Copying entries without access to all attributes
by Nick Milas
Hi,
In case we have entries which include some (administrative) attributes
not visible or writable by a number of our administrator accounts, is
there a way to allow these administrator accounts to create new entries
which will forcibly include the aforementioned attributes, e.g. by
providing default values to them? Ideally, these default attribute
values should be dependent on the logged-in user (administrator).
{In practice, these admins will be using a GUI to copy existing entries
to new ones; we want to make sure that any non-visible/non-writable
attributes will also be copied.}
Any hint regarding such an implementation would be appreciated.
Of course, we could create a front-end application where such operations
would be executed with elevated privileges so as to ensure writing of
any required attributes, but it would be nice if this is possible
without resorting to such a solution (by using standard openldap
functionality).
Thanks,
Nick
11 years, 6 months
Perl Programmable backend does not work
by Tianyin Xu
Hi, all,
I wanna set "backend perl" in my OpenLDAP configuration.
I used "--enable-perl" option to enable the perl programming backend. From
the config.log, it seems everything is fine. I list all the perl-related
entries in the config.log as below. I also attach my config.log in case you
want to check it.
---------------------------------------------------
configure:12106: checking for perl
configure:12124: found /usr/bin/perl
configure:12137: result: /usr/bin/perl
......
ac_cv_path_PERLBIN=/usr/bin/perl
.....
PERLBIN='/usr/bin/perl'
PERL_CPPFLAGS=' -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing
-pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/lib/perl/5.10/CORE '
......
SLAPD_PERL_LDFLAGS='-Wl,-E -fstack-protector -L/usr/local/lib
-L/usr/lib/perl/5.10/CORE -lperl -ldl -lm -lpthread -lcrypt'
---------------------------------------------------
However, when I start the slapd, the server fails to start with the
following message printed:
Mar 26 00:37:32 tianyin-desktop slapd[11062]:
/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf: line 103: <backend>
failed init (perl)!
I used GDB to trace the code and find the bomb point is in backend_info()
as follows. slapd failed to find the corresponding backend information, and
finally return NULL.
BackendInfo* backend_info(const char *type)
{
BackendInfo *bi;
/* search for the backend type */
=> LDAP_STAILQ_FOREACH(bi,&backendInfo,bi_next) {
if( strcasecmp(bi->bi_type, type) == 0 ) {
return bi;
}
}
return NULL;
}
The backtrace is:
#0 backend_info (type=0x91fb88 "perl") at backend.c:533
#1 0x000000000041f627 in config_generic (c=0x9201f0) at bconfig.c:1502
#2 0x0000000000434674 in config_set_vals (Conf=0x81a460, c=0x9201f0) at
config.c:345
#3 0x0000000000434bd3 in config_add_vals (Conf=0x81a460, c=0x9201f0) at
config.c:418
#4 0x0000000000435e27 in read_config_file (fname=0x5a5c40
"/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0,
cft=0x81a1a0) at config.c:783
#5 0x00000000004290de in read_config (fname=0x0, dir=0x0) at bconfig.c:4213
#6 0x000000000041ccf7 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792
Does anyone use the perl programmable backend before?
Thanks in advance!
Tianyin
--
Tianyin XU,
http://cseweb.ucsd.edu/~tixu/
11 years, 6 months
GSSAPI (SASL) + LDAP
by Daniel Savard
Hi everyone,
I am trying to implement Kerberos authentication and I believe I am
almost there, however when I run the ldapwhoami command I am getting a
segmentation fault rather than a success message. Here is the output of
the ldapwhoami (yes, I have a Kerberos ticket):
SASL/GSSAPI authentication started
SASL username: dsavard(a)CIDS.CA
SASL SSF: 56
SASL data security layer installed.
dn:cn=daniel savard,dc=cids,dc=ca
Segmentation fault
The cn is properly mapped. When switching debug on I am getting the
following messages and the only thing I find as a potential indication
of my problem is this message (res_errno: 14, res_error: <SASL(0):
successful result: security flags do not match required>, res_matched:
<>) however I am not able to decipher what it means exactly:
ldap_create
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS: supportedSASLMechanisms
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_path
ldap_new_socket: 4
ldap_connect_to_path: Trying /var/run/openldap/slapd.sock
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_ndelay_on: 4
ldap_ndelay_off: 4
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x8058928 ptr=0x8058928 end=0x8058968 len=64
0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02
0>...c9.........
0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63
74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74
class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73
edSASLMechanisms
ber_scanf fmt ({) ber:
ber_dump: buf=0x8058928 ptr=0x805892d end=0x8058968 len=59
0000: 63 39 04 00 0a 01 00 0a 01 00 02 01 00 02 01 02
c9..............
0010: 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73
73 .....objectclass
0020: 30 19 04 17 73 75 70 70 6f 72 74 65 64 53 41 53
0...supportedSAS
0030: 4c 4d 65 63 68 61 6e 69 73 6d 73
LMechanisms
ber_flush2: 64 bytes to sd 4
0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02
0>...c9.........
0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63
74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74
class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73
edSASLMechanisms
ldap_write: want=64, written=64
0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02
0>...c9.........
0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63
74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74
class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73
edSASLMechanisms
ldap_result ld 0x8058520 msgid 1
wait4msg ld 0x8058520 msgid 1 (infinite timeout)
wait4msg continue ld 0x8058520 msgid 1 all 1
** ld 0x8058520 Connections:
* host: (null) port: 0 (default)
refcnt: 2 status: Connected
last used: Thu Feb 9 15:30:01 2012
** ld 0x8058520 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x8058520 request count 1 (abandoned 0)
** ld 0x8058520 Response Queue:
Empty
ld 0x8058520 response count 0
ldap_chkResponseList ld 0x8058520 msgid 1 all 1
ldap_chkResponseList returns ld 0x8058520 NULL
ldap_int_select
read1msg: ld 0x8058520 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 62 02 01 01 64 5d 04
0b...d].
ldap_read: want=92, got=92
0000: 00 30 59 30 57 04 17 73 75 70 70 6f 72 74 65
64 .0Y0W..supported
0010: 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 31 3c
SASLMechanisms1<
0020: 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d 04 05
4c ..PLAIN..NTLM..L
0030: 4f 47 49 4e 04 06 47 53 53 41 50 49 04 0a 44 49
OGIN..GSSAPI..DI
0040: 47 45 53 54 2d 4d 44 35 04 08 43 52 41 4d 2d 4d
GEST-MD5..CRAM-M
0050: 44 35 04 08 45 58 54 45 52 4e 41 4c
D5..EXTERNAL
ber_get_next: tag 0x30 len 98 contents:
ber_dump: buf=0x8059a58 ptr=0x8059a58 end=0x8059aba len=98
0000: 02 01 01 64 5d 04 00 30 59 30 57 04 17 73 75
70 ...d]..0Y0W..sup
0010: 70 6f 72 74 65 64 53 41 53 4c 4d 65 63 68 61 6e
portedSASLMechan
0020: 69 73 6d 73 31 3c 04 05 50 4c 41 49 4e 04 04 4e
isms1<..PLAIN..N
0030: 54 4c 4d 04 05 4c 4f 47 49 4e 04 06 47 53 53 41
TLM..LOGIN..GSSA
0040: 50 49 04 0a 44 49 47 45 53 54 2d 4d 44 35 04 08
PI..DIGEST-MD5..
0050: 43 52 41 4d 2d 4d 44 35 04 08 45 58 54 45 52 4e
CRAM-MD5..EXTERN
0060: 41 4c
AL
read1msg: ld 0x8058520 msgid 1 message type search-entry
wait4msg continue ld 0x8058520 msgid 1 all 1
** ld 0x8058520 Connections:
* host: (null) port: 0 (default)
refcnt: 2 status: Connected
last used: Thu Feb 9 15:30:01 2012
** ld 0x8058520 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x8058520 request count 1 (abandoned 0)
** ld 0x8058520 Response Queue:
* msgid 1, type 100
ld 0x8058520 response count 1
ldap_chkResponseList ld 0x8058520 msgid 1 all 1
ldap_chkResponseList returns ld 0x8058520 NULL
ldap_int_select
read1msg: ld 0x8058520 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 65 07 0a
0....e..
ldap_read: want=6, got=6
0000: 01 00 04 00 04
00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x8059b10 ptr=0x8059b10 end=0x8059b1c len=12
0000: 02 01 01 65 07 0a 01 00 04 00 04
00 ...e........
read1msg: ld 0x8058520 msgid 1 message type search-result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8059b10 ptr=0x8059b13 end=0x8059b1c len=9
0000: 65 07 0a 01 00 04 00 04 00
e........
read1msg: ld 0x8058520 0 new referrals
read1msg: mark request completed, ld 0x8058520 msgid 1
request done: ld 0x8058520 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
adding response ld 0x8058520 msgid 1 type 101:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x8059b10 ptr=0x8059b13 end=0x8059b1c len=9
0000: 65 07 0a 01 00 04 00 04 00
e........
ber_scanf fmt (}) ber:
ber_dump: buf=0x8059b10 ptr=0x8059b1c end=0x8059b1c len=0
ldap_get_values
ber_scanf fmt ({x{{a) ber:
ber_dump: buf=0x8059a58 ptr=0x8059a5b end=0x8059aba len=95
0000: 64 5d 04 00 30 59 30 57 04 17 73 75 70 70 6f 72
d]..0Y0W..suppor
0010: 74 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d
tedSASLMechanism
0020: 73 31 3c 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d
s1<..PLAIN..NTLM
0030: 04 05 4c 4f 47 49 4e 04 06 47 53 53 41 50 49
04 ..LOGIN..GSSAPI.
0040: 0a 44 49 47 45 53 54 2d 4d 44 35 04 08 43 52
41 .DIGEST-MD5..CRA
0050: 4d 2d 4d 44 35 04 08 45 58 54 45 52 4e 41 4c
M-MD5..EXTERNAL
ber_scanf fmt ([v]) ber:
ber_dump: buf=0x8059a58 ptr=0x8059a7c end=0x8059aba len=62
0000: 31 3c 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d 04
1<..PLAIN..NTLM.
0010: 05 4c 4f 47 49 4e 04 06 47 53 53 41 50 49 04
0a .LOGIN..GSSAPI..
0020: 44 49 47 45 53 54 2d 4d 44 35 04 08 43 52 41 4d
DIGEST-MD5..CRAM
0030: 2d 4d 44 35 04 08 45 58 54 45 52 4e 41 4c
-MD5..EXTERNAL
ldap_msgfree
ldap_sasl_interactive_bind: server supports: PLAIN NTLM LOGIN GSSAPI
DIGEST-MD5 CRAM-MD5 EXTERNAL
ldap_int_sasl_bind: PLAIN NTLM LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL
ldap_int_sasl_open: host=charpak.cids.ca
SASL/GSSAPI authentication started
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x80671b0 ptr=0x80671b0 end=0x8067429 len=633
0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00
0..u...`..n.....
0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02
59 ...e..GSSAPI...Y
0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01
`..U..*.H.......
0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1
03 .n..D0..@.......
0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01
5a ........ ......Z
0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b
a..V0..R........
0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02
01 .CIDS.CA."0 ....
0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68
61 ...0...ldap..cha
0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a
rpak.cids.ca....
0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82
0...............
00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce
54 ......F....c...T
00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68
26 ..a.|..J...].mh&
00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27
d8 ..L4-......$S+'.
00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49
^:r.}8.....:.f.I
00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf
c2 .v......_...6[..
00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1
3e ....w(sCb..n...>
0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c
ac ..{.......S...\.
0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af
+.......!...k...
0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1
).......j;.y4...
0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11
eb ..f..?......i...
0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89
76 ....U.O.;......v
0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1
a3 ..Z...G..$\.....
0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37
b1 ..... .c.h..y.7.
0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f
g.!.N87-W}......
0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c
f5 .r.v..}k.+...z..
0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c
02 .G5......y...1..
01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81
c9 .........n...0..
01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c
9f ..............l.
01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95
kr.c.........uO.
01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c
6f ..|.0.9?w.....lo
01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...%
o..._.0....
01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1
6a ..-......R.X{..j
0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33
{..n;..^..:!...3
0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)|
)K..{
0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c
@.My.T.!.....<.<
0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38
86 ...R..tD...w..8.
0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17
e...u=........).
0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1
58 .-C..5...r.D...X
0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e
be .d..\..\p.....n.
0270: 29 24 a7 3e 9a 34 f4 c3 6a
)$.>.4..j
ber_scanf fmt ({i) ber:
ber_dump: buf=0x80671b0 ptr=0x80671b7 end=0x8067429 len=626
0000: 60 82 02 6e 02 01 03 04 00 a3 82 02 65 04 06 47
`..n........e..G
0010: 53 53 41 50 49 04 82 02 59 60 82 02 55 06 09 2a
SSAPI...Y`..U..*
0020: 86 48 86 f7 12 01 02 02 01 00 6e 82 02 44 30
82 .H........n..D0.
0030: 02 40 a0 03 02 01 05 a1 03 02 01 0e a2 07 03
05 .@..............
0040: 00 20 00 00 00 a3 82 01 5a 61 82 01 56 30 82
01 . ......Za..V0..
0050: 52 a0 03 02 01 05 a1 09 1b 07 43 49 44 53 2e 43
R.........CIDS.C
0060: 41 a2 22 30 20 a0 03 02 01 03 a1 19 30 17 1b 04
A."0 .......0...
0070: 6c 64 61 70 1b 0f 63 68 61 72 70 61 6b 2e 63 69
ldap..charpak.ci
0080: 64 73 2e 63 61 a3 82 01 1a 30 82 01 16 a0 03 02
ds.ca....0......
0090: 01 12 a1 03 02 01 07 a2 82 01 08 04 82 01 04
46 ...............F
00a0: c7 d2 fb b5 63 13 9d ce 54 a8 bc 61 02 7c 9b
a4 ....c...T..a.|..
00b0: 4a b5 e4 97 5d 04 6d 68 26 e3 1a 4c 34 2d d5 ac
J...].mh&..L4-..
00c0: 13 1d ee a4 24 53 2b 27 d8 5e 3a 72 f3 7d 38 09 ....$S
+'.^:r.}8.
00d0: 8b 0b b0 10 3a 84 66 fa 49 04 76 92 14 0b e4
91 ....:.f.I.v.....
00e0: 0a 5f 08 d0 d7 36 5b cf c2 0e a6 05 b9 77 28
73 ._...6[......w(s
00f0: 43 62 85 0e 6e 86 c0 d1 3e a5 2e 7b ba c8 1e 1d
Cb..n...>..{....
0100: e2 ce c0 53 04 aa f3 5c ac 2b 98 d5 b2 0c b9
95 ...S...\.+......
0110: be 21 c7 df cf 6b ce 9f af 29 c4 b5 ea 89 04
16 .!...k...)......
0120: ec 6a 3b 93 79 34 99 9e c1 c1 92 66 f3 d1 3f
c2 .j;.y4.....f..?.
0130: 87 84 a2 b4 1b 69 ea 11 eb 93 bc d3 9b 55 eb
4f .....i.......U.O
0140: 8b 3b c2 dc 18 10 9d 89 76 0b 1d 5a 9f 8c 82
47 .;......v..Z...G
0150: d8 de 24 5c e1 18 e1 e1 a3 e1 e2 db 94 fa 20
c4 ..$\.......... .
0160: 63 c6 68 03 d3 79 d8 37 b1 67 a5 21 18 4e 38 37
c.h..y.7.g.!.N87
0170: 2d 57 7d e5 83 97 a4 df 9f d0 72 18 76 b9 1b 7d
-W}.......r.v..}
0180: 6b fd 2b db 0d ce 7a 1c f5 cf 47 35 fd ef e0 86
k.+...z...G5....
0190: 15 a7 79 d0 91 f0 31 0c 02 f5 f9 96 07 15 b5
d1 ..y...1.........
01a0: bf cf 6e a4 81 cc 30 81 c9 a0 03 02 01 12 a2
81 ..n...0.........
01b0: c1 04 81 be f4 d4 c2 6c 9f 6b 72 ad 63 cf ed
a5 .......l.kr.c...
01c0: 9b 09 e2 b9 d1 8a 75 4f 95 0d 02 7c 8f 30 c6
39 ......uO...|.0.9
01d0: 3f 77 8d 05 09 18 bc 6c 6f 28 cb a2 8d 25 6f
cd ?w.....lo(...%o.
01e0: c0 d0 5f 1e 30 81 02 88 1a 8d 90 2d 0a a8 e4
89 .._.0......-....
01f0: d6 a4 52 00 58 7b 85 d1 6a 7b c6 d5 6e 3b d1
c6 ..R.X{..j{..n;..
0200: 5e db 86 3a 21 bb ea ff 33 b1 e6 0c c6 8f cc 71
^..:!...3......q
0210: 46 a4 29 7c 29 4b dd 7f 7b 40 03 4d 79 e4 54 b5 F.)|
)K..{@.My.T.
0220: 21 08 e9 a5 96 9f 3c 96 3c 0b 89 ed 52 d6 1a
74 !.....<.<...R..t
0230: 44 f6 95 cc 77 db 03 38 86 65 b3 db 87 75 3d 1b
D...w..8.e...u=.
0240: 1d f0 ad f2 f1 b3 e8 29 17 a5 2d 43 d1 d3 35
9d .......)..-C..5.
0250: fe 87 72 90 44 bd d0 b1 58 e8 64 dd 93 5c b8
f8 ..r.D...X.d..\..
0260: 5c 70 9f 7f 1d a0 9b 6e be 29 24 a7 3e 9a 34 f4
\p.....n.)$.>.4.
0270: c3
6a .j
ber_flush2: 633 bytes to sd 4
0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00
0..u...`..n.....
0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02
59 ...e..GSSAPI...Y
0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01
`..U..*.H.......
0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1
03 .n..D0..@.......
0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01
5a ........ ......Z
0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b
a..V0..R........
0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02
01 .CIDS.CA."0 ....
0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68
61 ...0...ldap..cha
0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a
rpak.cids.ca....
0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82
0...............
00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce
54 ......F....c...T
00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68
26 ..a.|..J...].mh&
00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27
d8 ..L4-......$S+'.
00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49
^:r.}8.....:.f.I
00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf
c2 .v......_...6[..
00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1
3e ....w(sCb..n...>
0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c
ac ..{.......S...\.
0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af
+.......!...k...
0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1
).......j;.y4...
0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11
eb ..f..?......i...
0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89
76 ....U.O.;......v
0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1
a3 ..Z...G..$\.....
0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37
b1 ..... .c.h..y.7.
0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f
g.!.N87-W}......
0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c
f5 .r.v..}k.+...z..
0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c
02 .G5......y...1..
01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81
c9 .........n...0..
01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c
9f ..............l.
01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95
kr.c.........uO.
01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c
6f ..|.0.9?w.....lo
01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...%
o..._.0....
01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1
6a ..-......R.X{..j
0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33
{..n;..^..:!...3
0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)|
)K..{
0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c
@.My.T.!.....<.<
0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38
86 ...R..tD...w..8.
0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17
e...u=........).
0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1
58 .-C..5...r.D...X
0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e
be .d..\..\p.....n.
0270: 29 24 a7 3e 9a 34 f4 c3 6a
)$.>.4..j
ldap_write: want=633, written=633
0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00
0..u...`..n.....
0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02
59 ...e..GSSAPI...Y
0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01
`..U..*.H.......
0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1
03 .n..D0..@.......
0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01
5a ........ ......Z
0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b
a..V0..R........
0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02
01 .CIDS.CA."0 ....
0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68
61 ...0...ldap..cha
0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a
rpak.cids.ca....
0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82
0...............
00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce
54 ......F....c...T
00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68
26 ..a.|..J...].mh&
00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27
d8 ..L4-......$S+'.
00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49
^:r.}8.....:.f.I
00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf
c2 .v......_...6[..
00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1
3e ....w(sCb..n...>
0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c
ac ..{.......S...\.
0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af
+.......!...k...
0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1
).......j;.y4...
0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11
eb ..f..?......i...
0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89
76 ....U.O.;......v
0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1
a3 ..Z...G..$\.....
0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37
b1 ..... .c.h..y.7.
0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f
g.!.N87-W}......
0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c
f5 .r.v..}k.+...z..
0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c
02 .G5......y...1..
01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81
c9 .........n...0..
01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c
9f ..............l.
01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95
kr.c.........uO.
01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c
6f ..|.0.9?w.....lo
01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...%
o..._.0....
01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1
6a ..-......R.X{..j
0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33
{..n;..^..:!...3
0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)|
)K..{
0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c
@.My.T.!.....<.<
0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38
86 ...R..tD...w..8.
0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17
e...u=........).
0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1
58 .-C..5...r.D...X
0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e
be .d..\..\p.....n.
0270: 29 24 a7 3e 9a 34 f4 c3 6a
)$.>.4..j
ldap_msgfree
ldap_result ld 0x8058520 msgid 2
wait4msg ld 0x8058520 msgid 2 (infinite timeout)
wait4msg continue ld 0x8058520 msgid 2 all 1
** ld 0x8058520 Connections:
* host: (null) port: 0 (default)
refcnt: 2 status: Connected
last used: Thu Feb 9 15:30:01 2012
** ld 0x8058520 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x8058520 request count 1 (abandoned 0)
** ld 0x8058520 Response Queue:
Empty
ld 0x8058520 response count 0
ldap_chkResponseList ld 0x8058520 msgid 2 all 1
ldap_chkResponseList returns ld 0x8058520 NULL
ldap_int_select
read1msg: ld 0x8058520 msgid 2 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 81 ec 02 01 02 61 81
0.....a.
ldap_read: want=231, got=231
0000: e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29
3a .......@SASL(0):
0010: 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 75 successful
resu
0020: 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c 61 lt: security
fla
0030: 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 20 gs do not
match
0040: 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 06 09
required...`....
0050: 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 30 81
*.H........o..0.
0060: 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 78
a0 ............z0x.
0070: 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a 4b
05 .....q.o~.E..zK.
0080: 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 2e f4
7...,q_.`.&9W...
0090: 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba b1 db
h..9'.U.-'......
00a0: 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 f0 88
3..Q..;z.A..-D..
00b0: 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 d1 7c
1.2.._.".....".|
00c0: d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 0d
71 ..H..'...6..&..q
00d0: 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df ce f1
&^fE..4..].S@...
00e0: 65 d7 7e d2 b5 1f d9
e.~....
ber_get_next: tag 0x30 len 236 contents:
ber_dump: buf=0x8066930 ptr=0x8066930 end=0x8066a1c len=236
0000: 02 01 02 61 81 e6 0a 01 0e 04 00 04 40 53 41
53 ...a........@SAS
0010: 4c 28 30 29 3a 20 73 75 63 63 65 73 73 66 75 6c L(0):
successful
0020: 20 72 65 73 75 6c 74 3a 20 73 65 63 75 72 69 74 result:
securit
0030: 79 20 66 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d y flags do
not m
0040: 61 74 63 68 20 72 65 71 75 69 72 65 64 87 81 9c atch
required...
0050: 60 81 99 06 09 2a 86 48 86 f7 12 01 02 02 02 00
`....*.H........
0060: 6f 81 89 30 81 86 a0 03 02 01 05 a1 03 02 01 0f
o..0............
0070: a2 7a 30 78 a0 03 02 01 12 a2 71 04 6f 7e 89
45 .z0x......q.o~.E
0080: 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed 60 af
26 ..zK.7...,q_.`.&
0090: 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06
9W...h..9'.U.-'.
00a0: 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a 8b 41
03 .....3..Q..;z.A.
00b0: ec 2d 44 f0 88 31 e5 32 12 98 5f db 22 cd b1
2e .-D..1.2.._."...
00c0: d2 15 22 d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36
02 ..".|..H..'...6.
00d0: cf 26 94 0d 71 26 5e 66 45 af 86 34 de b1 5d
9a .&..q&^fE..4..].
00e0: 53 40 df ce f1 65 d7 7e d2 b5 1f d9
S@...e.~....
read1msg: ld 0x8058520 msgid 2 message type bind
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233
0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30
a........@SASL(0
0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ):
successful re
0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult:
security f
0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not
matc
0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h
required...`..
0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81
89 ..*.H........o..
0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30
0.............z0
0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a
x......q.o~.E..z
0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2
K.7...,q_.`.&9W.
0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8
ba ..h..9'.U.-'....
00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d
44 ..3..Q..;z.A..-D
00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15
22 ..1.2.._."....."
00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26
94 .|..H..'...6..&.
00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40
df .q&^fE..4..].S@.
00e0: ce f1 65 d7 7e d2 b5 1f
d9 ..e.~....
read1msg: ld 0x8058520 0 new referrals
read1msg: mark request completed, ld 0x8058520 msgid 2
request done: ld 0x8058520 msgid 2
res_errno: 14, res_error: <SASL(0): successful result: security flags do
not match required>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233
0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30
a........@SASL(0
0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ):
successful re
0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult:
security f
0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not
matc
0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h
required...`..
0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81
89 ..*.H........o..
0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30
0.............z0
0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a
x......q.o~.E..z
0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2
K.7...,q_.`.&9W.
0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8
ba ..h..9'.U.-'....
00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d
44 ..3..Q..;z.A..-D
00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15
22 ..1.2.._."....."
00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26
94 .|..H..'...6..&.
00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40
df .q&^fE..4..].S@.
00e0: ce f1 65 d7 7e d2 b5 1f
d9 ..e.~....
ber_scanf fmt (O) ber:
ber_dump: buf=0x8066930 ptr=0x806697d end=0x8066a1c len=159
0000: 87 81 9c 60 81 99 06 09 2a 86 48 86 f7 12 01
02 ...`....*.H.....
0010: 02 02 00 6f 81 89 30 81 86 a0 03 02 01 05 a1
03 ...o..0.........
0020: 02 01 0f a2 7a 30 78 a0 03 02 01 12 a2 71 04
6f ....z0x......q.o
0030: 7e 89 45 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed
~.E..zK.7...,q_.
0040: 60 af 26 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6
`.&9W...h..9'.U.
0050: 2d 27 06 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a
-'......3..Q..;z
0060: 8b 41 03 ec 2d 44 f0 88 31 e5 32 12 98 5f db
22 .A..-D..1.2.._."
0070: cd b1 2e d2 15 22 d1 7c d9 7f 48 aa 9e 27 84
a2 .....".|..H..'..
0080: cd 36 02 cf 26 94 0d 71 26 5e 66 45 af 86 34
de .6..&..q&^fE..4.
0090: b1 5d 9a 53 40 df ce f1 65 d7 7e d2 b5 1f
d9 .].S@...e.~....
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233
0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30
a........@SASL(0
0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ):
successful re
0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult:
security f
0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not
matc
0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h
required...`..
0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81
89 ..*.H........o..
0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30
0.............z0
0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a
x......q.o~.E..z
0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2
K.7...,q_.`.&9W.
0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8
ba ..h..9'.U.-'....
00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d
44 ..3..Q..;z.A..-D
00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15
22 ..1.2.._."....."
00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26
94 .|..H..'...6..&.
00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40
df .q&^fE..4..].S@.
00e0: ce f1 65 d7 7e d2 b5 1f
d9 ..e.~....
ber_scanf fmt (x) ber:
ber_dump: buf=0x8066930 ptr=0x806697d end=0x8066a1c len=159
0000: 87 81 9c 60 81 99 06 09 2a 86 48 86 f7 12 01
02 ...`....*.H.....
0010: 02 02 00 6f 81 89 30 81 86 a0 03 02 01 05 a1
03 ...o..0.........
0020: 02 01 0f a2 7a 30 78 a0 03 02 01 12 a2 71 04
6f ....z0x......q.o
0030: 7e 89 45 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed
~.E..zK.7...,q_.
0040: 60 af 26 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6
`.&9W...h..9'.U.
0050: 2d 27 06 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a
-'......3..Q..;z
0060: 8b 41 03 ec 2d 44 f0 88 31 e5 32 12 98 5f db
22 .A..-D..1.2.._."
0070: cd b1 2e d2 15 22 d1 7c d9 7f 48 aa 9e 27 84
a2 .....".|..H..'..
0080: cd 36 02 cf 26 94 0d 71 26 5e 66 45 af 86 34
de .6..&..q&^fE..4.
0090: b1 5d 9a 53 40 df ce f1 65 d7 7e d2 b5 1f
d9 .].S@...e.~....
ber_scanf fmt (}) ber:
ber_dump: buf=0x8066930 ptr=0x8066a1c end=0x8066a1c len=0
sasl_client_step: 1
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x80673c8 ptr=0x80673c8 end=0x80673de len=22
0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06
0....`..........
0010: 47 53 53 41 50 49
GSSAPI
ber_scanf fmt ({i) ber:
ber_dump: buf=0x80673c8 ptr=0x80673cd end=0x80673de len=17
0000: 60 0f 02 01 03 04 00 a3 08 04 06 47 53 53 41 50
`..........GSSAP
0010: 49
I
ber_flush2: 22 bytes to sd 4
0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06
0....`..........
0010: 47 53 53 41 50 49
GSSAPI
ldap_write: want=22, written=22
0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06
0....`..........
0010: 47 53 53 41 50 49
GSSAPI
ldap_msgfree
ldap_result ld 0x8058520 msgid 3
wait4msg ld 0x8058520 msgid 3 (infinite timeout)
wait4msg continue ld 0x8058520 msgid 3 all 1
** ld 0x8058520 Connections:
* host: (null) port: 0 (default)
refcnt: 2 status: Connected
last used: Thu Feb 9 15:30:01 2012
** ld 0x8058520 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x8058520 request count 1 (abandoned 0)
** ld 0x8058520 Response Queue:
Empty
ld 0x8058520 response count 0
ldap_chkResponseList ld 0x8058520 msgid 3 all 1
ldap_chkResponseList returns ld 0x8058520 NULL
ldap_int_select
read1msg: ld 0x8058520 msgid 3 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 6e 02 01 03 61 69 0a
0n...ai.
ldap_read: want=104, got=104
0000: 01 0e 04 00 04 40 53 41 53 4c 28 30 29 3a 20
73 .....@SASL(0): s
0010: 75 63 63 65 73 73 66 75 6c 20 72 65 73 75 6c 74 uccessful
result
0020: 3a 20 73 65 63 75 72 69 74 79 20 66 6c 61 67 73 : security
flags
0030: 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 20 72 65 do not
match re
0040: 71 75 69 72 65 64 87 20 05 04 05 ff 00 0c 00 00
quired. ........
0050: 00 00 00 00 12 b9 aa 10 07 01 00 00 df 4c f1
71 .............L.q
0060: 90 07 ff bd 17 a8 c4
a4 ........
ber_get_next: tag 0x30 len 110 contents:
ber_dump: buf=0x8066ea0 ptr=0x8066ea0 end=0x8066f0e len=110
0000: 02 01 03 61 69 0a 01 0e 04 00 04 40 53 41 53
4c ...ai......@SASL
0010: 28 30 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 (0):
successful
0020: 72 65 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 result:
security
0030: 20 66 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 flags do
not ma
0040: 74 63 68 20 72 65 71 75 69 72 65 64 87 20 05 04 tch
required. ..
0050: 05 ff 00 0c 00 00 00 00 00 00 12 b9 aa 10 07
01 ................
0060: 00 00 df 4c f1 71 90 07 ff bd 17 a8 c4
a4 ...L.q........
read1msg: ld 0x8058520 msgid 3 message type bind
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107
0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29
ai......@SASL(0)
0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful
res
0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult:
security fl
0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not
match
0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00
required. .....
0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00
df ................
0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4
L.q........
read1msg: ld 0x8058520 0 new referrals
read1msg: mark request completed, ld 0x8058520 msgid 3
request done: ld 0x8058520 msgid 3
res_errno: 14, res_error: <SASL(0): successful result: security flags do
not match required>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107
0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29
ai......@SASL(0)
0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful
res
0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult:
security fl
0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not
match
0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00
required. .....
0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00
df ................
0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4
L.q........
ber_scanf fmt (O) ber:
ber_dump: buf=0x8066ea0 ptr=0x8066eec end=0x8066f0e len=34
0000: 87 20 05 04 05 ff 00 0c 00 00 00 00 00 00 12
b9 . ..............
0010: aa 10 07 01 00 00 df 4c f1 71 90 07 ff bd 17
a8 .......L.q......
0020: c4
a4 ..
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107
0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29
ai......@SASL(0)
0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful
res
0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult:
security fl
0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not
match
0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00
required. .....
0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00
df ................
0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4
L.q........
ber_scanf fmt (x) ber:
ber_dump: buf=0x8066ea0 ptr=0x8066eec end=0x8066f0e len=34
0000: 87 20 05 04 05 ff 00 0c 00 00 00 00 00 00 12
b9 . ..............
0010: aa 10 07 01 00 00 df 4c f1 71 90 07 ff bd 17
a8 .......L.q......
0020: c4
a4 ..
ber_scanf fmt (}) ber:
ber_dump: buf=0x8066ea0 ptr=0x8066f0e end=0x8066f0e len=0
sasl_client_step: 0
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x80675e0 ptr=0x80675e0 end=0x8067618 len=56
0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06
06...`1......*..
0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00
GSSAPI. ........
0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....|
Y.........
0030: ba 92 ed 68 ba 85 78
97 ...h..x.
ber_scanf fmt ({i) ber:
ber_dump: buf=0x80675e0 ptr=0x80675e5 end=0x8067618 len=51
0000: 60 31 02 01 03 04 00 a3 2a 04 06 47 53 53 41 50
`1......*..GSSAP
0010: 49 04 20 05 04 04 ff 00 0c 00 00 00 00 00 00 14
I. .............
0020: 7c 59 12 04 ff ff ff df d0 e2 d4 ba 92 ed 68 ba |
Y............h.
0030: 85 78
97 .x.
ber_flush2: 56 bytes to sd 4
0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06
06...`1......*..
0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00
GSSAPI. ........
0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....|
Y.........
0030: ba 92 ed 68 ba 85 78
97 ...h..x.
ldap_write: want=56, written=56
0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06
06...`1......*..
0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00
GSSAPI. ........
0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....|
Y.........
0030: ba 92 ed 68 ba 85 78
97 ...h..x.
ldap_msgfree
ldap_result ld 0x8058520 msgid 4
wait4msg ld 0x8058520 msgid 4 (infinite timeout)
wait4msg continue ld 0x8058520 msgid 4 all 1
** ld 0x8058520 Connections:
* host: (null) port: 0 (default)
refcnt: 2 status: Connected
last used: Thu Feb 9 15:30:01 2012
** ld 0x8058520 Outstanding Requests:
* msgid 4, origid 4, status InProgress
outstanding referrals 0, parent count 0
ld 0x8058520 request count 1 (abandoned 0)
** ld 0x8058520 Response Queue:
Empty
ld 0x8058520 response count 0
ldap_chkResponseList ld 0x8058520 msgid 4 all 1
ldap_chkResponseList returns ld 0x8058520 NULL
ldap_int_select
read1msg: ld 0x8058520 msgid 4 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 04 61 07 0a
0....a..
ldap_read: want=6, got=6
0000: 01 00 04 00 04
00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x8066a10 ptr=0x8066a10 end=0x8066a1c len=12
0000: 02 01 04 61 07 0a 01 00 04 00 04
00 ...a........
read1msg: ld 0x8058520 msgid 4 message type bind
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9
0000: 61 07 0a 01 00 04 00 04 00
a........
read1msg: ld 0x8058520 0 new referrals
read1msg: mark request completed, ld 0x8058520 msgid 4
request done: ld 0x8058520 msgid 4
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9
0000: 61 07 0a 01 00 04 00 04 00
a........
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9
0000: 61 07 0a 01 00 04 00 04 00
a........
ber_scanf fmt (}) ber:
ber_dump: buf=0x8066a10 ptr=0x8066a1c end=0x8066a1c len=0
SASL username: dsavard(a)CIDS.CA
SASL SSF: 56
ldap_pvt_sasl_generic_install
SASL data security layer installed.
ldap_msgfree
ldap_extended_operation
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x80685e8 ptr=0x80685e8 end=0x8068608 len=32
0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31
0....w...1.3.6.1
0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e
33 .4.1.4203.1.11.3
ber_scanf fmt ({) ber:
ber_dump: buf=0x80685e8 ptr=0x80685ed end=0x8068608 len=27
0000: 77 19 80 17 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e
w...1.3.6.1.4.1.
0010: 34 32 30 33 2e 31 2e 31 31 2e 33
4203.1.11.3
ber_flush2: 32 bytes to sd 4
0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31
0....w...1.3.6.1
0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e
33 .4.1.4203.1.11.3
sasl_generic_write: want=96, written=96
0000: 00 00 00 5c 05 04 06 ff 00 00 00 00 00 00 00
00 ...\............
0010: 14 7c 59 13 19 70 b3 cc d8 3f 49 e8 75 23 72 34 .|
Y..p...?I.u#r4
0020: e3 36 1f 76 8b b5 33 a9 f0 f7 b7 e7 a6 03 39
5a .6.v..3.......9Z
0030: aa ff 48 4a f1 7d ff 50 1e 4c 70 42 1e 70 f9
1a ..HJ.}.P.LpB.p..
0040: 1b a6 98 d3 ac 1f fa 0b 7c 74 5f a2 bb 33 8a 11 ........|
t_..3..
0050: d5 71 97 a5 22 e6 cb 58 4a b9 22 c7 9e 49 f0
ac .q.."..XJ."..I..
ldap_write: want=32, written=32
0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31
0....w...1.3.6.1
0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e
33 .4.1.4203.1.11.3
ldap_result ld 0x8058520 msgid -1
wait4msg ld 0x8058520 msgid -1 (timeout 100000 usec)
wait4msg continue ld 0x8058520 msgid -1 all 1
** ld 0x8058520 Connections:
* host: (null) port: 0 (default)
refcnt: 2 status: Connected
last used: Thu Feb 9 15:30:01 2012
** ld 0x8058520 Outstanding Requests:
* msgid 5, origid 5, status InProgress
outstanding referrals 0, parent count 0
ld 0x8058520 request count 1 (abandoned 0)
** ld 0x8058520 Response Queue:
Empty
ld 0x8058520 response count 0
ldap_chkResponseList ld 0x8058520 msgid -1 all 1
ldap_chkResponseList returns ld 0x8058520 NULL
ldap_int_select
read1msg: ld 0x8058520 msgid -1 all 1
ber_get_next
sasl_generic_read: want=4, got=4
0000: 00 00 00
6d ...m
sasl_generic_read: want=109, got=109
0000: 05 04 07 ff 00 00 00 00 00 00 00 00 12 b9 aa
11 ................
0010: 2c b0 59 b7 a7 26 8a 02 2e 10 76 24 d1 2a 65 7f ,.Y..&....v
$.*e.
0020: 06 fd ba 3c a5 23 0d d9 7a 3a 9d 05 0c 29 fc
1d ...<.#..z:...)..
0030: 7e 4f 6f db 0c 0e da 33 33 5b dc fb 58 2c 76 d9
~Oo....33[..X,v.
0040: af ff 86 32 cc f2 08 9e e4 05 01 db 55 e8 9d
41 ...2........U..A
0050: 79 07 3f fc 60 bb e8 09 bb 67 a9 84 9c e6 61 28
y.?.`....g....a(
0060: dc f7 ee 69 eb a4 25 bf 93 42 14 4d
e7 ...i..%..B.M.
ldap_read: want=8, got=8
0000: 30 2f 02 01 05 78 2a 0a
0/...x*.
ldap_read: want=41, got=41
0000: 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e 3d 64 61 .......!
dn:cn=da
0010: 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 63 3d 63 niel
savard,dc=c
0020: 69 64 73 2c 64 63 3d 63 61
ids,dc=ca
ber_get_next: tag 0x30 len 47 contents:
ber_dump: buf=0x8069af8 ptr=0x8069af8 end=0x8069b27 len=47
0000: 02 01 05 78 2a 0a 01 00 04 00 04 00 8b 21 64
6e ...x*........!dn
0010: 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 :cn=daniel
savar
0020: 64 2c 64 63 3d 63 69 64 73 2c 64 63 3d 63 61
d,dc=cids,dc=ca
read1msg: ld 0x8058520 msgid 5 message type extended-result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44
0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........!
dn:cn
0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel
savard,d
0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61
c=cids,dc=ca
read1msg: ld 0x8058520 0 new referrals
read1msg: mark request completed, ld 0x8058520 msgid 5
request done: ld 0x8058520 msgid 5
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 5, msgid 5)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44
0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........!
dn:cn
0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel
savard,d
0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61
c=cids,dc=ca
ber_scanf fmt (x) ber:
ber_dump: buf=0x8069af8 ptr=0x8069b04 end=0x8069b27 len=35
0000: 8b 21 64 6e 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 .!
dn:cn=daniel s
0010: 61 76 61 72 64 2c 64 63 3d 63 69 64 73 2c 64 63
avard,dc=cids,dc
0020: 3d 63 61
=ca
ber_scanf fmt (}) ber:
ber_dump: buf=0x8069af8 ptr=0x8069b27 end=0x8069b27 len=0
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44
0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........!
dn:cn
0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel
savard,d
0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61
c=cids,dc=ca
ber_scanf fmt (O) ber:
ber_dump: buf=0x8069af8 ptr=0x8069b04 end=0x8069b27 len=35
0000: 8b 21 64 6e 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 .!
dn:cn=daniel s
0010: 61 76 61 72 64 2c 64 63 3d 63 69 64 73 2c 64 63
avard,dc=cids,dc
0020: 3d 63 61
=ca
dn:cn=daniel savard,dc=cids,dc=ca
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
0000: 30 05 02 01 06 42 00
0....B.
sasl_generic_write: want=71, written=71
0000: 00 00 00 43 05 04 06 ff 00 00 00 00 00 00 00
00 ...C............
0010: 14 7c 59 14 62 4d d1 00 e2 51 30 43 8b bb 63 30 .|
Y.bM...Q0C..c0
0020: 8e 74 4e 91 57 f8 10 4a 9f ec b4 d2 b2 0c 33
bc .tN.W..J......3.
0030: 67 c8 06 09 2b 22 7f f2 be 26 12 b1 96 cc 8f 10
g...+"...&......
0040: 09 89 32 2a 02 11
d8 ..2*...
ldap_write: want=7, written=7
0000: 30 05 02 01 06 42 00
0....B.
ldap_free_connection: actually freed
Segmentation fault
THX
--
Daniel Savard
11 years, 6 months
Re: Root not allowed to login
by SYeen Su
Hi Chris,
Wow, amazingly, it only happens to root. When I logged in as test, this is
the message in /var/log/secure :
Mar 23 11:03:16 mgrc-prod-sdb9 login: LOGIN ON tty1 BY test
The password for root is a known value, not some paswordless phrase or some
passphrase. What settings do I need to do for root?
On Fri, Mar 23, 2012 at 10:50 AM, Chris Jacobs
<Chris.Jacobs(a)apollogrp.edu>wrote:
> Is your root passwd set to a known value? Can you sudo or su to root? Is
> this an issue with any other local accounts?
>
>
> - chris
>
> Chris Jacobs
> Systems Administrator, Technology Services Group
>
> Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc.
> 1501 4th Ave | Suite 2500 | Seattle, WA 98101
> direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628
> email: chris.jacobs(a)apollogrp.edu
>
> ------------------------------
> *From*: SYeen Su <seauyeen(a)mgrc.com.my>
> *To*: Chris Jacobs
> *Cc*: mlstarling31(a)hotmail.com <mlstarling31(a)hotmail.com>;
> openldap-technical(a)openldap.org <openldap-technical(a)openldap.org>
> *Sent*: Thu Mar 22 19:47:06 2012
>
> *Subject*: Re: Root not allowed to login
>
> Hello Chris,
>
> THis is what I got when I tried logging in from the KVM console/ILOM:
>
> login: pam_ldap: error trying to bind as user
> "uid=root,ou=People,dc=synamatix,dc=com" (Invalid credentials)
> Mar 23 10:44:40 mgrc-prod-sdb9 login: ROOT LOGIN ON tty1
>
> It will alaways try to bind as user "uid=root" even though root is local.
>
> On Fri, Mar 23, 2012 at 10:37 AM, Chris Jacobs <Chris.Jacobs(a)apollogrp.edu
> > wrote:
>
>> What do your logs say when root tries to login?
>>
>>
>> Chris Jacobs
>> Systems Administrator, Technology Services Group
>>
>> Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc.
>> 1501 4th Ave | Suite 2500 | Seattle, WA 98101
>> direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628
>> email: chris.jacobs(a)apollogrp.edu
>>
>> ------------------------------
>> *From*: SYeen Su <seauyeen(a)mgrc.com.my>
>> *To*: Chris Jacobs
>> *Cc*: mlstarling31(a)hotmail.com <mlstarling31(a)hotmail.com>;
>> openldap-technical(a)openldap.org <openldap-technical(a)openldap.org>
>> *Sent*: Thu Mar 22 19:32:07 2012
>>
>> *Subject*: Re: Root not allowed to login
>>
>> Hi Chris,
>>
>> For testing purpose I disabled the PermitRootLogin to yes temporarily.
>> Usually it's no and the failure was noticed when the server lost connection
>> to the ldap server and even root ( that's local) is not able to log in.
>> Hence, I started investigating what is wrong. Bottomline, via console, root
>> is not able to log in if there is no network connectivity to ldap and I am
>> trying to solve this issue because if even root and any othe rlocal users
>> cannot log in via console, I am not able to check what is wrong with the
>> network, the only option is to reboot, which is what I'd like to avoid.
>>
>>
>> On Fri, Mar 23, 2012 at 10:14 AM, Chris Jacobs <
>> Chris.Jacobs(a)apollogrp.edu> wrote:
>>
>>> Syeen,
>>>
>>> Are you trying to login remotely? Or at the local console?
>>>
>>> If remotely, this may be standard behavior as usually PermitRootLogin is
>>> set to no in /etc/ssh/sshd_config - which I would NOT recommend changing.
>>> During an outage, local console access would have to be used (via ILO, some
>>> KVM over IP, etc, solution).
>>>
>>> Other than that, everything in your system-auth-ac and nsswitch.conf
>>> look fine to me.
>>>
>>> - chris
>>>
>>>
>>> *Chris Jacobs,** *Jr. Unix System Administrator
>>> Apollo Group | Apollo Marketing | ITG
>>>
>>> 2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522
>>> phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
>>>
>>> email: chris.jacobs(a)apollogrp.edu
>>>
>>> ------------------------------
>>> *From:* SYeen Su [seauyeen(a)mgrc.com.my]
>>> *Sent:* Thursday, March 22, 2012 7:13 PM
>>>
>>> *To:* Chris Jacobs
>>> *Cc:* mlstarling31(a)hotmail.com; openldap-technical(a)openldap.org
>>> *Subject:* Re: Root not allowed to login
>>>
>>> Hi Chris,
>>>
>>> Exactly, all my configuration seems correct as I have compared. Hmm
>>> let's just say i am not familiar with sssd and to migrate to sssd, I think
>>> i gotta spend some time studying it. So, i know, i took the easy way out by
>>> just porting over my previous ldap configuration to RHEL6.
>>>
>>> Anyway, my snippets from /etc/nsswitch.conf file as below:
>>>
>>> *passwd: files ldap
>>> shadow: files ldap
>>> group: files ldap
>>> *
>>> It matches yours too, right? If i put the sequence the other way round,
>>> root practically cannot log in at all!
>>>
>>> What else do I need to configure on my client side? I am lost!
>>>
>>> On Fri, Mar 23, 2012 at 10:10 AM, Chris Jacobs <
>>> Chris.Jacobs(a)apollogrp.edu> wrote:
>>>
>>>> Again, this isn't an openldap issue, but...
>>>>
>>>> Your /etc/pam.d/system-auth-ac file looks fine to me - it matches both
>>>> our CentOS5 and CentOS6 machines.
>>>>
>>>> I looked and was unable to find any attachments or included snippets
>>>> from your /etc/nsswitch.conf file.
>>>>
>>>> On our systems using PADL's pam_ldap, you should have in there:
>>>> passwd: files ldap
>>>> shadow: files ldap
>>>> group: files ldap
>>>>
>>>> Digression: I'm a little surprised you're using pam's padl software.
>>>> Between nss-pam-ldapd and sssd we decided to embrace the apparent future
>>>> and have successfully moved to sssd for our CentOS 6 boxes.
>>>> ** This doesn't impact your problem though. **
>>>>
>>>> *Chris Jacobs,** *Jr. Unix System Administrator
>>>> Apollo Group | Apollo Marketing | ITG
>>>>
>>>> 2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522
>>>> phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
>>>>
>>>> email: chris.jacobs(a)apollogrp.edu
>>>>
>>>> ------------------------------
>>>> *From:* SYeen Su [seauyeen(a)mgrc.com.my]
>>>> *Sent:* Thursday, March 22, 2012 6:22 PM
>>>> *To:* Chris Jacobs
>>>> *Cc:* mlstarling31(a)hotmail.com; openldap-technical(a)openldap.org
>>>>
>>>> *Subject:* Re: Root not allowed to login
>>>>
>>>> Hi Chris,
>>>>
>>>> That's what I suspect too but I am not sure how else to tweak my pam
>>>> and nsswitch files. Do you have any suggestions? Below is my
>>>> pam.d/system-auth file and my nsswitch file excerpt has been attached
>>>> previously.
>>>>
>>>> #%PAM-1.0
>>>> # This file is auto-generated.
>>>> # User changes will be destroyed the next time authconfig is run.
>>>> auth required pam_env.so
>>>> auth sufficient pam_unix.so nullok try_first_pass
>>>> auth requisite pam_succeed_if.so uid >= 500 quiet
>>>> auth sufficient pam_ldap.so use_first_pass
>>>> auth required pam_deny.so
>>>>
>>>> account required pam_unix.so broken_shadow
>>>> account sufficient pam_localuser.so
>>>> account sufficient pam_succeed_if.so uid < 500 quiet
>>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>>> account required pam_permit.so
>>>>
>>>> password requisite pam_cracklib.so try_first_pass retry=3
>>>> dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 minlen=8 type=strong
>>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass
>>>> use_authtok
>>>> password sufficient pam_ldap.so use_authtok
>>>> password required pam_deny.so
>>>>
>>>> session optional pam_keyinit.so revoke
>>>> session required pam_limits.so
>>>> session [success=1 default=ignore] pam_succeed_if.so service in
>>>> crond quiet use_uid
>>>> session required pam_unix.so
>>>> session optional pam_ldap.so
>>>>
>>>> Is there anything amiss with my pam file? If you need to have a look at
>>>> my login and sshd pam file, please tell me so.
>>>>
>>>> Thanks a lot.
>>>>
>>>> On Fri, Mar 23, 2012 at 9:17 AM, Chris Jacobs <
>>>> Chris.Jacobs(a)apollogrp.edu> wrote:
>>>>
>>>>> The timeouts are how long to wait for ldap to respond. It should
>>>>> check local (normally via pam) next.
>>>>>
>>>>> We have our user's in LDAP and can still login using the local
>>>>> accounts.
>>>>>
>>>>> Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue.
>>>>>
>>>>> - chris
>>>>>
>>>>> Chris Jacobs
>>>>> Systems Administrator, Technology Services Group
>>>>>
>>>>> Apollo Group | Apollo Marketing & Product Development | Aptimus,
>>>>> Inc.
>>>>> 1501 4th Ave | Suite 2500 | Seattle, WA 98101
>>>>> direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628
>>>>> email: chris.jacobs(a)apollogrp.edu
>>>>>
>>>>> ------------------------------
>>>>> *From*: openldap-technical-bounces(a)OpenLDAP.org<openldap-technical-bounces(a)OpenLDAP.org>
>>>>>
>>>>> *To*: Michael Starling <mlstarling31(a)hotmail.com>
>>>>> *Cc*: openldap <openldap-technical(a)openldap.org>
>>>>> *Sent*: Thu Mar 22 18:10:55 2012
>>>>> *Subject*: Re: Root not allowed to login
>>>>>
>>>>> Hi Michael,
>>>>>
>>>>> I have changed the timelimit and bind_timelimit to 4 but it still
>>>>> checks with ldap immediately ( I mean when root logs in ). i doubt it has
>>>>> anything to do with the time because it checks immediately without any
>>>>> delay.
>>>>>
>>>>> On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling <
>>>>> mlstarling31(a)hotmail.com> wrote:
>>>>>
>>>>>> Try setting your timelimt and bind_timelimit to something like a
>>>>>> bit lower.
>>>>>>
>>>>>> timelimit 4
>>>>>>
>>>>>> bind_timelimit 4
>>>>>>
>>>>>> ------------------------------
>>>>>> Date: Thu, 22 Mar 2012 17:03:56 +0800
>>>>>> Subject: Root not allowed to login
>>>>>> From: seauyeen(a)mgrc.com.my
>>>>>> To: openldap-technical(a)openldap.org
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4.
>>>>>> When the box loses connection with the ldap server, even the root cannot
>>>>>> log in as it tries to bind with the ldap server. This can be seen when I
>>>>>> log in with root and the message below appears :
>>>>>>
>>>>>> sshd: pam_ldap: error trying to bind as user "uid=root, ou=People,
>>>>>> dc=example,dc=com" (Invalid credentials).
>>>>>>
>>>>>> My root user is not even in the ldap database. When connection is
>>>>>> fine, the message above does not affect the login of root. The login of
>>>>>> root is only screwed up when the box loses connectivity.
>>>>>>
>>>>>> Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and
>>>>>> ldap.conf files.
>>>>>>
>>>>>> I have been googling around but some either switch to kerberos, or
>>>>>> the question is left unatttended to. Please help. I can only resort to
>>>>>> restarting the box whenever this happens. How can I configure the ldap so
>>>>>> that local users can login when there's no connectivity to ldap server?
>>>>>>
>>>>>> Thanks heaps!
>>>>>>
>>>>>> --
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>> MGRC - *Sequence. Analyse. Innovate.*
>>>>>> *Su Seau Yeen
>>>>>> Manager, IT Operations
>>>>>> ***
>>>>>> *Malaysian Genomics Resource Centre Berhad (MGRC)*
>>>>>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 |
>>>>>> www.mgrc.com.my
>>>>>> ------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> This e-mail is intended only for the use of the individual or
>>>>>> entity to which it is addressed and may contain confidential and/or
>>>>>> privileged material. Any review, retransmission, dissemination or other use
>>>>>> of or taking of any action in reliance upon this information by persons or
>>>>>> entities other than the intended recipient, is strictly prohibited. If you
>>>>>> receive this e-mail in error, please contact us immediately by return
>>>>>> e-mail and delete the original message(s).
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------
>>>>> MGRC - *Sequence. Analyse. Innovate.*
>>>>> *Su Seau Yeen
>>>>> Manager, IT Operations
>>>>> ***
>>>>> *Malaysian Genomics Resource Centre Berhad (MGRC)*
>>>>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 |
>>>>> www.mgrc.com.my
>>>>> ------------------------------
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> This e-mail is intended only for the use of the individual or
>>>>> entity to which it is addressed and may contain confidential and/or
>>>>> privileged material. Any review, retransmission, dissemination or other use
>>>>> of or taking of any action in reliance upon this information by persons or
>>>>> entities other than the intended recipient, is strictly prohibited. If you
>>>>> receive this e-mail in error, please contact us immediately by return
>>>>> e-mail and delete the original message(s).
>>>>>
>>>>> ------------------------------
>>>>> This message is private and confidential. If you have received it in
>>>>> error, please notify the sender and remove it from your system.
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>> ------------------------------
>>>> MGRC - *Sequence. Analyse. Innovate.*
>>>> *Su Seau Yeen
>>>> Manager, IT Operations
>>>> ***
>>>> *Malaysian Genomics Resource Centre Berhad (MGRC)*
>>>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 |
>>>> www.mgrc.com.my
>>>> ------------------------------
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This e-mail is intended only for the use of the individual or entity
>>>> to which it is addressed and may contain confidential and/or privileged
>>>> material. Any review, retransmission, dissemination or other use of or
>>>> taking of any action in reliance upon this information by persons or
>>>> entities other than the intended recipient, is strictly prohibited. If you
>>>> receive this e-mail in error, please contact us immediately by return
>>>> e-mail and delete the original message(s).
>>>>
>>>> ------------------------------
>>>> This message is private and confidential. If you have received it in
>>>> error, please notify the sender and remove it from your system.
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> ------------------------------
>>> MGRC - *Sequence. Analyse. Innovate.*
>>> *Su Seau Yeen
>>> Manager, IT Operations
>>> ***
>>> *Malaysian Genomics Resource Centre Berhad (MGRC)*
>>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 |
>>> www.mgrc.com.my
>>> ------------------------------
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> This e-mail is intended only for the use of the individual or entity
>>> to which it is addressed and may contain confidential and/or privileged
>>> material. Any review, retransmission, dissemination or other use of or
>>> taking of any action in reliance upon this information by persons or
>>> entities other than the intended recipient, is strictly prohibited. If you
>>> receive this e-mail in error, please contact us immediately by return
>>> e-mail and delete the original message(s).
>>>
>>> ------------------------------
>>> This message is private and confidential. If you have received it in
>>> error, please notify the sender and remove it from your system.
>>>
>>>
>>
>>
>> --
>>
>>
>>
>> ------------------------------
>> MGRC - *Sequence. Analyse. Innovate.*
>> *Su Seau Yeen
>> Manager, IT Operations
>> ***
>> *Malaysian Genomics Resource Centre Berhad (MGRC)*
>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 |
>> www.mgrc.com.my
>> ------------------------------
>>
>>
>>
>>
>>
>>
>>
>> This e-mail is intended only for the use of the individual or entity
>> to which it is addressed and may contain confidential and/or privileged
>> material. Any review, retransmission, dissemination or other use of or
>> taking of any action in reliance upon this information by persons or
>> entities other than the intended recipient, is strictly prohibited. If you
>> receive this e-mail in error, please contact us immediately by return
>> e-mail and delete the original message(s).
>>
>> ------------------------------
>> This message is private and confidential. If you have received it in
>> error, please notify the sender and remove it from your system.
>>
>>
>
>
> --
>
>
>
> ------------------------------
> MGRC - *Sequence. Analyse. Innovate.*
> *Su Seau Yeen
> Manager, IT Operations
> ***
> *Malaysian Genomics Resource Centre Berhad (MGRC)*
> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 |
> www.mgrc.com.my
> ------------------------------
>
>
>
>
>
>
>
> This e-mail is intended only for the use of the individual or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of or
> taking of any action in reliance upon this information by persons or
> entities other than the intended recipient, is strictly prohibited. If you
> receive this e-mail in error, please contact us immediately by return
> e-mail and delete the original message(s).
>
> ------------------------------
> This message is private and confidential. If you have received it in
> error, please notify the sender and remove it from your system.
>
>
--
------------------------------
MGRC - *Sequence. Analyse. Innovate.*
*Su Seau Yeen
Manager, IT Operations
** *
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 |
www.mgrc.com.my
------------------------------
This e-mail is intended only for the use of the individual or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of or
taking of any action in reliance upon this information by persons or
entities other than the intended recipient, is strictly prohibited. If you
receive this e-mail in error, please contact us immediately by return
e-mail and delete the original message(s).
11 years, 6 months
clarification on N-way MMR
by mallapadi niranjan
Hi all,
I am configuring N-way mmr between 2 Providers (there are no consumers as
of now) . My master servers are in this case: ldap1.example.org and
ldap2.example.org .
version used are:
openldap-servers-2.4.23-20.el6.x86_64
I am using
http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Masteras
my reference for configuration.
My syncrepl for cn=config database is as follows:
#Specify ServerID for both the masters
dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 101 ldap://ldap1.example.org
olcServerID: 201 ldap://ldap2.example.org
#Enable Syncprov Overlay for config database
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectclass: olcOverlayConfig
objectclass: olcSyncProvConfig
olcOverlay: syncprov
#Configure SyncRepl for config database
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://ldap1.example.orgbinddn="cn=admin,cn=config"
bindmethod=simple
credentials=config searchbase="cn=config" type=refreshAndPersist retry="5
5 300 5" timeout=1
olcSyncRepl: rid=002
provider=ldap://ldap2.example.orgbinddn="cn=admin,cn=config"
bindmethod=simple
credentials=config searchbase="cn=config" type=refreshAndPersist retry="5
5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
my syncrepl for bdb is as follows:
dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=003
provider=ldap://ldap1.example.orgbinddn="cn=replicator,ou=Admins,dc=example,dc=org"
bindmethod=simple
credentials=Secret123 searchbase="dc=example,dc=org"
type=refreshAndPersist retry="5 5 5 +"
olcSyncRepl: rid=004
provider=ldap://ldap2.example.orgbinddn="cn=replicator,ou=Admins,dc=example,dc=org"
bindmethod=simple
credentials=Secret123 searchbase="dc=example,dc=org"
type=refreshAndPersist retry="5 5 5 +"
-
add: olcMirrorMode
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={2}bdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
Q) I would like to know should i have 2 syncrepl agreements in both
Masters (ldap1.example.org and ldap2.example.org)
Q) On provider-1 (ldap1.example.org) can i just have 1 single olcsyncrepl
specifying the provider as "ldap2" ?
dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=003
provider=ldap://ldap2.example.orgbinddn="cn=replicator,ou=Admins,dc=example,dc=org"
bindmethod=simple
credentials=Secret123 searchbase="dc=example,dc=org"
type=refreshAndPersist retry="5 5 5 +"
-
add: olcMirrorMode
olcMirrorMode: TRUE
Q) What is the use of specify the olcsyncrepl which is pointing to it's own
provider ?
Any pointers on the above would be helpful
Regards
Niranjan
11 years, 6 months
moduleload is buggy because of libltdl
by Tianyin Xu
I used the newest version, i.e., OpenLDAP-2.4.30, my OS is ubuntu 10.04,
and the libltdl version is 2.2.6b-2ubuntu1.
I used the following configuration setting in my slapd.conf, trying to load
a module.
moduleload /home/tianyin/openldap-2.4.30/module/mod_info.so
start slapd, and the log shows that:
Mar 24 22:06:49 tianyin-desktop slapd[7952]: lt_dlopenext failed:
(/home/tianyin/openldap-2.4.30/module/mod_info.so) file not found
I'm sure that I used the correct path by ls the path (i'm not stupid)
# ll /home/tianyin/openldap-2.4.30/module/mod_info.so
-rwxr-xr-x 1 tianyin tianyin 194708 2012-03-24 21:05
/home/tianyin/openldap-2.4.30/module/mod_info.so*
use gdb to trace the code. I find the problem is caused by libltdl:
if ((module->lib = lt_dlopenext(file)) == NULL) {
error = lt_dlerror();
#ifdef HAVE_EBCDIC
strcpy( ebuf, error );
__etoa( ebuf );
error = ebuf;
#endif
=> Debug(LDAP_DEBUG_ANY, "lt_dlopenext failed: (%s) %s\n", file_name,
error, 0);
the call chain is as follows:
#0 module_load (file_name=0x91507b
"/home/tianyin/openldap-2.4.30/module/mod_info.so", argc=0, argv=0x0) at
module.c:190
#1 0x0000000000421284 in config_generic (c=0x915760) at bconfig.c:2021
#2 0x0000000000433a00 in config_set_vals (Conf=0x814a40, c=0x915760) at
config.c:345
#3 0x0000000000433f5f in config_add_vals (Conf=0x814a40, c=0x915760) at
config.c:418
#4 0x00000000004351b3 in read_config_file (fname=0x5a0a98
"/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0,
cft=0x8140c0) at config.c:783
#5 0x000000000042846b in read_config (fname=0x0, dir=0x0) at bconfig.c:4213
#6 0x000000000041c217 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792
error returned by lt_dlerror() is a misleading log message, which is really
annoying.
Thanks,
Tianyin
--
Tianyin XU,
http://cseweb.ucsd.edu/~tixu/
11 years, 6 months
2.4.30 - libldap & libldap_r do not coexist
by Amol Kulkarni
Hi,
I've a program which links to both libldap & libldap_r dynamically. I've been running this program with openldap 2.4.23 without any problem. But when I upgraded to openldap 2.4.30, the program crashes with segfault. The crash occurs at the end when the program is closing connections. I googled and found that libldap & libldap_r should not be used in same process space bcos they one is non-threadsafe and other is threadsafe and they have same symbols. It is difficult for me to solve the problem by changing my compile configuration bcos my program loads 2 third party libraries which load these different versions of ldaplibraries.
One solution for me is to make a soft link from libldap to libldap_r, i.e make everyone use the threadsafe library. Would it be create any problems ?
Also, can anyone tell why I did not face the problem in 2.4.23 - I mean is there any compile time setting in openldap for this - which I've missed in 2.4.30 ?
Thanks and Regards,
Amol Kulkarni.
11 years, 6 months
nested groups for openldap v2.2
by Utsav Mohata
Hi All,
Versions of my software are :
OpenLDAP 2.2.13-7.4E
Samba : 3.0.10-1.4E.11
I am a newbie trying to implement nested groups for openLDAP.
Does the above version of OpenLDAP support nested groups ?
I have been trying multiple ways to implement nested groups
(1) As per my understanding, I could add sids of the subgroups as value of sambSIDList
My ldif file :
dn: cn=PDM,ou=Groups,dc=example,dc=com
cn: PDM
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 625
sambaSid: S-1-5-21-3782130030-2455357663-1162092550-626
sambaGroupType: 2
sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-620 <-- another group entry
sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-622 <- another group entry
This does not work for me. I read somewhere that this just works for local groups and not domain groups which all of the above groups are.
(2) Another idea was to edit the nis.schema and include "member" attribute in posixGroup, which can take other group entries as members.
My ldif file is:
dn: cn=LKM2,ou=Groups,dc=example,dc=com
cn: LKM2
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: top
gidNumber: 6099
sambaSid: S-1-5-21-3782130030-2455357663-1162092550-6090
sambaGroupType: 5
displayName: example
member: cn=LKM,ou=groups,dc=example,dc=com
member: cn=ken1,ou=People, dc=example,dc=com
Even this did not work.
Am I missing something?
Do let me know if I should post output of something else also.
Thanks in advance.
Apologies if I posted this twice.
Rgds,
Utsav
11 years, 6 months