openldap-technical February 2012

openldap-technical@openldap.org

98 participants
113 discussions

Virtual list view problem
by Venish Khant 31 May '16

31 May '16

Hi all I am using cpan Net::LDAP module to access LDAP entries. I want to search LDAP entries using Net::LDAP search method. When I do search, I want some limited number of entries from search result, for this(searching) process I am using Net::LDAP::Control::VLV module. But I get error on VLV response control. Please, any one have idea about this error. * Error:* Died at vlv.pl line 50, This is my example. I changed the font style of line 50 #!/usr/bin/perl -w use Net::LDAP; use Net::LDAP::Control::VLV; use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE ); use Net::LDAP::Control::Sort; sub procentry { my ( $mesg, $entry) = @_; # Return if there is no entry to process if ( !defined($entry) ) { return; } print "dn: " . $entry->dn() . "\n"; @attrs = $entry->attributes(); foreach $attr (@attrs) { #printf("\t%s: %s\n", $attr, $entry->get_value($attr)); $attrvalue = $entry->get_value($attr,asref=>1); #print $attr.":". $entry->get_value($attr)."\n"; foreach $value(@$attrvalue) { print "$attr: $value\n"; } } $mesg->pop_entry; print "\n"; } $ldap = Net::LDAP->new( "localhost" ); # Get the first 20 entries $vlv = Net::LDAP::Control::VLV->new( before => 0, # No entries from before target entry after => 19, # 19 entries after target entry content => 0, # List size unknown offset => 1, # Target entry is the first ); my $sort = Net::LDAP::Control::Sort->new( order => 'cn' ); @args = ( base => "dc=example,dc=co,dc=in", scope => "subtree", filter => "(objectClass=inetOrgPerson)", callback => \&procentry, # Call this sub for each entry control => [ $sort, $vlv ], ); $mesg = $ldap->search( @args ); # Get VLV response control *($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;* $vlv->response( $resp ); # Set the control to get the last 20 entries $vlv->end; $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); # Now get the previous page $vlv->scroll_page( -1 ); $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mes # Now page with first entry starting with "B" in the middle $vlv->before(9); # Change page to show 9 before $vlv->after(10); # Change page to show 10 after $vlv->assert("B"); # assert "B" $mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); -- Venish Khant www.deeproot.co.in

4 11

SASL passthrough - multiple domains
by Liam Gretton 05 Jul '12

05 Jul '12

I have a working configuration with pass-through auth to an AD domain using saslauthd. However now there is a requirement to be able to handle another domain too, and I cannot work out how to do this. It seems that saslauthd cannot deal with multiple Kerberos realms, no matter what hoops one jumps through it eventually boils down to only using whatever 'default_realm' is set to in the krb5.conf file. Using multiple saslauthd daemons isn't possible either as there's no way (that I can work out) of getting OpenLDAP to use anything other than the single socket specified in /etc/sasl2/slapd.conf. My final idea was to run an LDAP instance per realm, each talking to the separate saslauthd daemons, and have another outward facing LDAP service with these as the backends but that's a non starter too because there's no way of specifying the sasl slapd.conf file, it seems sasl always looks in /etc/sasl2 for a file derived from the process name (a chroot environment for each LDAP server is therefore the next thing to look at). But this seems like a lot of work just to be able to authenticate users against multiple domains. I appreciate this is a SASL issue rather than a problem with OpenLDAP, but I'm hoping that someone here has cracked this already. Googling hasn't thrown up an solution that I can find. -- Liam Gretton liam.gretton(a)le.ac.uk HPC Architect http://www.le.ac.uk/its IT Services Tel: +44 (0)116 2522254 University of Leicester, University Road Leicestershire LE1 7RH, United Kingdom

8 10

Pass-though Authentication with Saslauthd and Kerberos
by Jeff B 06 Jun '12

06 Jun '12

I'm attempting to get pass-though auth to work against saslauthd and kerberos and while the problem seems to be in sasl I think it's most likely to be seen in this type of configuration with opendap which I why I chose this mailing list. When I run testsaslauthd it works but when I run ldapsearch it fails. But the curious thing is where it is failing. in doing straces of saslauthd and packet traces I've found that when ldapsearch calls salsauthd, and not when I run saslauthd kerberos does not deliver the AS-REP packets till just after saslauthd times out. I can't find any difference in how I'm invoking saslauthd with testdaslauthd and how ldapsearch is invoking saslauthd. However the packet traces are quite different as you will see below. I've seen these kind of errors here and there on google but no resolutions that I can find. (http://www.openldap.org/lists/openldap-software/200602/msg00278.html) Centos 6 openldap-2.4.23-15.el6_1.3.x86_64 openldap-clients-2.4.23-15.el6_1.3.x86_64 openldap-servers-2.4.23-15.el6_1.3.x86_64 openldap-devel-2.4.23-15.el6_1.3.x86_64 krb5-server-1.9-9.el6_1.2.x86_64 krb5-server-ldap-1.9-9.el6_1.2.x86_64 krb5-workstation-1.9-9.el6_1.2.x86_64 krb5-libs-1.9-9.el6_1.2.x86_64 cyrus-sasl-2.1.23-8.el6.x86_64 cyrus-sasl-lib-2.1.23-8.el6.x86_64 cyrus-sasl-gssapi-2.1.23-8.el6.x86_64 cyrus-sasl-plain-2.1.23-8.el6.x86_64 cyrus-sasl-devel-2.1.23-8.el6.x86_64 My slapd.conf contains nothing regarding kerberos / sasl / pass-through authentication. I'm using a slapd.conf file for the time being till i get it all worked out and plan on converting it to a cn=config configuration. In my DIT the userPassword field contains: {SASL}myuser@MYREALM where myuser and my realm are replaced with the proper values. /etc/sasl2/slapd.conf: mech_list: plain pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux /etc/sysconfig/saslauthd KRB5_KTNAME=/etc/krb5.keytab SOCKETDIR=/var/run/saslauthd MECH=kerberos5 Which builds a daemon command line of: /usr/sbin/saslauthd -m /var/run/saslauthd -a kerberos5 My system keytab is: /etc/krb5.keytab (root.ldap 0640) host/my.hostname@realm ldap/my.hostname@realm My socket parent dir is: /var/run/saslauthd (root.ldap 0770) When I run testsaslauthd I get a packet trace between saslauthd and kerberos is all UDP and works: > AS-REQ < KRB5KDC_ERR_PREAUTH_REQUIRED (25) > AS-REQ < AS-REP > TGS-REQ < TGS-REP When I run ldapsearch the packet trace between saslauthd and kerberos is UDP and TCP communication. None of the kerberos replies come back for 18 seconds, the time it takes saslauthd to time out. > AS-REQ < KRB5KDC_ERR_PREAUTH_REQUIRED (25) > AS-REQ > TCP SYN < TCP SYN, ACK > TCP ACK > TCP AS-REQ < TCP ACK > AS-REQ > AS-REQ > TCP FIN, ACK <-- saslauthd times out and the AS-REPS all come back at once. < AS-REP < AS-REP < AS-REP < TCP AS-REP > TCP RST an strace of saslauthd supports this timeout theory as it shows the the timeouts and backoffs. I can't find any info regarding saslauthd and TCP or UDP or timeouts like this. Any ideas?

5 7

ACL syntax with wildcards
by Nick Milas 18 May '12

18 May '12

Hi, We would like to use ACL statements of the form (used for illustration purposes): access to dn.subtree="ou=people,dc=example,dc=com" filter="(ou=xxxxx)" attrs="someAttrs" by group.exact="cn=xxxxxAdmins,ou=Groups,dc=example,dc=com" write by group.exact="cn=allAdmins,ou=Groups,dc=example,dc=com" read by self read where xxxxx is some string. In essence, we assign people entries to various administrative groups, depending on the value of the ou attribute of the entry. Of course we can write many statements, one per ou value / admin group, but it would be much more concise to use just one statement using wildcards. Could someone please suggest if and how the above can be written correctly, using e.g. regex? I appreciate any suggestions. Thanks, Nick

7 15

DEL don't get synced
by Marc Patermann 02 May '12

02 May '12

Hi, under some circumstances DEL don't get replicated to the consumers (SyncRepl). I think this has to do with other changes at the some moment. I attached two logs excepts in sync.log. In the first except there is only a DEL Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 DEL dn="employeeNumber=19676,ou=humans,ou=foo" For this there is a Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 line for every connected consumer. In the second step there is a MOD and a DEL Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 MOD dn="ou=FA-WF,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=3 DEL dn="employeeNumber=24387,ou=humans,ou=foo" As far as I can see, there is only sync activity for the MOD action, and not for the DEL action. The DEL is not synced. Marc

11 44

db in shadow context without replication
by Julien Soula 05 Apr '12

05 Apr '12

hello, I have a problem with a cancelation of replication of cn=config. I configured replication of cn=config in slapd.d (without slapd.conf) and I wanted to stop it. First one, I didn't see how to cancel replication in cn=config otherwise that deleting olcSyncRepl attribute directly in slapd.d files since database was in shadow context. Is there a proper way ? So I stopped slapd and deleted olcSyncRepl attribute and restarted it. But when I commited change, it failed with error : "shadow context without update referral" (there is no more olcSyncRepl in config) ! I tried to enable olcMirrorMode (directly in files again) but slapd crashed at start saying that the database was not in shadow context ! I cannot explain this behaviour. How the server determine that a database is in shadow context or not ? Is there a cache somewhere ? Sincerly, -- Julien << Vous n'avez rien a dire... Parlons-en! >>

1 1

GSSAPI (SASL) + LDAP
by Daniel Savard 25 Mar '12

25 Mar '12

Hi everyone, I am trying to implement Kerberos authentication and I believe I am almost there, however when I run the ldapwhoami command I am getting a segmentation fault rather than a success message. Here is the output of the ldapwhoami (yes, I have a Kerberos ticket): SASL/GSSAPI authentication started SASL username: dsavard(a)CIDS.CA SASL SSF: 56 SASL data security layer installed. dn:cn=daniel savard,dc=cids,dc=ca Segmentation fault The cn is properly mapped. When switching debug on I am getting the following messages and the only thing I find as a potential indication of my problem is this message (res_errno: 14, res_error: <SASL(0): successful result: security flags do not match required>, res_matched: <>) however I am not able to decipher what it means exactly: ldap_create ldap_pvt_sasl_getmech ldap_search put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_build_search_req ATTRS: supportedSASLMechanisms ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_path ldap_new_socket: 4 ldap_connect_to_path: Trying /var/run/openldap/slapd.sock ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_ndelay_on: 4 ldap_ndelay_off: 4 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x8058928 ptr=0x8058928 end=0x8058968 len=64 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ber_scanf fmt ({) ber: ber_dump: buf=0x8058928 ptr=0x805892d end=0x8058968 len=59 0000: 63 39 04 00 0a 01 00 0a 01 00 02 01 00 02 01 02 c9.............. 0010: 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 .....objectclass 0020: 30 19 04 17 73 75 70 70 6f 72 74 65 64 53 41 53 0...supportedSAS 0030: 4c 4d 65 63 68 61 6e 69 73 6d 73 LMechanisms ber_flush2: 64 bytes to sd 4 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ldap_write: want=64, written=64 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ldap_result ld 0x8058520 msgid 1 wait4msg ld 0x8058520 msgid 1 (infinite timeout) wait4msg continue ld 0x8058520 msgid 1 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 1 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 62 02 01 01 64 5d 04 0b...d]. ldap_read: want=92, got=92 0000: 00 30 59 30 57 04 17 73 75 70 70 6f 72 74 65 64 .0Y0W..supported 0010: 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 31 3c SASLMechanisms1< 0020: 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d 04 05 4c ..PLAIN..NTLM..L 0030: 4f 47 49 4e 04 06 47 53 53 41 50 49 04 0a 44 49 OGIN..GSSAPI..DI 0040: 47 45 53 54 2d 4d 44 35 04 08 43 52 41 4d 2d 4d GEST-MD5..CRAM-M 0050: 44 35 04 08 45 58 54 45 52 4e 41 4c D5..EXTERNAL ber_get_next: tag 0x30 len 98 contents: ber_dump: buf=0x8059a58 ptr=0x8059a58 end=0x8059aba len=98 0000: 02 01 01 64 5d 04 00 30 59 30 57 04 17 73 75 70 ...d]..0Y0W..sup 0010: 70 6f 72 74 65 64 53 41 53 4c 4d 65 63 68 61 6e portedSASLMechan 0020: 69 73 6d 73 31 3c 04 05 50 4c 41 49 4e 04 04 4e isms1<..PLAIN..N 0030: 54 4c 4d 04 05 4c 4f 47 49 4e 04 06 47 53 53 41 TLM..LOGIN..GSSA 0040: 50 49 04 0a 44 49 47 45 53 54 2d 4d 44 35 04 08 PI..DIGEST-MD5.. 0050: 43 52 41 4d 2d 4d 44 35 04 08 45 58 54 45 52 4e CRAM-MD5..EXTERN 0060: 41 4c AL read1msg: ld 0x8058520 msgid 1 message type search-entry wait4msg continue ld 0x8058520 msgid 1 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: * msgid 1, type 100 ld 0x8058520 response count 1 ldap_chkResponseList ld 0x8058520 msgid 1 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 65 07 0a 0....e.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x8059b10 ptr=0x8059b10 end=0x8059b1c len=12 0000: 02 01 01 65 07 0a 01 00 04 00 04 00 ...e........ read1msg: ld 0x8058520 msgid 1 message type search-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8059b10 ptr=0x8059b13 end=0x8059b1c len=9 0000: 65 07 0a 01 00 04 00 04 00 e........ read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 1 request done: ld 0x8058520 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) adding response ld 0x8058520 msgid 1 type 101: ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8059b10 ptr=0x8059b13 end=0x8059b1c len=9 0000: 65 07 0a 01 00 04 00 04 00 e........ ber_scanf fmt (}) ber: ber_dump: buf=0x8059b10 ptr=0x8059b1c end=0x8059b1c len=0 ldap_get_values ber_scanf fmt ({x{{a) ber: ber_dump: buf=0x8059a58 ptr=0x8059a5b end=0x8059aba len=95 0000: 64 5d 04 00 30 59 30 57 04 17 73 75 70 70 6f 72 d]..0Y0W..suppor 0010: 74 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d tedSASLMechanism 0020: 73 31 3c 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d s1<..PLAIN..NTLM 0030: 04 05 4c 4f 47 49 4e 04 06 47 53 53 41 50 49 04 ..LOGIN..GSSAPI. 0040: 0a 44 49 47 45 53 54 2d 4d 44 35 04 08 43 52 41 .DIGEST-MD5..CRA 0050: 4d 2d 4d 44 35 04 08 45 58 54 45 52 4e 41 4c M-MD5..EXTERNAL ber_scanf fmt ([v]) ber: ber_dump: buf=0x8059a58 ptr=0x8059a7c end=0x8059aba len=62 0000: 31 3c 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d 04 1<..PLAIN..NTLM. 0010: 05 4c 4f 47 49 4e 04 06 47 53 53 41 50 49 04 0a .LOGIN..GSSAPI.. 0020: 44 49 47 45 53 54 2d 4d 44 35 04 08 43 52 41 4d DIGEST-MD5..CRAM 0030: 2d 4d 44 35 04 08 45 58 54 45 52 4e 41 4c -MD5..EXTERNAL ldap_msgfree ldap_sasl_interactive_bind: server supports: PLAIN NTLM LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL ldap_int_sasl_bind: PLAIN NTLM LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL ldap_int_sasl_open: host=charpak.cids.ca SASL/GSSAPI authentication started ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80671b0 ptr=0x80671b0 end=0x8067429 len=633 0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00 0..u...`..n..... 0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02 59 ...e..GSSAPI...Y 0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01 `..U..*.H....... 0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1 03 .n..D0..@....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 5a ........ ......Z 0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b a..V0..R........ 0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02 01 .CIDS.CA."0 .... 0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68 61 ...0...ldap..cha 0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a rpak.cids.ca.... 0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82 0............... 00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce 54 ......F....c...T 00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68 26 ..a.|..J...].mh& 00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27 d8 ..L4-......$S+'. 00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49 ^:r.}8.....:.f.I 00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf c2 .v......_...6[.. 00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1 3e ....w(sCb..n...> 0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c ac ..{.......S...\. 0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af +.......!...k... 0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1 ).......j;.y4... 0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11 eb ..f..?......i... 0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89 76 ....U.O.;......v 0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1 a3 ..Z...G..$\..... 0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37 b1 ..... .c.h..y.7. 0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f g.!.N87-W}...... 0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c f5 .r.v..}k.+...z.. 0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c 02 .G5......y...1.. 01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81 c9 .........n...0.. 01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c 9f ..............l. 01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95 kr.c.........uO. 01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c 6f ..|.0.9?w.....lo 01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...% o..._.0.... 01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1 6a ..-......R.X{..j 0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33 {..n;..^..:!...3 0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)| )K..{ 0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c @.My.T.!.....<.< 0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38 86 ...R..tD...w..8. 0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17 e...u=........). 0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1 58 .-C..5...r.D...X 0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e be .d..\..\p.....n. 0270: 29 24 a7 3e 9a 34 f4 c3 6a )$.>.4..j ber_scanf fmt ({i) ber: ber_dump: buf=0x80671b0 ptr=0x80671b7 end=0x8067429 len=626 0000: 60 82 02 6e 02 01 03 04 00 a3 82 02 65 04 06 47 `..n........e..G 0010: 53 53 41 50 49 04 82 02 59 60 82 02 55 06 09 2a SSAPI...Y`..U..* 0020: 86 48 86 f7 12 01 02 02 01 00 6e 82 02 44 30 82 .H........n..D0. 0030: 02 40 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 .@.............. 0040: 00 20 00 00 00 a3 82 01 5a 61 82 01 56 30 82 01 . ......Za..V0.. 0050: 52 a0 03 02 01 05 a1 09 1b 07 43 49 44 53 2e 43 R.........CIDS.C 0060: 41 a2 22 30 20 a0 03 02 01 03 a1 19 30 17 1b 04 A."0 .......0... 0070: 6c 64 61 70 1b 0f 63 68 61 72 70 61 6b 2e 63 69 ldap..charpak.ci 0080: 64 73 2e 63 61 a3 82 01 1a 30 82 01 16 a0 03 02 ds.ca....0...... 0090: 01 12 a1 03 02 01 07 a2 82 01 08 04 82 01 04 46 ...............F 00a0: c7 d2 fb b5 63 13 9d ce 54 a8 bc 61 02 7c 9b a4 ....c...T..a.|.. 00b0: 4a b5 e4 97 5d 04 6d 68 26 e3 1a 4c 34 2d d5 ac J...].mh&..L4-.. 00c0: 13 1d ee a4 24 53 2b 27 d8 5e 3a 72 f3 7d 38 09 ....$S +'.^:r.}8. 00d0: 8b 0b b0 10 3a 84 66 fa 49 04 76 92 14 0b e4 91 ....:.f.I.v..... 00e0: 0a 5f 08 d0 d7 36 5b cf c2 0e a6 05 b9 77 28 73 ._...6[......w(s 00f0: 43 62 85 0e 6e 86 c0 d1 3e a5 2e 7b ba c8 1e 1d Cb..n...>..{.... 0100: e2 ce c0 53 04 aa f3 5c ac 2b 98 d5 b2 0c b9 95 ...S...\.+...... 0110: be 21 c7 df cf 6b ce 9f af 29 c4 b5 ea 89 04 16 .!...k...)...... 0120: ec 6a 3b 93 79 34 99 9e c1 c1 92 66 f3 d1 3f c2 .j;.y4.....f..?. 0130: 87 84 a2 b4 1b 69 ea 11 eb 93 bc d3 9b 55 eb 4f .....i.......U.O 0140: 8b 3b c2 dc 18 10 9d 89 76 0b 1d 5a 9f 8c 82 47 .;......v..Z...G 0150: d8 de 24 5c e1 18 e1 e1 a3 e1 e2 db 94 fa 20 c4 ..$\.......... . 0160: 63 c6 68 03 d3 79 d8 37 b1 67 a5 21 18 4e 38 37 c.h..y.7.g.!.N87 0170: 2d 57 7d e5 83 97 a4 df 9f d0 72 18 76 b9 1b 7d -W}.......r.v..} 0180: 6b fd 2b db 0d ce 7a 1c f5 cf 47 35 fd ef e0 86 k.+...z...G5.... 0190: 15 a7 79 d0 91 f0 31 0c 02 f5 f9 96 07 15 b5 d1 ..y...1......... 01a0: bf cf 6e a4 81 cc 30 81 c9 a0 03 02 01 12 a2 81 ..n...0......... 01b0: c1 04 81 be f4 d4 c2 6c 9f 6b 72 ad 63 cf ed a5 .......l.kr.c... 01c0: 9b 09 e2 b9 d1 8a 75 4f 95 0d 02 7c 8f 30 c6 39 ......uO...|.0.9 01d0: 3f 77 8d 05 09 18 bc 6c 6f 28 cb a2 8d 25 6f cd ?w.....lo(...%o. 01e0: c0 d0 5f 1e 30 81 02 88 1a 8d 90 2d 0a a8 e4 89 .._.0......-.... 01f0: d6 a4 52 00 58 7b 85 d1 6a 7b c6 d5 6e 3b d1 c6 ..R.X{..j{..n;.. 0200: 5e db 86 3a 21 bb ea ff 33 b1 e6 0c c6 8f cc 71 ^..:!...3......q 0210: 46 a4 29 7c 29 4b dd 7f 7b 40 03 4d 79 e4 54 b5 F.)| )K..{@.My.T. 0220: 21 08 e9 a5 96 9f 3c 96 3c 0b 89 ed 52 d6 1a 74 !.....<.<...R..t 0230: 44 f6 95 cc 77 db 03 38 86 65 b3 db 87 75 3d 1b D...w..8.e...u=. 0240: 1d f0 ad f2 f1 b3 e8 29 17 a5 2d 43 d1 d3 35 9d .......)..-C..5. 0250: fe 87 72 90 44 bd d0 b1 58 e8 64 dd 93 5c b8 f8 ..r.D...X.d..\.. 0260: 5c 70 9f 7f 1d a0 9b 6e be 29 24 a7 3e 9a 34 f4 \p.....n.)$.>.4. 0270: c3 6a .j ber_flush2: 633 bytes to sd 4 0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00 0..u...`..n..... 0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02 59 ...e..GSSAPI...Y 0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01 `..U..*.H....... 0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1 03 .n..D0..@....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 5a ........ ......Z 0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b a..V0..R........ 0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02 01 .CIDS.CA."0 .... 0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68 61 ...0...ldap..cha 0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a rpak.cids.ca.... 0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82 0............... 00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce 54 ......F....c...T 00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68 26 ..a.|..J...].mh& 00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27 d8 ..L4-......$S+'. 00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49 ^:r.}8.....:.f.I 00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf c2 .v......_...6[.. 00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1 3e ....w(sCb..n...> 0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c ac ..{.......S...\. 0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af +.......!...k... 0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1 ).......j;.y4... 0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11 eb ..f..?......i... 0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89 76 ....U.O.;......v 0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1 a3 ..Z...G..$\..... 0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37 b1 ..... .c.h..y.7. 0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f g.!.N87-W}...... 0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c f5 .r.v..}k.+...z.. 0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c 02 .G5......y...1.. 01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81 c9 .........n...0.. 01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c 9f ..............l. 01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95 kr.c.........uO. 01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c 6f ..|.0.9?w.....lo 01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...% o..._.0.... 01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1 6a ..-......R.X{..j 0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33 {..n;..^..:!...3 0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)| )K..{ 0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c @.My.T.!.....<.< 0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38 86 ...R..tD...w..8. 0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17 e...u=........). 0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1 58 .-C..5...r.D...X 0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e be .d..\..\p.....n. 0270: 29 24 a7 3e 9a 34 f4 c3 6a )$.>.4..j ldap_write: want=633, written=633 0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00 0..u...`..n..... 0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02 59 ...e..GSSAPI...Y 0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01 `..U..*.H....... 0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1 03 .n..D0..@....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 5a ........ ......Z 0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b a..V0..R........ 0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02 01 .CIDS.CA."0 .... 0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68 61 ...0...ldap..cha 0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a rpak.cids.ca.... 0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82 0............... 00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce 54 ......F....c...T 00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68 26 ..a.|..J...].mh& 00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27 d8 ..L4-......$S+'. 00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49 ^:r.}8.....:.f.I 00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf c2 .v......_...6[.. 00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1 3e ....w(sCb..n...> 0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c ac ..{.......S...\. 0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af +.......!...k... 0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1 ).......j;.y4... 0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11 eb ..f..?......i... 0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89 76 ....U.O.;......v 0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1 a3 ..Z...G..$\..... 0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37 b1 ..... .c.h..y.7. 0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f g.!.N87-W}...... 0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c f5 .r.v..}k.+...z.. 0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c 02 .G5......y...1.. 01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81 c9 .........n...0.. 01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c 9f ..............l. 01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95 kr.c.........uO. 01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c 6f ..|.0.9?w.....lo 01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...% o..._.0.... 01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1 6a ..-......R.X{..j 0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33 {..n;..^..:!...3 0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)| )K..{ 0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c @.My.T.!.....<.< 0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38 86 ...R..tD...w..8. 0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17 e...u=........). 0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1 58 .-C..5...r.D...X 0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e be .d..\..\p.....n. 0270: 29 24 a7 3e 9a 34 f4 c3 6a )$.>.4..j ldap_msgfree ldap_result ld 0x8058520 msgid 2 wait4msg ld 0x8058520 msgid 2 (infinite timeout) wait4msg continue ld 0x8058520 msgid 2 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 2 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 2 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 81 ec 02 01 02 61 81 0.....a. ldap_read: want=231, got=231 0000: e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 3a .......@SASL(0): 0010: 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 75 successful resu 0020: 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c 61 lt: security fla 0030: 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 20 gs do not match 0040: 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 06 09 required...`.... 0050: 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 30 81 *.H........o..0. 0060: 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 78 a0 ............z0x. 0070: 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a 4b 05 .....q.o~.E..zK. 0080: 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 2e f4 7...,q_.`.&9W... 0090: 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba b1 db h..9'.U.-'...... 00a0: 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 f0 88 3..Q..;z.A..-D.. 00b0: 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 d1 7c 1.2.._.".....".| 00c0: d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 0d 71 ..H..'...6..&..q 00d0: 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df ce f1 &^fE..4..].S@... 00e0: 65 d7 7e d2 b5 1f d9 e.~.... ber_get_next: tag 0x30 len 236 contents: ber_dump: buf=0x8066930 ptr=0x8066930 end=0x8066a1c len=236 0000: 02 01 02 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 ...a........@SAS 0010: 4c 28 30 29 3a 20 73 75 63 63 65 73 73 66 75 6c L(0): successful 0020: 20 72 65 73 75 6c 74 3a 20 73 65 63 75 72 69 74 result: securit 0030: 79 20 66 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d y flags do not m 0040: 61 74 63 68 20 72 65 71 75 69 72 65 64 87 81 9c atch required... 0050: 60 81 99 06 09 2a 86 48 86 f7 12 01 02 02 02 00 `....*.H........ 0060: 6f 81 89 30 81 86 a0 03 02 01 05 a1 03 02 01 0f o..0............ 0070: a2 7a 30 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 .z0x......q.o~.E 0080: 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 ..zK.7...,q_.`.& 0090: 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 9W...h..9'.U.-'. 00a0: 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 .....3..Q..;z.A. 00b0: ec 2d 44 f0 88 31 e5 32 12 98 5f db 22 cd b1 2e .-D..1.2.._."... 00c0: d2 15 22 d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 ..".|..H..'...6. 00d0: cf 26 94 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a .&..q&^fE..4..]. 00e0: 53 40 df ce f1 65 d7 7e d2 b5 1f d9 S@...e.~.... read1msg: ld 0x8058520 msgid 2 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233 0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 a........@SASL(0 0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ): successful re 0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult: security f 0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not matc 0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h required...`.. 0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 ..*.H........o.. 0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 0.............z0 0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a x......q.o~.E..z 0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 K.7...,q_.`.&9W. 0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba ..h..9'.U.-'.... 00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 ..3..Q..;z.A..-D 00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 ..1.2.._."....." 00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 .|..H..'...6..&. 00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df .q&^fE..4..].S@. 00e0: ce f1 65 d7 7e d2 b5 1f d9 ..e.~.... read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 2 request done: ld 0x8058520 msgid 2 res_errno: 14, res_error: <SASL(0): successful result: security flags do not match required>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_int_sasl_bind: <null> ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233 0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 a........@SASL(0 0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ): successful re 0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult: security f 0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not matc 0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h required...`.. 0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 ..*.H........o.. 0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 0.............z0 0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a x......q.o~.E..z 0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 K.7...,q_.`.&9W. 0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba ..h..9'.U.-'.... 00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 ..3..Q..;z.A..-D 00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 ..1.2.._."....." 00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 .|..H..'...6..&. 00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df .q&^fE..4..].S@. 00e0: ce f1 65 d7 7e d2 b5 1f d9 ..e.~.... ber_scanf fmt (O) ber: ber_dump: buf=0x8066930 ptr=0x806697d end=0x8066a1c len=159 0000: 87 81 9c 60 81 99 06 09 2a 86 48 86 f7 12 01 02 ...`....*.H..... 0010: 02 02 00 6f 81 89 30 81 86 a0 03 02 01 05 a1 03 ...o..0......... 0020: 02 01 0f a2 7a 30 78 a0 03 02 01 12 a2 71 04 6f ....z0x......q.o 0030: 7e 89 45 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed ~.E..zK.7...,q_. 0040: 60 af 26 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6 `.&9W...h..9'.U. 0050: 2d 27 06 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a -'......3..Q..;z 0060: 8b 41 03 ec 2d 44 f0 88 31 e5 32 12 98 5f db 22 .A..-D..1.2.._." 0070: cd b1 2e d2 15 22 d1 7c d9 7f 48 aa 9e 27 84 a2 .....".|..H..'.. 0080: cd 36 02 cf 26 94 0d 71 26 5e 66 45 af 86 34 de .6..&..q&^fE..4. 0090: b1 5d 9a 53 40 df ce f1 65 d7 7e d2 b5 1f d9 .].S@...e.~.... ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233 0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 a........@SASL(0 0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ): successful re 0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult: security f 0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not matc 0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h required...`.. 0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 ..*.H........o.. 0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 0.............z0 0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a x......q.o~.E..z 0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 K.7...,q_.`.&9W. 0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba ..h..9'.U.-'.... 00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 ..3..Q..;z.A..-D 00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 ..1.2.._."....." 00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 .|..H..'...6..&. 00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df .q&^fE..4..].S@. 00e0: ce f1 65 d7 7e d2 b5 1f d9 ..e.~.... ber_scanf fmt (x) ber: ber_dump: buf=0x8066930 ptr=0x806697d end=0x8066a1c len=159 0000: 87 81 9c 60 81 99 06 09 2a 86 48 86 f7 12 01 02 ...`....*.H..... 0010: 02 02 00 6f 81 89 30 81 86 a0 03 02 01 05 a1 03 ...o..0......... 0020: 02 01 0f a2 7a 30 78 a0 03 02 01 12 a2 71 04 6f ....z0x......q.o 0030: 7e 89 45 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed ~.E..zK.7...,q_. 0040: 60 af 26 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6 `.&9W...h..9'.U. 0050: 2d 27 06 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a -'......3..Q..;z 0060: 8b 41 03 ec 2d 44 f0 88 31 e5 32 12 98 5f db 22 .A..-D..1.2.._." 0070: cd b1 2e d2 15 22 d1 7c d9 7f 48 aa 9e 27 84 a2 .....".|..H..'.. 0080: cd 36 02 cf 26 94 0d 71 26 5e 66 45 af 86 34 de .6..&..q&^fE..4. 0090: b1 5d 9a 53 40 df ce f1 65 d7 7e d2 b5 1f d9 .].S@...e.~.... ber_scanf fmt (}) ber: ber_dump: buf=0x8066930 ptr=0x8066a1c end=0x8066a1c len=0 sasl_client_step: 1 ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80673c8 ptr=0x80673c8 end=0x80673de len=22 0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06 0....`.......... 0010: 47 53 53 41 50 49 GSSAPI ber_scanf fmt ({i) ber: ber_dump: buf=0x80673c8 ptr=0x80673cd end=0x80673de len=17 0000: 60 0f 02 01 03 04 00 a3 08 04 06 47 53 53 41 50 `..........GSSAP 0010: 49 I ber_flush2: 22 bytes to sd 4 0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06 0....`.......... 0010: 47 53 53 41 50 49 GSSAPI ldap_write: want=22, written=22 0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06 0....`.......... 0010: 47 53 53 41 50 49 GSSAPI ldap_msgfree ldap_result ld 0x8058520 msgid 3 wait4msg ld 0x8058520 msgid 3 (infinite timeout) wait4msg continue ld 0x8058520 msgid 3 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 3, origid 3, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 3 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 3 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 6e 02 01 03 61 69 0a 0n...ai. ldap_read: want=104, got=104 0000: 01 0e 04 00 04 40 53 41 53 4c 28 30 29 3a 20 73 .....@SASL(0): s 0010: 75 63 63 65 73 73 66 75 6c 20 72 65 73 75 6c 74 uccessful result 0020: 3a 20 73 65 63 75 72 69 74 79 20 66 6c 61 67 73 : security flags 0030: 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 20 72 65 do not match re 0040: 71 75 69 72 65 64 87 20 05 04 05 ff 00 0c 00 00 quired. ........ 0050: 00 00 00 00 12 b9 aa 10 07 01 00 00 df 4c f1 71 .............L.q 0060: 90 07 ff bd 17 a8 c4 a4 ........ ber_get_next: tag 0x30 len 110 contents: ber_dump: buf=0x8066ea0 ptr=0x8066ea0 end=0x8066f0e len=110 0000: 02 01 03 61 69 0a 01 0e 04 00 04 40 53 41 53 4c ...ai......@SASL 0010: 28 30 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 (0): successful 0020: 72 65 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 result: security 0030: 20 66 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 flags do not ma 0040: 74 63 68 20 72 65 71 75 69 72 65 64 87 20 05 04 tch required. .. 0050: 05 ff 00 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 ................ 0060: 00 00 df 4c f1 71 90 07 ff bd 17 a8 c4 a4 ...L.q........ read1msg: ld 0x8058520 msgid 3 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107 0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 ai......@SASL(0) 0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful res 0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult: security fl 0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not match 0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00 required. ..... 0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00 df ................ 0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4 L.q........ read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 3 request done: ld 0x8058520 msgid 3 res_errno: 14, res_error: <SASL(0): successful result: security flags do not match required>, res_matched: <> ldap_free_request (origid 3, msgid 3) ldap_int_sasl_bind: <null> ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107 0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 ai......@SASL(0) 0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful res 0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult: security fl 0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not match 0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00 required. ..... 0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00 df ................ 0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4 L.q........ ber_scanf fmt (O) ber: ber_dump: buf=0x8066ea0 ptr=0x8066eec end=0x8066f0e len=34 0000: 87 20 05 04 05 ff 00 0c 00 00 00 00 00 00 12 b9 . .............. 0010: aa 10 07 01 00 00 df 4c f1 71 90 07 ff bd 17 a8 .......L.q...... 0020: c4 a4 .. ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107 0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 ai......@SASL(0) 0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful res 0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult: security fl 0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not match 0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00 required. ..... 0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00 df ................ 0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4 L.q........ ber_scanf fmt (x) ber: ber_dump: buf=0x8066ea0 ptr=0x8066eec end=0x8066f0e len=34 0000: 87 20 05 04 05 ff 00 0c 00 00 00 00 00 00 12 b9 . .............. 0010: aa 10 07 01 00 00 df 4c f1 71 90 07 ff bd 17 a8 .......L.q...... 0020: c4 a4 .. ber_scanf fmt (}) ber: ber_dump: buf=0x8066ea0 ptr=0x8066f0e end=0x8066f0e len=0 sasl_client_step: 0 ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80675e0 ptr=0x80675e0 end=0x8067618 len=56 0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06 06...`1......*.. 0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00 GSSAPI. ........ 0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....| Y......... 0030: ba 92 ed 68 ba 85 78 97 ...h..x. ber_scanf fmt ({i) ber: ber_dump: buf=0x80675e0 ptr=0x80675e5 end=0x8067618 len=51 0000: 60 31 02 01 03 04 00 a3 2a 04 06 47 53 53 41 50 `1......*..GSSAP 0010: 49 04 20 05 04 04 ff 00 0c 00 00 00 00 00 00 14 I. ............. 0020: 7c 59 12 04 ff ff ff df d0 e2 d4 ba 92 ed 68 ba | Y............h. 0030: 85 78 97 .x. ber_flush2: 56 bytes to sd 4 0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06 06...`1......*.. 0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00 GSSAPI. ........ 0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....| Y......... 0030: ba 92 ed 68 ba 85 78 97 ...h..x. ldap_write: want=56, written=56 0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06 06...`1......*.. 0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00 GSSAPI. ........ 0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....| Y......... 0030: ba 92 ed 68 ba 85 78 97 ...h..x. ldap_msgfree ldap_result ld 0x8058520 msgid 4 wait4msg ld 0x8058520 msgid 4 (infinite timeout) wait4msg continue ld 0x8058520 msgid 4 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 4, origid 4, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 4 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 4 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 04 61 07 0a 0....a.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x8066a10 ptr=0x8066a10 end=0x8066a1c len=12 0000: 02 01 04 61 07 0a 01 00 04 00 04 00 ...a........ read1msg: ld 0x8058520 msgid 4 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 4 request done: ld 0x8058520 msgid 4 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 4, msgid 4) ldap_int_sasl_bind: <null> ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ ber_scanf fmt (}) ber: ber_dump: buf=0x8066a10 ptr=0x8066a1c end=0x8066a1c len=0 SASL username: dsavard(a)CIDS.CA SASL SSF: 56 ldap_pvt_sasl_generic_install SASL data security layer installed. ldap_msgfree ldap_extended_operation ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80685e8 ptr=0x80685e8 end=0x8068608 len=32 0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 33 .4.1.4203.1.11.3 ber_scanf fmt ({) ber: ber_dump: buf=0x80685e8 ptr=0x80685ed end=0x8068608 len=27 0000: 77 19 80 17 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. 0010: 34 32 30 33 2e 31 2e 31 31 2e 33 4203.1.11.3 ber_flush2: 32 bytes to sd 4 0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 33 .4.1.4203.1.11.3 sasl_generic_write: want=96, written=96 0000: 00 00 00 5c 05 04 06 ff 00 00 00 00 00 00 00 00 ...\............ 0010: 14 7c 59 13 19 70 b3 cc d8 3f 49 e8 75 23 72 34 .| Y..p...?I.u#r4 0020: e3 36 1f 76 8b b5 33 a9 f0 f7 b7 e7 a6 03 39 5a .6.v..3.......9Z 0030: aa ff 48 4a f1 7d ff 50 1e 4c 70 42 1e 70 f9 1a ..HJ.}.P.LpB.p.. 0040: 1b a6 98 d3 ac 1f fa 0b 7c 74 5f a2 bb 33 8a 11 ........| t_..3.. 0050: d5 71 97 a5 22 e6 cb 58 4a b9 22 c7 9e 49 f0 ac .q.."..XJ."..I.. ldap_write: want=32, written=32 0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 33 .4.1.4203.1.11.3 ldap_result ld 0x8058520 msgid -1 wait4msg ld 0x8058520 msgid -1 (timeout 100000 usec) wait4msg continue ld 0x8058520 msgid -1 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 5, origid 5, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid -1 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid -1 all 1 ber_get_next sasl_generic_read: want=4, got=4 0000: 00 00 00 6d ...m sasl_generic_read: want=109, got=109 0000: 05 04 07 ff 00 00 00 00 00 00 00 00 12 b9 aa 11 ................ 0010: 2c b0 59 b7 a7 26 8a 02 2e 10 76 24 d1 2a 65 7f ,.Y..&....v $.*e. 0020: 06 fd ba 3c a5 23 0d d9 7a 3a 9d 05 0c 29 fc 1d ...<.#..z:...).. 0030: 7e 4f 6f db 0c 0e da 33 33 5b dc fb 58 2c 76 d9 ~Oo....33[..X,v. 0040: af ff 86 32 cc f2 08 9e e4 05 01 db 55 e8 9d 41 ...2........U..A 0050: 79 07 3f fc 60 bb e8 09 bb 67 a9 84 9c e6 61 28 y.?.`....g....a( 0060: dc f7 ee 69 eb a4 25 bf 93 42 14 4d e7 ...i..%..B.M. ldap_read: want=8, got=8 0000: 30 2f 02 01 05 78 2a 0a 0/...x*. ldap_read: want=41, got=41 0000: 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e 3d 64 61 .......! dn:cn=da 0010: 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 63 3d 63 niel savard,dc=c 0020: 69 64 73 2c 64 63 3d 63 61 ids,dc=ca ber_get_next: tag 0x30 len 47 contents: ber_dump: buf=0x8069af8 ptr=0x8069af8 end=0x8069b27 len=47 0000: 02 01 05 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e ...x*........!dn 0010: 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 :cn=daniel savar 0020: 64 2c 64 63 3d 63 69 64 73 2c 64 63 3d 63 61 d,dc=cids,dc=ca read1msg: ld 0x8058520 msgid 5 message type extended-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44 0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........! dn:cn 0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel savard,d 0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61 c=cids,dc=ca read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 5 request done: ld 0x8058520 msgid 5 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 5, msgid 5) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44 0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........! dn:cn 0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel savard,d 0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61 c=cids,dc=ca ber_scanf fmt (x) ber: ber_dump: buf=0x8069af8 ptr=0x8069b04 end=0x8069b27 len=35 0000: 8b 21 64 6e 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 .! dn:cn=daniel s 0010: 61 76 61 72 64 2c 64 63 3d 63 69 64 73 2c 64 63 avard,dc=cids,dc 0020: 3d 63 61 =ca ber_scanf fmt (}) ber: ber_dump: buf=0x8069af8 ptr=0x8069b27 end=0x8069b27 len=0 ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44 0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........! dn:cn 0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel savard,d 0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61 c=cids,dc=ca ber_scanf fmt (O) ber: ber_dump: buf=0x8069af8 ptr=0x8069b04 end=0x8069b27 len=35 0000: 8b 21 64 6e 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 .! dn:cn=daniel s 0010: 61 76 61 72 64 2c 64 63 3d 63 69 64 73 2c 64 63 avard,dc=cids,dc 0020: 3d 63 61 =ca dn:cn=daniel savard,dc=cids,dc=ca ldap_msgfree ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 0000: 30 05 02 01 06 42 00 0....B. sasl_generic_write: want=71, written=71 0000: 00 00 00 43 05 04 06 ff 00 00 00 00 00 00 00 00 ...C............ 0010: 14 7c 59 14 62 4d d1 00 e2 51 30 43 8b bb 63 30 .| Y.bM...Q0C..c0 0020: 8e 74 4e 91 57 f8 10 4a 9f ec b4 d2 b2 0c 33 bc .tN.W..J......3. 0030: 67 c8 06 09 2b 22 7f f2 be 26 12 b1 96 cc 8f 10 g...+"...&...... 0040: 09 89 32 2a 02 11 d8 ..2*... ldap_write: want=7, written=7 0000: 30 05 02 01 06 42 00 0....B. ldap_free_connection: actually freed Segmentation fault THX -- Daniel Savard

4 7

cannot get base DN / suffix from ldap browsers
by Jehan Procaccia 20 Mar '12

20 Mar '12

Hello, I cannot figure out why on one of my replicas, I cannot browse the DIT . Apache Directory Studio for example, only show the "root DSE(2)", but the base DN (namingContext or directory suffix, whatever you call it ...) isn't visible !? on my others replicas and the master, everything is fine, I do browse the DIT, the browser shows "root DSE(3)" with the suffix visible. I might be missing something obvious, but cannot figure out what. I checked ACL: access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to dn.subtree="dc=int-evry,dc=fr" by dn="cn=admin,dc=int-evry,dc=fr" write by users read but still, the suffix dc=int-evry,dc=f doesn't shows up on that particular replica !? I run openldap-servers-2.4.23-20.el6.i686 with cn=config created from a slapd.conf transformed with slaptest -f . Any help greatly appreciated .

3 4

ACL in dynamic configuration
by Nick Milas 16 Mar '12

16 Mar '12

Hello, I have converted from static (slapd.conf) to dynamic (cn=config) configuration using auto file conversion. I would like to ask a couple of questions regarding ACL conversion. Here follows one of the rules we have in initial form (a), and after conversion (b): (a) access to dn.subtree="dc=xxx.xxx.xxx.in-addr.arpa,ou=dns1,dc=example,dc=gr" attrs="children,entry" by group.exact="cn=TechAdmins,ou=Groups,dc=example,dc=gr" write by group.exact="cn=Dept1Admins,ou=Groups,dc=example,dc=gr" read by group.exact="cn=Dept2Admins,ou=Groups,dc=example,dc=gr" write by group.exact="cn=Dept3Admins,ou=Groups,dc=example,dc=gr" read by group.exact="cn=Dept4Admins,ou=Groups,dc=example,dc=gr" read by group.exact="cn=Dept5Admins,ou=Groups,dc=example,dc=gr" read by group.exact="cn=GuestAdmins,ou=Groups,dc=example,dc=gr" read by dn.exact="uid=dnsauthusr,ou=System,dc=example,dc=gr" read by * break (b) as an olcAccess attribute value: {10}to dn.subtree="dc=xxx.xxx.xxx.in-addr.arpa,ou=dns1,dc=example,dc=gr" attrs=children,entry by group/groupOfNames/member.exact="cn=techadmins,ou=groups,dc=example,dc=gr" write by group/groupOfNames/member.exact="cn=Dept1Admins,ou=groups,dc=example,dc=gr" read by group/groupOfNames/member.exact="cn=Dept2Admins,ou=groups,dc=example,dc=gr" write by group/groupOfNames/member.exact="cn=Dept3Admins,ou=groups,dc=example,dc=gr" read by group/groupOfNames/member.exact="cn=Dept4Admins,ou=groups,dc=example,dc=gr" read by group/groupOfNames/member.exact="cn=Dept5Admins,ou=groups,dc=example,dc=gr" read by group/groupOfNames/member.exact="cn=guestadmins,ou=groups,dc=example,dc=gr" read by dn.base="uid=dnsauthusr,ou=system,dc=example,dc=gr" read by * +0 break Question 1. Why "group.exact" was changed to "group/groupOfNames/member.exact" ? Yes, groups are defined as entries of groupOfNames objectClass, with members defined as values of attribute "member". But should it be like that? Should we change (manually) "group/groupOfNames/member.exact" back to "group.exact" again or not (and why)? Question 2. Is there a way we can add (manually, since conversion removed the ones which existed in initial configuration files) line breaks in olcAccess attribute value so it can be more legible (for administrative purposes)? Question 3. What is the "+0" added before "break" and why is needed? Thanks in advance, Nick

3 3

OpenLDAP 2.4 : replication doesn't work when customer is stopped
by PROST Frédéric 10 Mar '12

10 Mar '12

Hello, I configured MirrorMode replication between 2 openldap 2.4 node installed on Debian (from apt). Everything is working fine when the two nodes are online but if I stop the second node, and add new datas to the first node, then restart the second node, the new data are not synced. However, if I then add new datas on node 1, they are replicated to node2 without problem. Here is a scenario of this problem : 1/ node1 and node 2 are online : I add user1 to node 1 => user1 appears on node2 => ok 2/ node1 is online and node2 is off : I add user2 on node1 => nothing happens on node2 as it is off => ok 3/ I restart node2 => user2 is not replicated to node2 => not ok 4/ node1 and node 2 are online : I add user3 to node 1 => user3 appears on node2 => ok At the end of this scenario, node1 contains user1, user2 and user3 and node2 contains only user1 and user3 (but not user2). How can I slove this problem ? Thank you for your help, Best regards, Fred Here is my config : version: 1 dn: cn=config objectClass: olcGlobal cn: config olcAllows: bind_v2 olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: any olcPidFile: /var/run/slapd/slapd.pid olcServerID: 1 ldap://192.168.1.103 olcServerID: 2 ldap://192.168.1.104 olcSizeLimit: 1000000 olcToolThreads: 1 dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}back_hdb olcModuleLoad: {1}syncprov olcModulePath: /usr/lib/ldap dn: olcBackend={0}hdb,cn=config objectClass: olcBackendConfig olcBackend: {0}hdb dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth manage by * break olcAccess: {1}to dn.exact="" by * read olcAccess: {2}to dn.base="cn=Subschema" by * read olcSizeLimit: 500 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact="uid=syncrepl,dc=tracteur91,dc=local" read by * break olcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth manage by * break olcLimits: {0}dn.exact="uid=syncrepl,dc=tracteur91,dc=local" size=unlimited olcMirrorMode: TRUE olcRootDN: cn=admin,cn=config olcRootPW: {MD5}BkY718PMIcgBNjpfXmGpOA== olcSyncrepl: {0}rid=001 provider="ldap://192.168.1.103" searchbase="cn=confi g" type=refreshAndPersist bindmethod=simple binddn="uid=syncrepl,dc=tracteu r91,dc=local" credentials="Tr@cteur91" retry="30 +" network-timeout=5 timeo ut=30 olcSyncrepl: {1}rid=002 provider="ldap://192.168.1.104" searchbase="cn=confi g" type=refreshAndPersist bindmethod=simple binddn="uid=syncrepl,dc=tracteu r91,dc=local" credentials="Tr@cteur91" retry="30 +" network-timeout=5 timeo ut=30 dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 5 dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcAccess: {0}to * by dn.exact="uid=syncrepl,dc=tracteur91,dc=local" read by * break olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anonym ous auth by dn="cn=admin,dc=tracteur91,dc=local" write by * none olcAccess: {2}to dn.base="" by * read olcAccess: {3}to * by self write by dn="cn=admin,dc=tracteur91,dc=local" wri te by * read olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uid eq olcDbIndex: cn eq olcDbIndex: ou eq olcDbIndex: dc eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcLastMod: TRUE olcLimits: {0}dn.exact="uid=syncrepl,dc=tracteur91,dc=local" size=unlimited olcMirrorMode: TRUE olcRootDN: cn=admin,dc=tracteur91,dc=local olcRootPW: {SSHA}ZtvvlHUQYloI17cv2/cjPFmx51+Ut/+5 olcSuffix: dc=tracteur91,dc=local olcSyncrepl: {0}rid=003 provider="ldap://192.168.1.103" searchbase="dc=tract eur91,dc=local" type=refreshAndPersist bindmethod=simple binddn="uid=syncre pl,dc=tracteur91,dc=local" credentials="Tr@cteur91" retry="30 +" network-ti meout=5 timeout=30 olcSyncrepl: {1}rid=004 provider="ldap://192.168.1.104" searchbase="dc=tract eur91,dc=local" type=refreshAndPersist bindmethod=simple binddn="uid=syncre pl,dc=tracteur91,dc=local" credentials="Tr@cteur91" retry="30 +" network-ti meout=5 timeout=30 dn: olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 5

3 8

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical February 2012