' '(&(objectClass=posixAccount)(uid=flash))'
dn: uid=flash,ou=people,ou=accounts,dc=example,dc=net
initials: fg
givenName: flash
loginShell: /bin/bash
uidNumber: 2013
gidNumber: 2013
uid: flash
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: extensibleObject
c: us
homeDirectory: /home/flash
sn: gordon
cn: flash gordon
displayName: flash_gordon
mail: user(a)example.com
it does seem to cache it:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: slap_listener_activate(8):
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 busy
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: >>> slap_listener(ldap:///)
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: listen=8, new connection on 18
Oct 31 08:55:37 deepfield slapd[12862]: daemon: added 18r (active) listener=(nil)
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 fd=18 ACCEPT from IP=127.0.0.1:37220 (IP=0.0.0.0:389)
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]: 18r
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18)
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: op tag 0x77, time 1351688137
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 do_extended
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Oct 31 08:55:37 deepfield slapd[12862]: do_extended: oid=1.3.6.1.4.1.1466.20037
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 STARTTLS
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_extended: err=0 oid= len=0
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_response: msgid=1 tag=120 err=0
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=0 RESULT oid= err=0 text=
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]: 18r
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18)
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003
Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]: 18r
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18)
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003
Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003
Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): unable to get TLS client DN, error=49 id=1003
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 fd=18 TLS established tls_ssf=128 ssf=128
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]: 18r
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18)
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003
Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003
Oct 31 08:55:37 deepfield slapd[12862]: op tag 0x60, time 1351688137
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 do_bind
Oct 31 08:55:37 deepfield slapd[12862]: >>> dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net>
Oct 31 08:55:37 deepfield slapd[12862]: <<< dnPrettyNormal: <uid=flash,ou=people,ou=accounts,dc=example,dc=net>, <uid=flash,ou=people,ou=accounts,dc=example,dc=net>
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 BIND dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net" method=128
Oct 31 08:55:37 deepfield slapd[12862]: do_bind: version=3 dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net" method=128
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_get: ndn: "uid=flash,ou=people,ou=accounts,dc=example,dc=net"
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_get: oc: "(null)", at: "(null)"
Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("uid=flash,ou=people,ou=accounts,dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("uid=flash,ou=people,ou=accounts,dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x4
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode:
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_decode
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_get: found entry: "uid=flash,ou=people,ou=accounts,dc=example,dc=net"
Oct 31 08:55:37 deepfield slapd[12862]: mdb_entry_get: rc=0
Oct 31 08:55:37 deepfield slapd[12862]: str2filter "(uid=flash)"
Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter
Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY
Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0
Oct 31 08:55:37 deepfield slapd[12862]: Lock QC index = 0xb867e250
Oct 31 08:55:37 deepfield slapd[12862]: Base of added query = dc=example,dc=net
Oct 31 08:55:37 deepfield slapd[12862]: QUERY ANSWERABLE (answered 5 times)
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_search
Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("uid=flash,ou=people,ou=accounts,dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("uid=flash,ou=people,ou=accounts,dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x4
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode:
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_decode
Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access to "uid=flash,ou=people,ou=accounts,dc=example,dc=net" "entry" requested
Oct 31 08:55:37 deepfield slapd[12862]: <= root access granted
Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access granted by manage(=mwrscxd)
Oct 31 08:55:37 deepfield slapd[12862]: base_candidates: base: "uid=flash,ou=people,ou=accounts,dc=example,dc=net" (0x00000004)
Oct 31 08:55:37 deepfield slapd[12862]: => test_filter
Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY
Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access to "uid=flash,ou=people,ou=accounts,dc=example,dc=net" "uid" requested
Oct 31 08:55:37 deepfield slapd[12862]: <= root access granted
Oct 31 08:55:37 deepfield slapd[12862]: => access_allowed: search access granted by manage(=mwrscxd)
Oct 31 08:55:37 deepfield slapd[12862]: <= test_filter 6
Oct 31 08:55:37 deepfield slapd[12862]: pc_bind_search: cache is stale, reftime: 1351688135, current time: 1351688137
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: conn=1003 op=1 p=3
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text=""
Oct 31 08:55:37 deepfield slapd[12862]: =>ldap_back_getconn: conn=1003 op=1: lc=0xb38f9788 inserted refcnt=1 rc=0
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 BIND dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net" mech=SIMPLE ssf=0
Oct 31 08:55:37 deepfield slapd[12862]: do_bind: v3 bind: "uid=flash,ou=people,ou=accounts,dc=example,dc=net" to "uid=flash,ou=people,ou=accounts,dc=example,dc=net"
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: conn=1003 op=1 p=3
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text=""
Oct 31 08:55:37 deepfield slapd[12862]: pc_setpw: CACHING BIND for uid=flash,ou=people,ou=accounts,dc=example,dc=net
Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify: uid=flash,ou=people,ou=accounts,dc=example,dc=net
Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("uid=flash,ou=people,ou=accounts,dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("uid=flash,ou=people,ou=accounts,dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x4
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode:
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_decode
Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify_internal: 0x00000004: uid=flash,ou=people,ou=accounts,dc=example,dc=net
Oct 31 08:55:37 deepfield slapd[12862]: <= acl_access_allowed: granted to database root
Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify_internal: replace userPassword
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_encode(0x00000004): uid=flash,ou=people,ou=accounts,dc=example,dc=net
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_entry_encode(0x00000004): uid=flash,ou=people,ou=accounts,dc=example,dc=net
Oct 31 08:55:37 deepfield slapd[12862]: mdb_modify: updated id=00000004 dn="uid=flash,ou=people,ou=accounts,dc=example,dc=net"
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: conn=1003 op=1 p=3
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_result: err=0 matched="" text=""
Oct 31 08:55:37 deepfield slapd[12862]: send_ldap_response: msgid=2 tag=97 err=0
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=1 RESULT tag=97 err=0 text=
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]: 18r
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: read active on 18
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18)
Oct 31 08:55:37 deepfield slapd[12862]: connection_get(18): got connid=1003
Oct 31 08:55:37 deepfield slapd[12862]: connection_read(18): checking for input on id=1003
Oct 31 08:55:37 deepfield slapd[12862]: op tag 0x63, time 1351688137
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=2 do_search
Oct 31 08:55:37 deepfield slapd[12862]: >>> dnPrettyNormal: <dc=example,dc=net>
Oct 31 08:55:37 deepfield slapd[12862]: <<< dnPrettyNormal: <dc=example,dc=net>, <dc=example,dc=net>
Oct 31 08:55:37 deepfield slapd[12862]: SRCH "dc=example,dc=net" 2 0
Oct 31 08:55:37 deepfield slapd[12862]: 0 60 0
Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter
Oct 31 08:55:37 deepfield slapd[12862]: AND
Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter_list
Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter
Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on 1 descriptor
Oct 31 08:55:37 deepfield slapd[12862]: daemon: activity on:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0
Oct 31 08:55:37 deepfield slapd[12862]: begin get_filter
Oct 31 08:55:37 deepfield slapd[12862]: EQUALITY
Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0
Oct 31 08:55:37 deepfield slapd[12862]: end get_filter_list
Oct 31 08:55:37 deepfield slapd[12862]: end get_filter 0
Oct 31 08:55:37 deepfield slapd[12862]: filter: (&(objectClass=posixAccount)(uid=flash))
Oct 31 08:55:37 deepfield slapd[12862]: attrs:
Oct 31 08:55:37 deepfield slapd[12862]:
Oct 31 08:55:37 deepfield slapd[12862]: conn=1003 op=2 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=flash))"
Oct 31 08:55:37 deepfield slapd[12862]: ==> limits_get: conn=1003 op=2 self="uid=flash,ou=people,ou=accounts,dc=example,dc=net" this="dc=example,dc=net"
Oct 31 08:55:37 deepfield slapd[12862]: query template of incoming query = (&(objectClass=)(uid=))
Oct 31 08:55:37 deepfield slapd[12862]: Entering QC, querystr = (&(objectClass=posixAccount)(uid=flash))
Oct 31 08:55:37 deepfield slapd[12862]: Lock QC index = 0xb867e350
Oct 31 08:55:37 deepfield slapd[12862]: Base of added query = dc=example,dc=net
Oct 31 08:55:37 deepfield slapd[12862]: QUERY ANSWERABLE (answered 1 times)
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_search
Oct 31 08:55:37 deepfield slapd[12862]: mdb_dn2entry("dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_dn2id("dc=example,dc=net")
Oct 31 08:55:37 deepfield slapd[12862]: <= mdb_dn2id: got id=0x1
Oct 31 08:55:37 deepfield slapd[12862]: => mdb_entry_decode:
what am i doing wrong?
-ben
10 years, 2 months
Bind failing with "critical extension is unavailable" error when used with pagedresultscontrol
by Cannady, Mike
I have a program that works with Microsoft LDAP that I'm trying to get to work with openldap. The program is from a third-party and I have NO access to the code. I was able to duplicate the behavior with Perl code (testPaged.pl) later in this email.
The bind is to a domain that uses the BDB backend. If my test code ignores the error from bind, it does the paged results just fine. The problem is the third-party program stops if it sees the error in bind. I've captured network traffic to the Microsoft LDAP server and see that it generates NO error.
The version I'm running is: [root@radius1 openldap]# slapd -V
@(#) $OpenLDAP: slapd 2.4.23 (Jul 31 2012 10:47:00) $
mockbuild@x86-001.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
Is this a bug? I have the perl code, the debug run of the perl code, the slapd.d structure, dumps of the olcDatabase entries, and the results of "slapd -d -1" output.
##==============================================================testPaged.pl
[mcannady@vmHTCradius1 ldap]$ cat testPaged.pl
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
##################################
sub ProcessSearch {
my ( $msg, $result ) = @_;
## Nothing to do
return if ( ! defined($result) );
if ( $result->isa("Net::LDAP::Reference") ) {
## a reference... just mention it.
} else {
$result->dump( );
print "\n";
}
}
#####################################
$ldap = Net::LDAP->new( "radius1.pbx.htc.internal" );
$page = Net::LDAP::Control::Paged->new( size => 10 , critical => true );
$mesg = $ldap->bind( "uid=NuPoint,dc=htc,dc=com",
password => "XXXXXXX[redacted]XXXXXXXXXXX" ,
control => [ $page ]
);
if ( $mesg->code ) {
## print error
print "error on bind: ", $mesg->error(), "\n";
return;
}
@args = ( base => "cn=Users,dc=htc,dc=com",
scope => "subtree",
filter => "(objectClass=user)",
callback => \&ProcessSearch, # Call this sub for each entry
control => [ $page ],
);
my $cookie;
while(1) {
# Perform search
my $mesg = $ldap->search( @args );
# Only continue on LDAP_SUCCESS
$mesg->code and last;
# Get cookie from paged control
my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last;
$cookie = $resp->cookie or last;
# Set cookie in paged control
$page->cookie($cookie);
}
if ($cookie) {
# We had an abnormal exit, so let the server know we do not want any more
$page->cookie($cookie);
$page->size(0);
$ldap->search( @args );
}
[mcannady@vmHTCradius1 ldap]$
##================================================================ perl debug-mode test
[mcannady@vmHTCradius1 ldap]$ perl -d testPaged.pl
Loading DB routines from perl5db.pl version 1.32
Editor support available.
Enter h or `h h' for help, or `man perldebug' for more help.
main::(testPaged.pl:20): $ldap = Net::LDAP->new( "radius1.pbx.htc.internal" );
DB<1> n
main::(testPaged.pl:22): $page = Net::LDAP::Control::Paged->new( size => 10 , critical => true );
DB<1> n
main::(testPaged.pl:24): $mesg = $ldap->bind( "uid=NuPoint,dc=htc,dc=com",
main::(testPaged.pl:25): password => "XXXXXXXXX[redacted]XXXXXX" ,
main::(testPaged.pl:26): control => [ $page ]
main::(testPaged.pl:27): );
DB<1> n
main::(testPaged.pl:28): if ( $mesg->code ) {
DB<1> n
main::(testPaged.pl:30): print "error on bind: ", $mesg->error(), "\n";
DB<1> n
error on bind: critical extension is unavailable
main::(testPaged.pl:31): return;
##======================================================================================
[root@radius1 slapd.d]# find . -print
.
./cn=config.ldif
./cn=config
./cn=config/cn=include{1}.ldif
./cn=config/cn=schema
./cn=config/cn=schema/cn={1}cosine.ldif
./cn=config/cn=schema/cn={4}ad.ldif
./cn=config/cn=schema/cn={2}inetorgperson.ldif
./cn=config/cn=schema/cn={3}nis.ldif
./cn=config/cn=schema/cn={0}core.ldif
./cn=config/cn=include{3}.ldif
./cn=config/olcDatabase={1}bdb.ldif
./cn=config/olcDatabase={2}bdb.ldif
./cn=config/olcDatabase={0}config.ldif
./cn=config/cn=schema.ldif
./cn=config/cn=include{2}.ldif
./cn=config/cn=include{0}.ldif
./cn=config/olcDatabase={3}monitor.ldif
./cn=config/olcDatabase={-1}frontend.ldif
##=======================================================================================
======================================================== cat olcDatabase={0}config.ldif
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,cn=config
olcRootPW:: XXXredactedXXX
structuralObjectClass: olcDatabaseConfig
entryUUID: ac0d8a60-c861-1031-9bd4-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
======================================================== cat olcDatabase={1}bdb.ldif
dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=htc,dc=com
olcAccess: {0}to * by dn.base="uid=push-master,cn=nupointproxy,dc=internal" w
rite by * +0 break
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to dn.base="cn=subschema" by * read
olcAccess: {3}to dn.subtree="cn=monitor" by users read by * none
olcAccess: {4}to * by self write by * read
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootPW:: XXXXXXXXXXXXXXXXXXXXredactedXXXXXXXXXXXX
olcDbDirectory: /var/lib/ldap/htc.com
olcDbCacheSize: 150000
olcDbCheckpoint: 102400 1
olcDbConfig: {0}set_cachesize 0 268435465 1
olcDbConfig: {1}set_lg_bsize 2097152
olcDbConfig: {2}set_lg_regionmax 262144
olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE
olcDbNoSync: TRUE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 150000
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: ou pres,eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 384
olcDbSearchStack: 16
olcDbShmKey: 12321
olcDbCacheFree: 1
structuralObjectClass: olcBdbConfig
entryUUID: ac0da28e-c861-1031-9bd5-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
olcRootDN: uid=Manager,dc=htc,dc=com
olcUpdateDN: uid=Push-Master,cn=NupointProxy,dc=internal
entryCSN: 20121212180425.846656Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20121212180425Z
======================================================== cat olcDatabase={-1}frontend.ldif
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
structuralObjectClass: olcDatabaseConfig
entryUUID: ac0d771e-c861-1031-9bd3-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
olcTimeLimit: unlimited
olcSizeLimit: unlimited
entryCSN: 20121214201101.233668Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20121214201101Z
======================================================== cat olcDatabase={2}bdb.ldif
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=internal
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap/htc.internal
olcDbCacheSize: 1000
olcDbCheckpoint: 100 63
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 92ff370e-dcc9-1031-8a59-533cee5baf07
creatorsName: cn=config
createTimestamp: 20121217191324Z
entryCSN: 20121217191324.652465Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121217191324Z
======================================================== cat olcDatabase={3}monitor.ldif
dn: olcDatabase={3}monitor
objectClass: olcDatabaseConfig
olcDatabase: {3}monitor
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 54da1e50-d8df-1031-85bf-235d062b63b6
creatorsName: cn=config
createTimestamp: 20121212193904Z
entryCSN: 20121212193904.665758Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121212193904Z
========================================================
Script started on Tue 18 Dec 2012 01:56:28 PM EST
[root@radius1 openldap]# slapd -u ldap -d -1
@(#) $OpenLDAP: slapd 2.4.23 (Jul 31 2012 10:47:00) $
mockbuild@x86-001.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
ldap_pvt_gethostbyname_a: host=radius1.pbx.htc.internal, r=0
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 2 listeners opened
ldap_create
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.7.25: (March 5, 2012)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.7.25: (March 5, 2012)
null_back_initialize: initialize null backend
backend_startup_one: starting "cn=config"
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config.ldif"
=> str2entry: "dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/slapd.conf
olcConfigDir: /etc/openldap/slapd.d
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcTLSCACertificateFile: /etc/pki/tls/certs/ca-bundle.crt
olcTLSCertificateFile: /etc/pki/tls/certs/slapd.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.pem
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcLocalSSF: 71
olcLogLevel: Stats
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReplicationInterval: 0
olcReverseLookup: FALSE
olcSaslHost: htcRadius1.htc.internal
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: ac065c7c-c861-1031-9bc9-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
"
>>> dnPrettyNormal: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnPrettyNormal: <cn=config>, <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn=config) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
olcTLSCRLCheck: value #0: keyword <TLSCRLCheck> ignored
olcTLSCRLCheck: value #0: keyword <TLSCRLCheck> ignored
olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored)
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{0}.ldif"
=> str2entry: "dn: cn=include{0}
objectClass: olcIncludeFile
cn: include{0}
olcInclude: /etc/openldap/schema/core.schema
structuralObjectClass: olcIncludeFile
entryUUID: ac0c28d2-c861-1031-9bca-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
"
>>> dnPrettyNormal: <cn=include{0}>
=> ldap_bv2dn(cn=include{0},0)
<= ldap_bv2dn(cn=include{0})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{0})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{0})=0
<<< dnPrettyNormal: <cn=include{0}>, <cn=include{0}>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn=include{0}) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn=include{0},cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{1}.ldif"
=> str2entry: "dn: cn=include{1}
objectClass: olcIncludeFile
cn: include{1}
olcInclude: /etc/openldap/schema/cosine.schema
structuralObjectClass: olcIncludeFile
entryUUID: ac0c434e-c861-1031-9bcb-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
"
>>> dnPrettyNormal: <cn=include{1}>
=> ldap_bv2dn(cn=include{1},0)
<= ldap_bv2dn(cn=include{1})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{1})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{1})=0
<<< dnPrettyNormal: <cn=include{1}>, <cn=include{1}>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn=include{1}) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn=include{1},cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{2}.ldif"
=> str2entry: "dn: cn=include{2}
objectClass: olcIncludeFile
cn: include{2}
olcInclude: /etc/openldap/schema/inetorgperson.schema
structuralObjectClass: olcIncludeFile
entryUUID: ac0c54f6-c861-1031-9bcc-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
"
>>> dnPrettyNormal: <cn=include{2}>
=> ldap_bv2dn(cn=include{2},0)
<= ldap_bv2dn(cn=include{2})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{2})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{2})=0
<<< dnPrettyNormal: <cn=include{2}>, <cn=include{2}>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn=include{2}) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn=include{2},cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=include{3}.ldif"
=> str2entry: "dn: cn=include{3}
objectClass: olcIncludeFile
cn: include{3}
olcInclude: /etc/openldap/schema/nis.schema
structuralObjectClass: olcIncludeFile
entryUUID: ac0c6496-c861-1031-9bcd-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
"
>>> dnPrettyNormal: <cn=include{3}>
=> ldap_bv2dn(cn=include{3},0)
<= ldap_bv2dn(cn=include{3})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{3})=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=include{3})=0
<<< dnPrettyNormal: <cn=include{3}>, <cn=include{3}>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn=include{3}) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn=include{3},cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema.ldif"
=> str2entry: "dn: cn=schema
objectClass: olcSchemaConfig
cn: schema
olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.666.11.1
olcObjectIdentifier: OLcfgAt OLcfg:3
olcObjectIdentifier: OLcfgGlAt OLcfgAt:0
olcObjectIdentifier: OLcfgBkAt OLcfgAt:1
olcObjectIdentifier: OLcfgDbAt OLcfgAt:2
olcObjectIdentifier: OLcfgOvAt OLcfgAt:3
olcObjectIdentifier: OLcfgOc OLcfg:4
olcObjectIdentifier: OLcfgGlOc OLcfgOc:0
olcObjectIdentifier: OLcfgBkOc OLcfgOc:1
olcObjectIdentifier: OLcfgDbOc OLcfgOc:2
olcObjectIdentifier: OLcfgOvOc OLcfgOc:3
olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1
olcObjectIdentifier: OMsInteger OMsyn:27
olcObjectIdentifier: OMsBoolean OMsyn:7
olcObjectIdentifier: OMsDN OMsyn:12
olcObjectIdentifier: OMsDirectoryString OMsyn:15
olcObjectIdentifier: OMsOctetString OMsyn:40
olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes
of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.38 )
olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'X.500(93): st
ructural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1
.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpera
tion )
olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC2252: time which
object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr
deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFIC
ATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC2252: time which
object was last modified' EQUALITY generalizedTimeMatch ORDERING generalized
TimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-M
ODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC2252: name of creat
or' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING
LE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC2252: name of last
modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has ch
ildren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU
E NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC2252: name of
controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.
4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperat
ion )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.33 NAME 'entryDN' DESC 'DN of the
entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 S
INGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry'
EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VA
LUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change seq
uence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatc
h SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION US
AGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change s
equence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrder
ingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICA
TION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syn
crepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringO
rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFI
CATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the lar
gest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch
SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFI>>> dnPrettyNormal: <cn=schema>
=> ldap_bv2dn(cn=schema,0)
<= ldap_bv2dn(cn=schema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=schema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=schema)=0
<<< dnPrettyNormal: <cn=schema>, <cn=schema>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn=schema) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn=schema,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif"
=> str2entry: "dn: cn={0}core
objectClass: olcSchemaConfig
cn: {0}core
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno
wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15{32768} )
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
amily) name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb
er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-
3166 country 2-letter code' SUP name SINGLE-VALUE )
olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc
ality which this object resides in' SUP name )
olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2
256: state or province which this object resides in' SUP name )
olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225
6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS
ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256
: organization this object belongs to' SUP name )
olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC '
RFC2256: organizational unit this object belongs to' SUP name )
olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated
with the entity' SUP name )
olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui
de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin
ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a
ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code
' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.15{40} )
olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off
ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3
.6.1.4.1.1466.115.121.1.15{40} )
olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2
256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor
eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph
one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb
er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22
56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE
SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.22 )
olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr
ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.36{15} )
olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256
: international ISDN number' EQUALITY numericStringMatch SUBSTR numericString
SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi
stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
)
olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d
estination indicator' EQUALITY caseIgnoreMatch SUBSTR cas>>> dnPrettyNormal: <cn={0}core>
=> ldap_bv2dn(cn={0}core,0)
<= ldap_bv2dn(cn={0}core)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={0}core)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={0}core)=0
<<< dnPrettyNormal: <cn={0}core>, <cn={0}core>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn={0}core) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn={0}core,cn=schema,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif"
=> str2entry: "dn: cn={1}cosine
objectClass: olcSchemaConfig
cn: {1}cosine
olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.15{256} )
olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
.121.1.12 )
olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.50 )
olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.12 )
olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
1.3.6.1.4.1.1466.115.121.1.39 )
olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAM>>> dnPrettyNormal: <cn={1}cosine>
=> ldap_bv2dn(cn={1}cosine,0)
<= ldap_bv2dn(cn={1}cosine)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={1}cosine)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={1}cosine)=0
<<< dnPrettyNormal: <cn={1}cosine>, <cn={1}cosine>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn={1}cosine) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn={1}cosine,cn=schema,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif"
=> str2entry: "dn: cn={2}inetorgperson
objectClass: olcSchemaConfig
cn: {2}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
NGLE-VALUE )
olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
C2798: numerically identifies an employee within an organization' EQUALITY ca
seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15 SINGLE-VALUE )
olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
15 SINGLE-VALUE )
olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
66.115.121.1.5 )
olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.5 )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
$ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
structuralObjectClass: olcSchemaConfig
entryUUID: ac0d4294-c861-1031-9bd1-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
"
>>> dnPrettyNormal: <cn={2}inetorgperson>
=> ldap_bv2dn(cn={2}inetorgperson,0)
<= ldap_bv2dn(cn={2}inetorgperson)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={2}inetorgperson)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={2}inetorgperson)=0
<<< dnPrettyNormal: <cn={2}inetorgperson>, <cn={2}inetorgperson>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn={2}inetorgperson) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn={2}inetorgperson,cn=schema,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={3}nis.ldif"
=> str2entry: "dn: cn={3}nis
objectClass: olcSchemaConfig
cn: {3}nis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
6 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26{1024} SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
ttributes for shadow passwords'>>> dnPrettyNormal: <cn={3}nis>
=> ldap_bv2dn(cn={3}nis,0)
<= ldap_bv2dn(cn={3}nis)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={3}nis)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={3}nis)=0
<<< dnPrettyNormal: <cn={3}nis>, <cn={3}nis>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn={3}nis) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn={3}nis,cn=schema,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={4}ad.ldif"
=> str2entry: "dn: cn={4}AD
objectClass: olcSchemaConfig
cn: {4}AD
olcAttributeTypes: {0}( 1.2.840.113556.1.2.447 NAME 'mailNickname' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.2.840.113556.1.4.782 NAME 'objectCategory' SYNTA
X 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: {0}( 1.2.840.113556.1.5.9 NAME 'user' SUP organizational
Person STRUCTURAL MAY ( objectCategory $ mailNickname $ sAMAccountName $ di
splayName $ mail ) )
olcObjectClasses: {1}( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRU
CTURAL MUST cn )
structuralObjectClass: olcSchemaConfig
entryUUID: 6feaa26c-cf6d-1031-986d-79eaa697be5e
creatorsName: cn=config
createTimestamp: 20121130191106Z
entryCSN: 20121130191106Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121130191106Z
"
>>> dnPrettyNormal: <cn={4}AD>
=> ldap_bv2dn(cn={4}AD,0)
<= ldap_bv2dn(cn={4}AD)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={4}AD)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn={4}ad)=0
<<< dnPrettyNormal: <cn={4}AD>, <cn={4}ad>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(cn={4}AD) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "cn={4}AD,cn=schema,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif"
=> str2entry: "dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
structuralObjectClass: olcDatabaseConfig
entryUUID: ac0d771e-c861-1031-9bd3-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
olcTimeLimit: unlimited
olcSizeLimit: unlimited
entryCSN: 20121214201101.233668Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20121214201101Z
"
>>> dnPrettyNormal: <olcDatabase={-1}frontend>
=> ldap_bv2dn(olcDatabase={-1}frontend,0)
<= ldap_bv2dn(olcDatabase={-1}frontend)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={-1}frontend)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={-1}frontend)=0
<<< dnPrettyNormal: <olcDatabase={-1}frontend>, <olcDatabase={-1}frontend>
>>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnNormalize: <cn=subschema>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnNormalize: <cn=admin,cn=config>
<= str2entry(olcDatabase={-1}frontend) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "olcDatabase={-1}frontend,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
>>> dnPrettyNormal: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
>>> dnPrettyNormal: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
=> str2entry: "dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,cn=config
olcRootPW:: Y29uZmln
structuralObjectClass: olcDatabaseConfig
entryUUID: ac0d8a60-c861-1031-9bd4-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
entryCSN: 20121121195915Z#000000#00#000000
modifiersName: cn=config
modifyTimestamp: 20121121195915Z
"
>>> dnPrettyNormal: <olcDatabase={0}config>
=> ldap_bv2dn(olcDatabase={0}config,0)
<= ldap_bv2dn(olcDatabase={0}config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={0}config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={0}config)=0
<<< dnPrettyNormal: <olcDatabase={0}config>, <olcDatabase={0}config>
>>> dnNormalize: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnNormalize: <cn=admin,cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(olcDatabase={0}config) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "olcDatabase={0}config,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
>>> dnPrettyNormal: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config>
>>> dnPrettyNormal: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config>
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif"
=> str2entry: "dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=htc,dc=com
olcAccess: {0}to * by dn.base="uid=push-master,cn=nupointproxy,dc=internal" w
rite by * +0 break
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to dn.base="cn=subschema" by * read
olcAccess: {3}to dn.subtree="cn=monitor" by users read by * none
olcAccess: {4}to * by self write by * read
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootPW:: e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9
olcDbDirectory: /var/lib/ldap/htc.com
olcDbCacheSize: 150000
olcDbCheckpoint: 102400 1
olcDbConfig: {0}set_cachesize 0 268435465 1
olcDbConfig: {1}set_lg_bsize 2097152
olcDbConfig: {2}set_lg_regionmax 262144
olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE
olcDbNoSync: TRUE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 150000
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: ou pres,eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 384
olcDbSearchStack: 16
olcDbShmKey: 12321
olcDbCacheFree: 1
structuralObjectClass: olcBdbConfig
entryUUID: ac0da28e-c861-1031-9bd5-5591ba7dfe32
creatorsName: cn=config
createTimestamp: 20121121195915Z
olcRootDN: uid=Manager,dc=htc,dc=com
olcUpdateDN: uid=Push-Master,cn=NupointProxy,dc=internal
entryCSN: 20121212180425.846656Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20121212180425Z
"
>>> dnPrettyNormal: <olcDatabase={1}bdb>
=> ldap_bv2dn(olcDatabase={1}bdb,0)
<= ldap_bv2dn(olcDatabase={1}bdb)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={1}bdb)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={1}bdb)=0
<<< dnPrettyNormal: <olcDatabase={1}bdb>, <olcDatabase={1}bdb>
>>> dnNormalize: <dc=htc,dc=com>
=> ldap_bv2dn(dc=htc,dc=com,0)
<= ldap_bv2dn(dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=htc,dc=com)=0
<<< dnNormalize: <dc=htc,dc=com>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <uid=Manager,dc=htc,dc=com>
=> ldap_bv2dn(uid=Manager,dc=htc,dc=com,0)
<= ldap_bv2dn(uid=Manager,dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=manager,dc=htc,dc=com)=0
<<< dnNormalize: <uid=manager,dc=htc,dc=com>
>>> dnNormalize: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnNormalize: <cn=admin,cn=config>
<= str2entry(olcDatabase={1}bdb) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "olcDatabase={1}bdb,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
>>> dnPrettyNormal: <dc=htc,dc=com>
=> ldap_bv2dn(dc=htc,dc=com,0)
<= ldap_bv2dn(dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=htc,dc=com)=0
<<< dnPrettyNormal: <dc=htc,dc=com>, <dc=htc,dc=com>
>>> dnPrettyNormal: <uid=Manager,dc=htc,dc=com>
=> ldap_bv2dn(uid=Manager,dc=htc,dc=com,0)
<= ldap_bv2dn(uid=Manager,dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=Manager,dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=manager,dc=htc,dc=com)=0
<<< dnPrettyNormal: <uid=Manager,dc=htc,dc=com>, <uid=manager,dc=htc,dc=com>
>>> dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal>
=> ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal,0)
<= ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=Push-Master,cn=NupointProxy,dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=push-master,cn=nupointproxy,dc=internal)=0
<<< dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal>, <uid=push-master,cn=nupointproxy,dc=internal>
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=htc,dc=com>
=> ldap_bv2dn(dc=htc,dc=com,0)
<= ldap_bv2dn(dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=htc,dc=com)=0
<<< dnPrettyNormal: <dc=htc,dc=com>, <dc=htc,dc=com>
>>> dnNormalize: <uid=push-master,cn=nupointproxy,dc=internal>
=> ldap_bv2dn(uid=push-master,cn=nupointproxy,dc=internal,0)
<= ldap_bv2dn(uid=push-master,cn=nupointproxy,dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=push-master,cn=nupointproxy,dc=internal)=0
<<< dnNormalize: <uid=push-master,cn=nupointproxy,dc=internal>
Backend ACL: access to *
by dn.base="uid=push-master,cn=nupointproxy,dc=internal" write
by * +0 break
/etc/openldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context
>>> dnNormalize: <>
<<< dnNormalize: <>
Backend ACL: access to dn.base=""
by * read
/etc/openldap/slapd.d: line 1: warning: ACL appears to be out of scope within backend naming context
>>> dnNormalize: <cn=subschema>
=> ldap_bv2dn(cn=subschema,0)
<= ldap_bv2dn(cn=subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnNormalize: <cn=subschema>
Backend ACL: access to dn.base="cn=subschema"
by * read
/etc/openldap/slapd.d: line 1: warning: ACL appears to be out of scope within backend naming context
>>> dnNormalize: <cn=monitor>
=> ldap_bv2dn(cn=monitor,0)
<= ldap_bv2dn(cn=monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=monitor)=0
<<< dnNormalize: <cn=monitor>
Backend ACL: access to dn.subtree="cn=monitor"
by users read
by * none
/etc/openldap/slapd.d: line 1: warning: ACL appears to be out of scope within backend naming context
Backend ACL: access to *
by self write
by * read
/etc/openldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context
>>> dnPrettyNormal: <uid=Manager,dc=htc,dc=com>
=> ldap_bv2dn(uid=Manager,dc=htc,dc=com,0)
<= ldap_bv2dn(uid=Manager,dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=Manager,dc=htc,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=manager,dc=htc,dc=com)=0
<<< dnPrettyNormal: <uid=Manager,dc=htc,dc=com>, <uid=manager,dc=htc,dc=com>
>>> dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal>
=> ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal,0)
<= ldap_bv2dn(uid=Push-Master,cn=NupointProxy,dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=Push-Master,cn=NupointProxy,dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=push-master,cn=nupointproxy,dc=internal)=0
<<< dnPrettyNormal: <uid=Push-Master,cn=NupointProxy,dc=internal>, <uid=push-master,cn=nupointproxy,dc=internal>
index objectClass 0x0006
index cn 0x0716
index ou 0x0716
index mail 0x0716
index sn 0x0716
index givenName 0x0716
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif"
=> str2entry: "dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=internal
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap/htc.internal
olcDbCacheSize: 1000
olcDbCheckpoint: 100 63
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 92ff370e-dcc9-1031-8a59-533cee5baf07
creatorsName: cn=config
createTimestamp: 20121217191324Z
entryCSN: 20121217191324.652465Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121217191324Z
"
>>> dnPrettyNormal: <olcDatabase={2}bdb>
=> ldap_bv2dn(olcDatabase={2}bdb,0)
<= ldap_bv2dn(olcDatabase={2}bdb)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={2}bdb)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={2}bdb)=0
<<< dnPrettyNormal: <olcDatabase={2}bdb>, <olcDatabase={2}bdb>
>>> dnNormalize: <dc=internal>
=> ldap_bv2dn(dc=internal,0)
<= ldap_bv2dn(dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=internal)=0
<<< dnNormalize: <dc=internal>
>>> dnNormalize: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnNormalize: <cn=admin,cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(olcDatabase={2}bdb) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "olcDatabase={2}bdb,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
>>> dnPrettyNormal: <dc=internal>
=> ldap_bv2dn(dc=internal,0)
<= ldap_bv2dn(dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=internal)=0
<<< dnPrettyNormal: <dc=internal>, <dc=internal>
>>> dnPrettyNormal: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config>
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=internal>
=> ldap_bv2dn(dc=internal,0)
<= ldap_bv2dn(dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=internal)=0
<<< dnPrettyNormal: <dc=internal>, <dc=internal>
>>> dnPrettyNormal: <cn=admin,cn=config>
=> ldap_bv2dn(cn=admin,cn=config,0)
<= ldap_bv2dn(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=config)=0
<<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config>
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={3}monitor.ldif"
=> str2entry: "dn: olcDatabase={3}monitor
objectClass: olcDatabaseConfig
olcDatabase: {3}monitor
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 54da1e50-d8df-1031-85bf-235d062b63b6
creatorsName: cn=config
createTimestamp: 20121212193904Z
entryCSN: 20121212193904.665758Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121212193904Z
"
>>> dnPrettyNormal: <olcDatabase={3}monitor>
=> ldap_bv2dn(olcDatabase={3}monitor,0)
<= ldap_bv2dn(olcDatabase={3}monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={3}monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(olcDatabase={3}monitor)=0
<<< dnPrettyNormal: <olcDatabase={3}monitor>, <olcDatabase={3}monitor>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
<<< dnNormalize: <cn=config>
<= str2entry(olcDatabase={3}monitor) -> 0x7fcb0f61d108
=> test_filter
PRESENT
=> access_allowed: search access to "olcDatabase={3}monitor,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
<= test_filter 6
>>> dnPrettyNormal: <cn=Monitor>
=> ldap_bv2dn(cn=Monitor,0)
<= ldap_bv2dn(cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=monitor)=0
<<< dnPrettyNormal: <cn=Monitor>, <cn=monitor>
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=0 matched="" text=""
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
2.5.13.39 (certificateListMatch): 2.5.13.38 (certificateListExactMatch): matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) )
2.5.13.35 (certificateMatch): 2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) )
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $ olcDbNoUndefFilter ) )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName $ mailNickname $ sAMAccountName ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName $ mailNickname $ sAMAccountName ) )
1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcRelay $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect $ objectCategory ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
Backend ACL: access to *
by * none
config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
backend_startup_one: starting "dc=htc,dc=com"
bdb_db_open: "dc=htc,dc=com"
bdb_db_open: database "dc=htc,dc=com": dbenv_open(/var/lib/ldap/htc.com).
backend_startup_one: starting "dc=internal"
bdb_db_open: "dc=internal"
bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap/htc.internal: (2).
Expect poor performance for suffix "dc=internal".
bdb_db_open: database "dc=internal": dbenv_open(/var/lib/ldap/htc.internal).
backend_startup_one: starting "cn=Monitor"
>>> dnNormalize: <cn=Monitor>
<<< dnNormalize: <cn=monitor>
>>> dnPretty: <cn=Backends>
=> ldap_bv2dn(cn=Backends,0)
<= ldap_bv2dn(cn=Backends)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Backends)=0
<<< dnPretty: <cn=Backends>
>>> dnNormalize: <cn=Backends>
<<< dnNormalize: <cn=backends>
>>> dnPretty: <cn=Connections>
=> ldap_bv2dn(cn=Connections,0)
<= ldap_bv2dn(cn=Connections)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Connections)=0
<<< dnPretty: <cn=Connections>
>>> dnNormalize: <cn=Connections>
<<< dnNormalize: <cn=connections>
>>> dnPretty: <cn=Databases>
=> ldap_bv2dn(cn=Databases,0)
<= ldap_bv2dn(cn=Databases)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Databases)=0
<<< dnPretty: <cn=Databases>
>>> dnNormalize: <cn=Databases>
<<< dnNormalize: <cn=databases>
>>> dnPretty: <cn=Listeners>
=> ldap_bv2dn(cn=Listeners,0)
<= ldap_bv2dn(cn=Listeners)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Listeners)=0
<<< dnPretty: <cn=Listeners>
>>> dnNormalize: <cn=Listeners>
<<< dnNormalize: <cn=listeners>
>>> dnPretty: <cn=Log>
=> ldap_bv2dn(cn=Log,0)
<= ldap_bv2dn(cn=Log)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Log)=0
<<< dnPretty: <cn=Log>
>>> dnNormalize: <cn=Log>
<<< dnNormalize: <cn=log>
>>> dnPretty: <cn=Operations>
=> ldap_bv2dn(cn=Operations,0)
<= ldap_bv2dn(cn=Operations)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Operations)=0
<<< dnPretty: <cn=Operations>
>>> dnNormalize: <cn=Operations>
<<< dnNormalize: <cn=operations>
>>> dnPretty: <cn=Overlays>
=> ldap_bv2dn(cn=Overlays,0)
<= ldap_bv2dn(cn=Overlays)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Overlays)=0
<<< dnPretty: <cn=Overlays>
>>> dnNormalize: <cn=Overlays>
<<< dnNormalize: <cn=overlays>
>>> dnPretty: <cn=SASL>
=> ldap_bv2dn(cn=SASL,0)
<= ldap_bv2dn(cn=SASL)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=SASL)=0
<<< dnPretty: <cn=SASL>
>>> dnNormalize: <cn=SASL>
<<< dnNormalize: <cn=sasl>
>>> dnPretty: <cn=Statistics>
=> ldap_bv2dn(cn=Statistics,0)
<= ldap_bv2dn(cn=Statistics)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Statistics)=0
<<< dnPretty: <cn=Statistics>
>>> dnNormalize: <cn=Statistics>
<<< dnNormalize: <cn=statistics>
>>> dnPretty: <cn=Threads>
=> ldap_bv2dn(cn=Threads,0)
<= ldap_bv2dn(cn=Threads)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Threads)=0
<<< dnPretty: <cn=Threads>
>>> dnNormalize: <cn=Threads>
<<< dnNormalize: <cn=threads>
>>> dnPretty: <cn=Time>
=> ldap_bv2dn(cn=Time,0)
<= ldap_bv2dn(cn=Time)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Time)=0
<<< dnPretty: <cn=Time>
>>> dnNormalize: <cn=Time>
<<< dnNormalize: <cn=time>
>>> dnPretty: <cn=TLS>
=> ldap_bv2dn(cn=TLS,0)
<= ldap_bv2dn(cn=TLS)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=TLS)=0
<<< dnPretty: <cn=TLS>
>>> dnNormalize: <cn=TLS>
<<< dnNormalize: <cn=tls>
>>> dnPretty: <cn=Waiters>
=> ldap_bv2dn(cn=Waiters,0)
<= ldap_bv2dn(cn=Waiters)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Waiters)=0
<<< dnPretty: <cn=Waiters>
>>> dnNormalize: <cn=Waiters>
<<< dnNormalize: <cn=waiters>
>>> dnNormalize: <cn=Backend 0>
<<< dnNormalize: <cn=backend 0>
>>> dnNormalize: <cn=Database 0,cn=Databases,cn=Monitor>
=> ldap_bv2dn(cn=Database 0,cn=Databases,cn=Monitor,0)
<= ldap_bv2dn(cn=Database 0,cn=Databases,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=database 0,cn=databases,cn=monitor)=0
<<< dnNormalize: <cn=database 0,cn=databases,cn=monitor>
>>> dnNormalize: <cn=Backend 1>
<<< dnNormalize: <cn=backend 1>
>>> dnNormalize: <cn=Backend 2>
<<< dnNormalize: <cn=backend 2>
>>> dnNormalize: <cn=Database 3,cn=Databases,cn=Monitor>
=> ldap_bv2dn(cn=Database 3,cn=Databases,cn=Monitor,0)
<= ldap_bv2dn(cn=Database 3,cn=Databases,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=database 3,cn=databases,cn=monitor)=0
<<< dnNormalize: <cn=database 3,cn=databases,cn=monitor>
>>> dnNormalize: <cn=Backend 3>
<<< dnNormalize: <cn=backend 3>
>>> dnNormalize: <cn=Database 1,cn=Databases,cn=Monitor>
=> ldap_bv2dn(cn=Database 1,cn=Databases,cn=Monitor,0)
<= ldap_bv2dn(cn=Database 1,cn=Databases,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=database 1,cn=databases,cn=monitor)=0
<<< dnNormalize: <cn=database 1,cn=databases,cn=monitor>
>>> dnNormalize: <cn=Database 2,cn=Databases,cn=Monitor>
=> ldap_bv2dn(cn=Database 2,cn=Databases,cn=Monitor,0)
<= ldap_bv2dn(cn=Database 2,cn=Databases,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=database 2,cn=databases,cn=monitor)=0
<<< dnNormalize: <cn=database 2,cn=databases,cn=monitor>
>>> dnNormalize: <cn=Backend 4>
<<< dnNormalize: <cn=backend 4>
>>> dnNormalize: <cn=Backend 5>
<<< dnNormalize: <cn=backend 5>
>>> dnNormalize: <cn=Backend 6>
<<< dnNormalize: <cn=backend 6>
>>> dnNormalize: <cn=Backend 7>
<<< dnNormalize: <cn=backend 7>
>>> dnNormalize: <cn=Backend 8>
<<< dnNormalize: <cn=backend 8>
>>> dnNormalize: <cn=Backend 9>
<<< dnNormalize: <cn=backend 9>
>>> dnNormalize: <cn=Backend 10>
<<< dnNormalize: <cn=backend 10>
>>> dnNormalize: <cn=Backend 11>
<<< dnNormalize: <cn=backend 11>
>>> dnNormalize: <cn=Max File Descriptors>
<<< dnNormalize: <cn=max file descriptors>
>>> dnNormalize: <cn=Total>
<<< dnNormalize: <cn=total>
>>> dnNormalize: <cn=Current>
<<< dnNormalize: <cn=current>
>>> dnNormalize: <cn=Frontend>
<<< dnNormalize: <cn=frontend>
>>> dnNormalize: <cn=Database 0>
<<< dnNormalize: <cn=database 0>
>>> dnNormalize: <cn=Backend 0,cn=Backends,cn=Monitor>
=> ldap_bv2dn(cn=Backend 0,cn=Backends,cn=Monitor,0)
<= ldap_bv2dn(cn=Backend 0,cn=Backends,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=backend 0,cn=backends,cn=monitor)=0
<<< dnNormalize: <cn=backend 0,cn=backends,cn=monitor>
>>> dnNormalize: <cn=Database 1>
<<< dnNormalize: <cn=database 1>
>>> dnNormalize: <cn=Backend 3,cn=Backends,cn=Monitor>
=> ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor,0)
<= ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=backend 3,cn=backends,cn=monitor)=0
<<< dnNormalize: <cn=backend 3,cn=backends,cn=monitor>
>>> dnNormalize: <cn=Database 2>
<<< dnNormalize: <cn=database 2>
>>> dnNormalize: <cn=Backend 3,cn=Backends,cn=Monitor>
=> ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor,0)
<= ldap_bv2dn(cn=Backend 3,cn=Backends,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=backend 3,cn=backends,cn=monitor)=0
<<< dnNormalize: <cn=backend 3,cn=backends,cn=monitor>
>>> dnNormalize: <cn=Database 3>
<<< dnNormalize: <cn=database 3>
>>> dnNormalize: <cn=Backend 2,cn=Backends,cn=Monitor>
=> ldap_bv2dn(cn=Backend 2,cn=Backends,cn=Monitor,0)
<= ldap_bv2dn(cn=Backend 2,cn=Backends,cn=Monitor)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=backend 2,cn=backends,cn=monitor)=0
<<< dnNormalize: <cn=backend 2,cn=backends,cn=monitor>
>>> dnNormalize: <cn=Listener 0>
<<< dnNormalize: <cn=listener 0>
>>> dnNormalize: <cn=Listener 1>
<<< dnNormalize: <cn=listener 1>
>>> dnNormalize: <cn=Bind>
<<< dnNormalize: <cn=bind>
>>> dnNormalize: <cn=Unbind>
<<< dnNormalize: <cn=unbind>
>>> dnNormalize: <cn=Search>
<<< dnNormalize: <cn=search>
>>> dnNormalize: <cn=Compare>
<<< dnNormalize: <cn=compare>
>>> dnNormalize: <cn=Modify>
<<< dnNormalize: <cn=modify>
>>> dnNormalize: <cn=Modrdn>
<<< dnNormalize: <cn=modrdn>
>>> dnNormalize: <cn=Add>
<<< dnNormalize: <cn=add>
>>> dnNormalize: <cn=Delete>
<<< dnNormalize: <cn=delete>
>>> dnNormalize: <cn=Abandon>
<<< dnNormalize: <cn=abandon>
>>> dnNormalize: <cn=Extended>
<<< dnNormalize: <cn=extended>
>>> dnNormalize: <cn=Overlay 0>
<<< dnNormalize: <cn=overlay 0>
>>> dnNormalize: <cn=Overlay 1>
<<< dnNormalize: <cn=overlay 1>
>>> dnNormalize: <cn=Overlay 2>
<<< dnNormalize: <cn=overlay 2>
>>> dnNormalize: <cn=Overlay 3>
<<< dnNormalize: <cn=overlay 3>
>>> dnNormalize: <cn=Bytes>
<<< dnNormalize: <cn=bytes>
>>> dnNormalize: <cn=PDU>
<<< dnNormalize: <cn=pdu>
>>> dnNormalize: <cn=Entries>
<<< dnNormalize: <cn=entries>
>>> dnNormalize: <cn=Referrals>
<<< dnNormalize: <cn=referrals>
>>> dnNormalize: <cn=Max>
<<< dnNormalize: <cn=max>
>>> dnNormalize: <cn=Max Pending>
<<< dnNormalize: <cn=max pending>
>>> dnNormalize: <cn=Open>
<<< dnNormalize: <cn=open>
>>> dnNormalize: <cn=Starting>
<<< dnNormalize: <cn=starting>
>>> dnNormalize: <cn=Active>
<<< dnNormalize: <cn=active>
>>> dnNormalize: <cn=Pending>
<<< dnNormalize: <cn=pending>
>>> dnNormalize: <cn=Backload>
<<< dnNormalize: <cn=backload>
>>> dnNormalize: <cn=State>
<<< dnNormalize: <cn=state>
>>> dnNormalize: <cn=Runqueue>
<<< dnNormalize: <cn=runqueue>
>>> dnNormalize: <cn=Tasklist>
<<< dnNormalize: <cn=tasklist>
>>> dnNormalize: <cn=Start>
<<< dnNormalize: <cn=start>
>>> dnNormalize: <cn=Current>
<<< dnNormalize: <cn=current>
>>> dnNormalize: <cn=Uptime>
<<< dnNormalize: <cn=uptime>
>>> dnNormalize: <cn=Read>
<<< dnNormalize: <cn=read>
>>> dnNormalize: <cn=Write>
<<< dnNormalize: <cn=write>
slapd starting
daemon: added 4r listener=(nil)
daemon: added 7r listener=0x7fcb0f5bc2d0
daemon: added 8r listener=0x7fcb0f5bc390
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(7):
daemon: epoll: listen=7 busy
daemon: epoll: listen=8 active_threads=0 tvp=zero
>>> slap_listener(ldap:///)
daemon: activity on 1 descriptor
daemon: activity on:daemon: listen=7, new connection on 16
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: added 16r (active) listener=(nil)
conn=1000 fd=16 ACCEPT from IP=172.24.10.201:23867 (IP=0.0.0.0:389)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(16)
connection_get(16): got connid=1000
connection_read(16): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 30 60 02 01 01 60 33 02 0`...`3.
ldap_read: want=90, got=90
0000: 01 03 04 19 75 69 64 3d 4e 75 50 6f 69 6e 74 2c ....uid=NuPoint,
0010: 64 63 3d 68 74 63 2c 64 63 3d 63 6f 6d 80 13 64 dc=htc,dc=com..d
0020: 65 63 20 31 33 20 32 30 31 32 20 63 72 65 61 74 ec 13 2012 creat
0030: 65 64 a0 26 30 24 04 16 31 2e 32 2e 38 34 30 2e ed.&0$..1.2.840.
0040: 31 31 33 35 35 36 2e 31 2e 34 2e 33 31 39 01 01 113556.1.4.319..
0050: ff 04 07 30 05 02 01 0a 04 00 ...0......
ber_get_next: tag 0x30 len 96 contents:
ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000920 end=0x7fcad8000980 len=96
0000: 02 01 01 60 33 02 01 03 04 19 75 69 64 3d 4e 75 ...`3.....uid=Nu
0010: 50 6f 69 6e 74 2c 64 63 3d 68 74 63 2c 64 63 3d Point,dc=htc,dc=
0020: 63 6f 6d 80 13 64 65 63 20 31 33 20 32 30 31 32 com..dec 13 2012
0030: 20 63 72 65 61 74 65 64 a0 26 30 24 04 16 31 2e created.&0$..1.
0040: 32 2e 38 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2.840.113556.1.4
0050: 2e 33 31 39 01 01 ff 04 07 30 05 02 01 0a 04 00 .319.....0......
op tag 0x60, time 1355857467
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
conn=1000 op=0 do_bind
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000923 end=0x7fcad8000980 len=93
0000: 60 33 02 01 03 04 19 75 69 64 3d 4e 75 50 6f 69 `3.....uid=NuPoi
0010: 6e 74 2c 64 63 3d 68 74 63 2c 64 63 3d 63 6f 6d nt,dc=htc,dc=com
0020: 80 13 64 65 63 20 31 33 20 32 30 31 32 20 63 72 ..dec 13 2012 cr
0030: 65 61 74 65 64 a0 26 30 24 04 16 31 2e 32 2e 38 eated.&0$..1.2.8
0040: 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 33 31 40.113556.1.4.31
0050: 39 01 01 ff 04 07 30 05 02 01 0a 04 00 9.....0......
ber_scanf fmt (m}) ber:
ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000943 end=0x7fcad8000980 len=61
0000: 00 13 64 65 63 20 31 33 20 32 30 31 32 20 63 72 ..dec 13 2012 cr
0010: 65 61 74 65 64 a0 26 30 24 04 16 31 2e 32 2e 38 eated.&0$..1.2.8
0020: 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 33 31 40.113556.1.4.31
0030: 39 01 01 ff 04 07 30 05 02 01 0a 04 00 9.....0......
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=0x7fcad8000920 ptr=0x7fcad800095a end=0x7fcad8000980 len=38
0000: 30 24 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 0$..1.2.840.1135
0010: 35 36 2e 31 2e 34 2e 33 31 39 01 01 ff 04 07 30 56.1.4.319.....0
0020: 05 02 01 0a 04 00 ......
ber_scanf fmt (b) ber:
ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000974 end=0x7fcad8000980 len=12
0000: 00 01 ff 04 07 30 05 02 01 0a 04 00 .....0......
ber_scanf fmt (m) ber:
ber_dump: buf=0x7fcad8000920 ptr=0x7fcad8000977 end=0x7fcad8000980 len=9
0000: 04 07 30 05 02 01 0a 04 00 ..0......
=> get_ctrls: oid="1.2.840.113556.1.4.319" (critical)
<= get_ctrls: n=1 rc=12 err="critical extension is unavailable"
send_ldap_result: conn=1000 op=0 p=3
send_ldap_result: err=12 matched="" text="critical extension is unavailable"
send_ldap_response: msgid=1 tag=97 err=12
ber_flush2: 47 bytes to sd 16
0000: 30 2d 02 01 01 61 28 0a 01 0c 04 00 04 21 63 72 0-...a(......!cr
0010: 69 74 69 63 61 6c 20 65 78 74 65 6e 73 69 6f 6e itical extension
0020: 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 is unavailable
ldap_write: want=47, written=47
0000: 30 2d 02 01 01 61 28 0a 01 0c 04 00 04 21 63 72 0-...a(......!cr
0010: 69 74 69 63 61 6c 20 65 78 74 65 6e 73 69 6f 6e itical extension
0020: 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 is unavailable
conn=1000 op=0 RESULT tag=97 err=12 text=critical extension is unavailable
conn=1000 op=0 do_bind: get_ctrls failed
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 16r
daemon: read active on 16
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(16)
connection_get(16): got connid=1000
connection_read(16): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 16 failed errno=0 (Success)
connection_read(16): input error=-2 id=1000, closing.
connection_closing: readying conn=1000 sd=16 for close
connection_close: conn=1000 sd=16
daemon: activity on 1 descriptor
daemon: activity on:
daemon: removing 16
conn=1000 fd=16 closed (connection lost)
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
^Cdaemon: shutdown requested and initiated.
daemon: closing 7
daemon: closing 8
slapd shutdown: waiting for 0 operations/tasks to finish
slapd shutdown: initiated
====> bdb_cache_release_all
====> bdb_cache_release_all
slapd destroy: freeing system resources.
slapd stopped.
[root@radius1 openldap]# exit
exit
Script done on Tue 18 Dec 2012 03:06:10 PM EST
**********************************************************************
HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
**********************************************************************
10 years, 5 months
Forcing TLS, but keep working SASL authentication
by Wiebe Cazemier
Hi,
I want to force SSL on my OpenLDAP server (2.4.21-0ubuntu5.7, Ubuntu 10.04 LTS), but then the SASL authentication breaks.
I did this to enable tls-only:
# feed to ldapmodify
dn: cn=config
changetype: modify
add: olcSecurity
olcSecurity: tls=1
But, then I can't use "-Y EXTERNAL" anymore, because it then demands a TLS connection. When I enable TLS (-ZZ) on tools like ldapmodify and use ldap://hostname/ and bind with my rootDN (admin user), it doesn't work (insufficient access (50)). I guess it needs the socket to know I'm root.
Inspecting all DB's with "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config", it appears the config DB's have an olcAccess rule like:
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
gid and uid = 0, so I guess it's the system's root account.
I tried adding an olcRootDN and olcRootPW to olcDatabase={0}config,cn=config so that I could modify the cn=config, but adding them gave an error: "<olcRootPW> can only be set when rootdn is under suffix". When I tried adding olcSuffix to "dc=domain,dc=tld", it said: "<olcSuffix> handler exited with 1". I also tried specifying a olcRootDN only (no olcRootPW) (like cn=admin,dc=domain,dc=tld) and then add that user to "dc=domain,dc=tld", but it didn't work. Unfortunately, I don't remember what went wrong.
So, is there a way to enforce TLS but still use the SASL authentication?
Any help is appreciated.
Thanks in advance,
Wiebe Cazemier
10 years, 5 months
sasl Kerberos authentication with subordinate
by Wu, James C.
Hi,
I am trying to set up an OpenLDAP and Kerberos authentication for testing purpose. The setup contains a pair of internal ldap server and Kerberos server and the pair of external ldap server and Kerberos server.
I made the tree of the internal ldap server to be a subordinate of the external server and enabled the saslauthd for authentication on both the internal and the external ldap server to the respective Kerberos server.
I have tested that the LDAP authentication through saslauthd using Kerberos works well on both the internal ldap and Kerberos pair and the external ldap Kerberos pair.
However, when I point the client machine to the external ldap server and the add the subordinate relationship, I could not get the authentication for the uses in the internal ldap directory to work.
For example, when I used "su - peter" where peter is a user in the external ldap server and the password is {SASL}peter(a)EXAMPLE.COM<mailto:%7bSASL%7dpeter@EXAMPLE.COM>. The authentication works. However, when I use "su - James" where james is a user defined in the internal ldap server with password {SASL}james(a)SUB.EXAMPLE.COM<mailto:%7bSASL%7djames@SUB.EXAMPLE.COM>, then the authentication failed. I check the log file, the internal server did get the search request forwarded from the external ldap server and returned the correct information back. However, I did not see the saslauthd process on either the external or the internal ldap server get any inquiry for the authentication.
I tried to modify the /etc/krb5.conf and added the realms for both EXAMPLE.COM and SUB.EXAMPLE.COM. Still, the authentication does not work for users defined in the internal ldap server.
Could anyone give me some hints for this issue?
james
10 years, 5 months
GDM + pwdPolicy problem
by cbulist
Hi,
We have a problem using Red Hat 5.7, gdm 2.16.0-59 y pwdPolicy.
When an account gets pwdMaxAge limit and the user try to login using GUI
the user doesn't receive any warning about expiration account, it just
requests the user and password like a normal login and it fail. The
warning works if the user try login by SSH.
If we use pwdReset the user get the warning message and it is able to
change the password.
We comment pwdPolicy rules and using shadow attributes gdm works fine.
We tried the same configuration with a Red Hat 6 server and everything
works fine but we are not able to change our Red Hat version now.
Our requirements are keep the password history and we tried pam_unix
remember=3 option in /etc/pam.d/system-auth with /etc/security/opasswd
but It did not work.
We can go with shadow attributes as long as we keep the password history.
Any idea?
Thanks in advance!
10 years, 5 months
olcToolthreads and slapadd -n0
by Василий Молостов
i have migrated server side config for my db and I have found some
strange behavior of slapadd:
I've got started migration from converting slapd.conf containing my db
config and a 'tool-threads' parameter (with value above 1) into common
ldif file, in which an 'olcToolThreads' was defined appropriately (i.e
above 1). It was the simplest and clear step.
The next step was to 'slapadd -n 0' this ldif file into an empty
server config (having slapd stopped), but just at adding 'cn=config'
object (which contains olcToolThreads with value > 1) 'slapadd' stuck
indefinitely at shed_yelds() call (I have observed this via strace
tool from ubuntu).
So as a result slapadd had been in processing its operation
indefinitely without any output but was capable to stop working by
Ctrl-C handler.
Setting olcToolThreads to 0 or 1 has solved this problem.
I dont know is this a bug or my misconfiguration?
10 years, 5 months
missing structuralObjectClass
by Dusty Doris
I recently migrated a client's ldap directories to new servers. I
setup replication from the new servers to the old servers to do the
initial build of the directory and to keep up to date with changes
before the cutover.
In the process we also moved from 2.4.12 to 2.4.33.
I've run into an issue since then with an object that was missing a
structuralObjectClass. When we try to commit modifications to that
object, we received an error that says:
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: no structuralObjectClass operational attribute
Doing a search on that object with +, shows that it is in fact missing
a structuralObjectClass. Other users that we can modify, show that
they do have that attribute. I was able to solve this problem by
doing an ldapsearch on the user and saving to an ldif, ldapdelete the
user, then ldapadd the user back from the ldif file. When re-adding
that user, the structuralObjectClass was created.
It looks like about 50% of our objects are missing that attribute.
To get those numbers, I am searching with:
'(&(objectClass=*)(!(structuralObjectClass=*)))' +
VS
'(&(objectClass=*)(structuralObjectClass=*))' +
What would be the best way for me to fix these issues on every object
that is missing the structuralObjectClass?
Also, in the future, would you recommend I do a slapcat/slapadd or
something like that to populate a new database instead of letting
syncrepl load it for me? Would that have fixed this problem from the
start?
Thanks for any suggestions.
- Dusty Doris
10 years, 5 months
Re: Multi-Master OpenLDAP Replication for 3 nodes -- slapadd command failing
by fal patel
Hey Quanah,
Thank you very much for the debugging tip! -- Using it I got further in.
Now I get an error "<= str2entry: str2ad(UR1): attribute type undefined".
I must be setting my external variables (such as UR1) incorrectly in my
LDIF file.
What is the correct syntax for setting them, please?
I tried each of the following sentences, none of which worked:
URI1: ldap://host1.hq.mycompany.com:389/
URI1: ldap://host1.hq.mycompany.com:389
URI1: "ldap://host1.hq.mycompany.com:389/"
URI1="ldap://host1.hq.mycompany.com:389/"
URI1="ldap://host1.hq.mycompany.com:389"
URI1 ldap://host1.hq.mycompany.com:389/
This is the command I execute (after removing all contents from slapd.d):
slapadd -d -1 -v -F /etc/openldap/slapd.d -n 0 -l
/etc/openldap/nwaymmr.ldif >& output.txt
For completeness I've attached my LDIF file "nwaymmr.ldif" and the output
"output.txt" utilizing the first line above.
Thank you very much, in advance.
Fal
On Sat, Dec 29, 2012 at 9:02 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> --On Saturday, December 29, 2012 9:01 AM -0800 fal patel <
> fal0patel(a)gmail.com> wrote:
>
> (3) Where It's Failing:
>> =================
>> I first executed the following:
>>
>> slapadd -v -F /usr/local/etc/openldap/slapd.**d -b bdb -l mmr.ldif
>>
>
> This is nonsensical. You are adding a cn=config DB. Thus you cannot use
> a base of "bdb". Remember that -b is the suffix you are adding (in this
> case, cn=config). Not the database type.
>
>
> So I suppose I must create the database beforehand?
>>
>
> No. But the directory (/usr/local/etc/openldap/**slapd.d) must exist
> before slapadd will work.
>
> I would suggest you run:
>
> slapadd -d -1 -v -F /usr/local/etc/openldap/slapd.**d -n 0 -l mmr.ldif
>
> So you can see exactly why it is failing. My guess is you didn't create
> the directory.
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
10 years, 5 months