March 2012 - openldap-technical

Copying entries without access to all attributes

by Nick Milas

Hi, In case we have entries which include some (administrative) attributes not visible or writable by a number of our administrator accounts, is there a way to allow these administrator accounts to create new entries which will forcibly include the aforementioned attributes, e.g. by providing default values to them? Ideally, these default attribute values should be dependent on the logged-in user (administrator). {In practice, these admins will be using a GUI to copy existing entries to new ones; we want to make sure that any non-visible/non-writable attributes will also be copied.} Any hint regarding such an implementation would be appreciated. Of course, we could create a front-end application where such operations would be executed with elevated privileges so as to ensure writing of any required attributes, but it would be nice if this is possible without resorting to such a solution (by using standard openldap functionality). Thanks, Nick

11 years, 6 months

1
1
0 / 0

Perl Programmable backend does not work

by Tianyin Xu

Hi, all, I wanna set "backend perl" in my OpenLDAP configuration. I used "--enable-perl" option to enable the perl programming backend. From the config.log, it seems everything is fine. I list all the perl-related entries in the config.log as below. I also attach my config.log in case you want to check it. --------------------------------------------------- configure:12106: checking for perl configure:12124: found /usr/bin/perl configure:12137: result: /usr/bin/perl ...... ac_cv_path_PERLBIN=/usr/bin/perl ..... PERLBIN='/usr/bin/perl' PERL_CPPFLAGS=' -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/lib/perl/5.10/CORE ' ...... SLAPD_PERL_LDFLAGS='-Wl,-E -fstack-protector -L/usr/local/lib -L/usr/lib/perl/5.10/CORE -lperl -ldl -lm -lpthread -lcrypt' --------------------------------------------------- However, when I start the slapd, the server fails to start with the following message printed: Mar 26 00:37:32 tianyin-desktop slapd[11062]: /home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf: line 103: <backend> failed init (perl)! I used GDB to trace the code and find the bomb point is in backend_info() as follows. slapd failed to find the corresponding backend information, and finally return NULL. BackendInfo* backend_info(const char *type) { BackendInfo *bi; /* search for the backend type */ => LDAP_STAILQ_FOREACH(bi,&backendInfo,bi_next) { if( strcasecmp(bi->bi_type, type) == 0 ) { return bi; } } return NULL; } The backtrace is: #0 backend_info (type=0x91fb88 "perl") at backend.c:533 #1 0x000000000041f627 in config_generic (c=0x9201f0) at bconfig.c:1502 #2 0x0000000000434674 in config_set_vals (Conf=0x81a460, c=0x9201f0) at config.c:345 #3 0x0000000000434bd3 in config_add_vals (Conf=0x81a460, c=0x9201f0) at config.c:418 #4 0x0000000000435e27 in read_config_file (fname=0x5a5c40 "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0, cft=0x81a1a0) at config.c:783 #5 0x00000000004290de in read_config (fname=0x0, dir=0x0) at bconfig.c:4213 #6 0x000000000041ccf7 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792 Does anyone use the perl programmable backend before? Thanks in advance! Tianyin -- Tianyin XU, http://cseweb.ucsd.edu/~tixu/

11 years, 6 months

1
0
0 / 0

GSSAPI (SASL) + LDAP

by Daniel Savard

Hi everyone, I am trying to implement Kerberos authentication and I believe I am almost there, however when I run the ldapwhoami command I am getting a segmentation fault rather than a success message. Here is the output of the ldapwhoami (yes, I have a Kerberos ticket): SASL/GSSAPI authentication started SASL username: dsavard(a)CIDS.CA SASL SSF: 56 SASL data security layer installed. dn:cn=daniel savard,dc=cids,dc=ca Segmentation fault The cn is properly mapped. When switching debug on I am getting the following messages and the only thing I find as a potential indication of my problem is this message (res_errno: 14, res_error: <SASL(0): successful result: security flags do not match required>, res_matched: <>) however I am not able to decipher what it means exactly: ldap_create ldap_pvt_sasl_getmech ldap_search put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_build_search_req ATTRS: supportedSASLMechanisms ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_path ldap_new_socket: 4 ldap_connect_to_path: Trying /var/run/openldap/slapd.sock ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_ndelay_on: 4 ldap_ndelay_off: 4 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x8058928 ptr=0x8058928 end=0x8058968 len=64 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ber_scanf fmt ({) ber: ber_dump: buf=0x8058928 ptr=0x805892d end=0x8058968 len=59 0000: 63 39 04 00 0a 01 00 0a 01 00 02 01 00 02 01 02 c9.............. 0010: 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 .....objectclass 0020: 30 19 04 17 73 75 70 70 6f 72 74 65 64 53 41 53 0...supportedSAS 0030: 4c 4d 65 63 68 61 6e 69 73 6d 73 LMechanisms ber_flush2: 64 bytes to sd 4 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ldap_write: want=64, written=64 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 02 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ldap_result ld 0x8058520 msgid 1 wait4msg ld 0x8058520 msgid 1 (infinite timeout) wait4msg continue ld 0x8058520 msgid 1 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 1 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 62 02 01 01 64 5d 04 0b...d]. ldap_read: want=92, got=92 0000: 00 30 59 30 57 04 17 73 75 70 70 6f 72 74 65 64 .0Y0W..supported 0010: 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 31 3c SASLMechanisms1< 0020: 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d 04 05 4c ..PLAIN..NTLM..L 0030: 4f 47 49 4e 04 06 47 53 53 41 50 49 04 0a 44 49 OGIN..GSSAPI..DI 0040: 47 45 53 54 2d 4d 44 35 04 08 43 52 41 4d 2d 4d GEST-MD5..CRAM-M 0050: 44 35 04 08 45 58 54 45 52 4e 41 4c D5..EXTERNAL ber_get_next: tag 0x30 len 98 contents: ber_dump: buf=0x8059a58 ptr=0x8059a58 end=0x8059aba len=98 0000: 02 01 01 64 5d 04 00 30 59 30 57 04 17 73 75 70 ...d]..0Y0W..sup 0010: 70 6f 72 74 65 64 53 41 53 4c 4d 65 63 68 61 6e portedSASLMechan 0020: 69 73 6d 73 31 3c 04 05 50 4c 41 49 4e 04 04 4e isms1<..PLAIN..N 0030: 54 4c 4d 04 05 4c 4f 47 49 4e 04 06 47 53 53 41 TLM..LOGIN..GSSA 0040: 50 49 04 0a 44 49 47 45 53 54 2d 4d 44 35 04 08 PI..DIGEST-MD5.. 0050: 43 52 41 4d 2d 4d 44 35 04 08 45 58 54 45 52 4e CRAM-MD5..EXTERN 0060: 41 4c AL read1msg: ld 0x8058520 msgid 1 message type search-entry wait4msg continue ld 0x8058520 msgid 1 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: * msgid 1, type 100 ld 0x8058520 response count 1 ldap_chkResponseList ld 0x8058520 msgid 1 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 65 07 0a 0....e.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x8059b10 ptr=0x8059b10 end=0x8059b1c len=12 0000: 02 01 01 65 07 0a 01 00 04 00 04 00 ...e........ read1msg: ld 0x8058520 msgid 1 message type search-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8059b10 ptr=0x8059b13 end=0x8059b1c len=9 0000: 65 07 0a 01 00 04 00 04 00 e........ read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 1 request done: ld 0x8058520 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) adding response ld 0x8058520 msgid 1 type 101: ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8059b10 ptr=0x8059b13 end=0x8059b1c len=9 0000: 65 07 0a 01 00 04 00 04 00 e........ ber_scanf fmt (}) ber: ber_dump: buf=0x8059b10 ptr=0x8059b1c end=0x8059b1c len=0 ldap_get_values ber_scanf fmt ({x{{a) ber: ber_dump: buf=0x8059a58 ptr=0x8059a5b end=0x8059aba len=95 0000: 64 5d 04 00 30 59 30 57 04 17 73 75 70 70 6f 72 d]..0Y0W..suppor 0010: 74 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d tedSASLMechanism 0020: 73 31 3c 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d s1<..PLAIN..NTLM 0030: 04 05 4c 4f 47 49 4e 04 06 47 53 53 41 50 49 04 ..LOGIN..GSSAPI. 0040: 0a 44 49 47 45 53 54 2d 4d 44 35 04 08 43 52 41 .DIGEST-MD5..CRA 0050: 4d 2d 4d 44 35 04 08 45 58 54 45 52 4e 41 4c M-MD5..EXTERNAL ber_scanf fmt ([v]) ber: ber_dump: buf=0x8059a58 ptr=0x8059a7c end=0x8059aba len=62 0000: 31 3c 04 05 50 4c 41 49 4e 04 04 4e 54 4c 4d 04 1<..PLAIN..NTLM. 0010: 05 4c 4f 47 49 4e 04 06 47 53 53 41 50 49 04 0a .LOGIN..GSSAPI.. 0020: 44 49 47 45 53 54 2d 4d 44 35 04 08 43 52 41 4d DIGEST-MD5..CRAM 0030: 2d 4d 44 35 04 08 45 58 54 45 52 4e 41 4c -MD5..EXTERNAL ldap_msgfree ldap_sasl_interactive_bind: server supports: PLAIN NTLM LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL ldap_int_sasl_bind: PLAIN NTLM LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL ldap_int_sasl_open: host=charpak.cids.ca SASL/GSSAPI authentication started ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80671b0 ptr=0x80671b0 end=0x8067429 len=633 0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00 0..u...`..n..... 0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02 59 ...e..GSSAPI...Y 0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01 `..U..*.H....... 0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1 03 .n..D0..@....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 5a ........ ......Z 0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b a..V0..R........ 0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02 01 .CIDS.CA."0 .... 0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68 61 ...0...ldap..cha 0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a rpak.cids.ca.... 0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82 0............... 00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce 54 ......F....c...T 00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68 26 ..a.|..J...].mh& 00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27 d8 ..L4-......$S+'. 00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49 ^:r.}8.....:.f.I 00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf c2 .v......_...6[.. 00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1 3e ....w(sCb..n...> 0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c ac ..{.......S...\. 0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af +.......!...k... 0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1 ).......j;.y4... 0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11 eb ..f..?......i... 0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89 76 ....U.O.;......v 0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1 a3 ..Z...G..$\..... 0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37 b1 ..... .c.h..y.7. 0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f g.!.N87-W}...... 0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c f5 .r.v..}k.+...z.. 0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c 02 .G5......y...1.. 01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81 c9 .........n...0.. 01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c 9f ..............l. 01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95 kr.c.........uO. 01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c 6f ..|.0.9?w.....lo 01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...% o..._.0.... 01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1 6a ..-......R.X{..j 0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33 {..n;..^..:!...3 0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)| )K..{ 0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c @.My.T.!.....<.< 0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38 86 ...R..tD...w..8. 0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17 e...u=........). 0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1 58 .-C..5...r.D...X 0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e be .d..\..\p.....n. 0270: 29 24 a7 3e 9a 34 f4 c3 6a )$.>.4..j ber_scanf fmt ({i) ber: ber_dump: buf=0x80671b0 ptr=0x80671b7 end=0x8067429 len=626 0000: 60 82 02 6e 02 01 03 04 00 a3 82 02 65 04 06 47 `..n........e..G 0010: 53 53 41 50 49 04 82 02 59 60 82 02 55 06 09 2a SSAPI...Y`..U..* 0020: 86 48 86 f7 12 01 02 02 01 00 6e 82 02 44 30 82 .H........n..D0. 0030: 02 40 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 .@.............. 0040: 00 20 00 00 00 a3 82 01 5a 61 82 01 56 30 82 01 . ......Za..V0.. 0050: 52 a0 03 02 01 05 a1 09 1b 07 43 49 44 53 2e 43 R.........CIDS.C 0060: 41 a2 22 30 20 a0 03 02 01 03 a1 19 30 17 1b 04 A."0 .......0... 0070: 6c 64 61 70 1b 0f 63 68 61 72 70 61 6b 2e 63 69 ldap..charpak.ci 0080: 64 73 2e 63 61 a3 82 01 1a 30 82 01 16 a0 03 02 ds.ca....0...... 0090: 01 12 a1 03 02 01 07 a2 82 01 08 04 82 01 04 46 ...............F 00a0: c7 d2 fb b5 63 13 9d ce 54 a8 bc 61 02 7c 9b a4 ....c...T..a.|.. 00b0: 4a b5 e4 97 5d 04 6d 68 26 e3 1a 4c 34 2d d5 ac J...].mh&..L4-.. 00c0: 13 1d ee a4 24 53 2b 27 d8 5e 3a 72 f3 7d 38 09 ....$S +'.^:r.}8. 00d0: 8b 0b b0 10 3a 84 66 fa 49 04 76 92 14 0b e4 91 ....:.f.I.v..... 00e0: 0a 5f 08 d0 d7 36 5b cf c2 0e a6 05 b9 77 28 73 ._...6[......w(s 00f0: 43 62 85 0e 6e 86 c0 d1 3e a5 2e 7b ba c8 1e 1d Cb..n...>..{.... 0100: e2 ce c0 53 04 aa f3 5c ac 2b 98 d5 b2 0c b9 95 ...S...\.+...... 0110: be 21 c7 df cf 6b ce 9f af 29 c4 b5 ea 89 04 16 .!...k...)...... 0120: ec 6a 3b 93 79 34 99 9e c1 c1 92 66 f3 d1 3f c2 .j;.y4.....f..?. 0130: 87 84 a2 b4 1b 69 ea 11 eb 93 bc d3 9b 55 eb 4f .....i.......U.O 0140: 8b 3b c2 dc 18 10 9d 89 76 0b 1d 5a 9f 8c 82 47 .;......v..Z...G 0150: d8 de 24 5c e1 18 e1 e1 a3 e1 e2 db 94 fa 20 c4 ..$\.......... . 0160: 63 c6 68 03 d3 79 d8 37 b1 67 a5 21 18 4e 38 37 c.h..y.7.g.!.N87 0170: 2d 57 7d e5 83 97 a4 df 9f d0 72 18 76 b9 1b 7d -W}.......r.v..} 0180: 6b fd 2b db 0d ce 7a 1c f5 cf 47 35 fd ef e0 86 k.+...z...G5.... 0190: 15 a7 79 d0 91 f0 31 0c 02 f5 f9 96 07 15 b5 d1 ..y...1......... 01a0: bf cf 6e a4 81 cc 30 81 c9 a0 03 02 01 12 a2 81 ..n...0......... 01b0: c1 04 81 be f4 d4 c2 6c 9f 6b 72 ad 63 cf ed a5 .......l.kr.c... 01c0: 9b 09 e2 b9 d1 8a 75 4f 95 0d 02 7c 8f 30 c6 39 ......uO...|.0.9 01d0: 3f 77 8d 05 09 18 bc 6c 6f 28 cb a2 8d 25 6f cd ?w.....lo(...%o. 01e0: c0 d0 5f 1e 30 81 02 88 1a 8d 90 2d 0a a8 e4 89 .._.0......-.... 01f0: d6 a4 52 00 58 7b 85 d1 6a 7b c6 d5 6e 3b d1 c6 ..R.X{..j{..n;.. 0200: 5e db 86 3a 21 bb ea ff 33 b1 e6 0c c6 8f cc 71 ^..:!...3......q 0210: 46 a4 29 7c 29 4b dd 7f 7b 40 03 4d 79 e4 54 b5 F.)| )K..{@.My.T. 0220: 21 08 e9 a5 96 9f 3c 96 3c 0b 89 ed 52 d6 1a 74 !.....<.<...R..t 0230: 44 f6 95 cc 77 db 03 38 86 65 b3 db 87 75 3d 1b D...w..8.e...u=. 0240: 1d f0 ad f2 f1 b3 e8 29 17 a5 2d 43 d1 d3 35 9d .......)..-C..5. 0250: fe 87 72 90 44 bd d0 b1 58 e8 64 dd 93 5c b8 f8 ..r.D...X.d..\.. 0260: 5c 70 9f 7f 1d a0 9b 6e be 29 24 a7 3e 9a 34 f4 \p.....n.)$.>.4. 0270: c3 6a .j ber_flush2: 633 bytes to sd 4 0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00 0..u...`..n..... 0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02 59 ...e..GSSAPI...Y 0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01 `..U..*.H....... 0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1 03 .n..D0..@....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 5a ........ ......Z 0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b a..V0..R........ 0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02 01 .CIDS.CA."0 .... 0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68 61 ...0...ldap..cha 0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a rpak.cids.ca.... 0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82 0............... 00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce 54 ......F....c...T 00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68 26 ..a.|..J...].mh& 00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27 d8 ..L4-......$S+'. 00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49 ^:r.}8.....:.f.I 00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf c2 .v......_...6[.. 00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1 3e ....w(sCb..n...> 0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c ac ..{.......S...\. 0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af +.......!...k... 0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1 ).......j;.y4... 0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11 eb ..f..?......i... 0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89 76 ....U.O.;......v 0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1 a3 ..Z...G..$\..... 0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37 b1 ..... .c.h..y.7. 0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f g.!.N87-W}...... 0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c f5 .r.v..}k.+...z.. 0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c 02 .G5......y...1.. 01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81 c9 .........n...0.. 01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c 9f ..............l. 01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95 kr.c.........uO. 01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c 6f ..|.0.9?w.....lo 01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...% o..._.0.... 01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1 6a ..-......R.X{..j 0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33 {..n;..^..:!...3 0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)| )K..{ 0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c @.My.T.!.....<.< 0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38 86 ...R..tD...w..8. 0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17 e...u=........). 0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1 58 .-C..5...r.D...X 0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e be .d..\..\p.....n. 0270: 29 24 a7 3e 9a 34 f4 c3 6a )$.>.4..j ldap_write: want=633, written=633 0000: 30 82 02 75 02 01 02 60 82 02 6e 02 01 03 04 00 0..u...`..n..... 0010: a3 82 02 65 04 06 47 53 53 41 50 49 04 82 02 59 ...e..GSSAPI...Y 0020: 60 82 02 55 06 09 2a 86 48 86 f7 12 01 02 02 01 `..U..*.H....... 0030: 00 6e 82 02 44 30 82 02 40 a0 03 02 01 05 a1 03 .n..D0..@....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 5a ........ ......Z 0050: 61 82 01 56 30 82 01 52 a0 03 02 01 05 a1 09 1b a..V0..R........ 0060: 07 43 49 44 53 2e 43 41 a2 22 30 20 a0 03 02 01 .CIDS.CA."0 .... 0070: 03 a1 19 30 17 1b 04 6c 64 61 70 1b 0f 63 68 61 ...0...ldap..cha 0080: 72 70 61 6b 2e 63 69 64 73 2e 63 61 a3 82 01 1a rpak.cids.ca.... 0090: 30 82 01 16 a0 03 02 01 12 a1 03 02 01 07 a2 82 0............... 00a0: 01 08 04 82 01 04 46 c7 d2 fb b5 63 13 9d ce 54 ......F....c...T 00b0: a8 bc 61 02 7c 9b a4 4a b5 e4 97 5d 04 6d 68 26 ..a.|..J...].mh& 00c0: e3 1a 4c 34 2d d5 ac 13 1d ee a4 24 53 2b 27 d8 ..L4-......$S+'. 00d0: 5e 3a 72 f3 7d 38 09 8b 0b b0 10 3a 84 66 fa 49 ^:r.}8.....:.f.I 00e0: 04 76 92 14 0b e4 91 0a 5f 08 d0 d7 36 5b cf c2 .v......_...6[.. 00f0: 0e a6 05 b9 77 28 73 43 62 85 0e 6e 86 c0 d1 3e ....w(sCb..n...> 0100: a5 2e 7b ba c8 1e 1d e2 ce c0 53 04 aa f3 5c ac ..{.......S...\. 0110: 2b 98 d5 b2 0c b9 95 be 21 c7 df cf 6b ce 9f af +.......!...k... 0120: 29 c4 b5 ea 89 04 16 ec 6a 3b 93 79 34 99 9e c1 ).......j;.y4... 0130: c1 92 66 f3 d1 3f c2 87 84 a2 b4 1b 69 ea 11 eb ..f..?......i... 0140: 93 bc d3 9b 55 eb 4f 8b 3b c2 dc 18 10 9d 89 76 ....U.O.;......v 0150: 0b 1d 5a 9f 8c 82 47 d8 de 24 5c e1 18 e1 e1 a3 ..Z...G..$\..... 0160: e1 e2 db 94 fa 20 c4 63 c6 68 03 d3 79 d8 37 b1 ..... .c.h..y.7. 0170: 67 a5 21 18 4e 38 37 2d 57 7d e5 83 97 a4 df 9f g.!.N87-W}...... 0180: d0 72 18 76 b9 1b 7d 6b fd 2b db 0d ce 7a 1c f5 .r.v..}k.+...z.. 0190: cf 47 35 fd ef e0 86 15 a7 79 d0 91 f0 31 0c 02 .G5......y...1.. 01a0: f5 f9 96 07 15 b5 d1 bf cf 6e a4 81 cc 30 81 c9 .........n...0.. 01b0: a0 03 02 01 12 a2 81 c1 04 81 be f4 d4 c2 6c 9f ..............l. 01c0: 6b 72 ad 63 cf ed a5 9b 09 e2 b9 d1 8a 75 4f 95 kr.c.........uO. 01d0: 0d 02 7c 8f 30 c6 39 3f 77 8d 05 09 18 bc 6c 6f ..|.0.9?w.....lo 01e0: 28 cb a2 8d 25 6f cd c0 d0 5f 1e 30 81 02 88 1a (...% o..._.0.... 01f0: 8d 90 2d 0a a8 e4 89 d6 a4 52 00 58 7b 85 d1 6a ..-......R.X{..j 0200: 7b c6 d5 6e 3b d1 c6 5e db 86 3a 21 bb ea ff 33 {..n;..^..:!...3 0210: b1 e6 0c c6 8f cc 71 46 a4 29 7c 29 4b dd 7f 7b ......qF.)| )K..{ 0220: 40 03 4d 79 e4 54 b5 21 08 e9 a5 96 9f 3c 96 3c @.My.T.!.....<.< 0230: 0b 89 ed 52 d6 1a 74 44 f6 95 cc 77 db 03 38 86 ...R..tD...w..8. 0240: 65 b3 db 87 75 3d 1b 1d f0 ad f2 f1 b3 e8 29 17 e...u=........). 0250: a5 2d 43 d1 d3 35 9d fe 87 72 90 44 bd d0 b1 58 .-C..5...r.D...X 0260: e8 64 dd 93 5c b8 f8 5c 70 9f 7f 1d a0 9b 6e be .d..\..\p.....n. 0270: 29 24 a7 3e 9a 34 f4 c3 6a )$.>.4..j ldap_msgfree ldap_result ld 0x8058520 msgid 2 wait4msg ld 0x8058520 msgid 2 (infinite timeout) wait4msg continue ld 0x8058520 msgid 2 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 2 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 2 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 81 ec 02 01 02 61 81 0.....a. ldap_read: want=231, got=231 0000: e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 3a .......@SASL(0): 0010: 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 75 successful resu 0020: 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c 61 lt: security fla 0030: 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 20 gs do not match 0040: 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 06 09 required...`.... 0050: 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 30 81 *.H........o..0. 0060: 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 78 a0 ............z0x. 0070: 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a 4b 05 .....q.o~.E..zK. 0080: 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 2e f4 7...,q_.`.&9W... 0090: 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba b1 db h..9'.U.-'...... 00a0: 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 f0 88 3..Q..;z.A..-D.. 00b0: 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 d1 7c 1.2.._.".....".| 00c0: d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 0d 71 ..H..'...6..&..q 00d0: 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df ce f1 &^fE..4..].S@... 00e0: 65 d7 7e d2 b5 1f d9 e.~.... ber_get_next: tag 0x30 len 236 contents: ber_dump: buf=0x8066930 ptr=0x8066930 end=0x8066a1c len=236 0000: 02 01 02 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 ...a........@SAS 0010: 4c 28 30 29 3a 20 73 75 63 63 65 73 73 66 75 6c L(0): successful 0020: 20 72 65 73 75 6c 74 3a 20 73 65 63 75 72 69 74 result: securit 0030: 79 20 66 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d y flags do not m 0040: 61 74 63 68 20 72 65 71 75 69 72 65 64 87 81 9c atch required... 0050: 60 81 99 06 09 2a 86 48 86 f7 12 01 02 02 02 00 `....*.H........ 0060: 6f 81 89 30 81 86 a0 03 02 01 05 a1 03 02 01 0f o..0............ 0070: a2 7a 30 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 .z0x......q.o~.E 0080: 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 ..zK.7...,q_.`.& 0090: 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 9W...h..9'.U.-'. 00a0: 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 .....3..Q..;z.A. 00b0: ec 2d 44 f0 88 31 e5 32 12 98 5f db 22 cd b1 2e .-D..1.2.._."... 00c0: d2 15 22 d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 ..".|..H..'...6. 00d0: cf 26 94 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a .&..q&^fE..4..]. 00e0: 53 40 df ce f1 65 d7 7e d2 b5 1f d9 S@...e.~.... read1msg: ld 0x8058520 msgid 2 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233 0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 a........@SASL(0 0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ): successful re 0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult: security f 0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not matc 0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h required...`.. 0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 ..*.H........o.. 0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 0.............z0 0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a x......q.o~.E..z 0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 K.7...,q_.`.&9W. 0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba ..h..9'.U.-'.... 00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 ..3..Q..;z.A..-D 00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 ..1.2.._."....." 00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 .|..H..'...6..&. 00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df .q&^fE..4..].S@. 00e0: ce f1 65 d7 7e d2 b5 1f d9 ..e.~.... read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 2 request done: ld 0x8058520 msgid 2 res_errno: 14, res_error: <SASL(0): successful result: security flags do not match required>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_int_sasl_bind: <null> ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233 0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 a........@SASL(0 0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ): successful re 0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult: security f 0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not matc 0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h required...`.. 0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 ..*.H........o.. 0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 0.............z0 0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a x......q.o~.E..z 0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 K.7...,q_.`.&9W. 0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba ..h..9'.U.-'.... 00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 ..3..Q..;z.A..-D 00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 ..1.2.._."....." 00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 .|..H..'...6..&. 00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df .q&^fE..4..].S@. 00e0: ce f1 65 d7 7e d2 b5 1f d9 ..e.~.... ber_scanf fmt (O) ber: ber_dump: buf=0x8066930 ptr=0x806697d end=0x8066a1c len=159 0000: 87 81 9c 60 81 99 06 09 2a 86 48 86 f7 12 01 02 ...`....*.H..... 0010: 02 02 00 6f 81 89 30 81 86 a0 03 02 01 05 a1 03 ...o..0......... 0020: 02 01 0f a2 7a 30 78 a0 03 02 01 12 a2 71 04 6f ....z0x......q.o 0030: 7e 89 45 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed ~.E..zK.7...,q_. 0040: 60 af 26 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6 `.&9W...h..9'.U. 0050: 2d 27 06 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a -'......3..Q..;z 0060: 8b 41 03 ec 2d 44 f0 88 31 e5 32 12 98 5f db 22 .A..-D..1.2.._." 0070: cd b1 2e d2 15 22 d1 7c d9 7f 48 aa 9e 27 84 a2 .....".|..H..'.. 0080: cd 36 02 cf 26 94 0d 71 26 5e 66 45 af 86 34 de .6..&..q&^fE..4. 0090: b1 5d 9a 53 40 df ce f1 65 d7 7e d2 b5 1f d9 .].S@...e.~.... ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066930 ptr=0x8066933 end=0x8066a1c len=233 0000: 61 81 e6 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 a........@SASL(0 0010: 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 ): successful re 0020: 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 sult: security f 0030: 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 lags do not matc 0040: 68 20 72 65 71 75 69 72 65 64 87 81 9c 60 81 99 h required...`.. 0050: 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 81 89 ..*.H........o.. 0060: 30 81 86 a0 03 02 01 05 a1 03 02 01 0f a2 7a 30 0.............z0 0070: 78 a0 03 02 01 12 a2 71 04 6f 7e 89 45 11 0e 7a x......q.o~.E..z 0080: 4b 05 37 fe ac 8f 2c 71 5f ed 60 af 26 39 57 b2 K.7...,q_.`.&9W. 0090: 2e f4 68 e2 01 39 27 19 55 a6 2d 27 06 8c a8 ba ..h..9'.U.-'.... 00a0: b1 db 33 e3 91 51 89 0a 3b 7a 8b 41 03 ec 2d 44 ..3..Q..;z.A..-D 00b0: f0 88 31 e5 32 12 98 5f db 22 cd b1 2e d2 15 22 ..1.2.._."....." 00c0: d1 7c d9 7f 48 aa 9e 27 84 a2 cd 36 02 cf 26 94 .|..H..'...6..&. 00d0: 0d 71 26 5e 66 45 af 86 34 de b1 5d 9a 53 40 df .q&^fE..4..].S@. 00e0: ce f1 65 d7 7e d2 b5 1f d9 ..e.~.... ber_scanf fmt (x) ber: ber_dump: buf=0x8066930 ptr=0x806697d end=0x8066a1c len=159 0000: 87 81 9c 60 81 99 06 09 2a 86 48 86 f7 12 01 02 ...`....*.H..... 0010: 02 02 00 6f 81 89 30 81 86 a0 03 02 01 05 a1 03 ...o..0......... 0020: 02 01 0f a2 7a 30 78 a0 03 02 01 12 a2 71 04 6f ....z0x......q.o 0030: 7e 89 45 11 0e 7a 4b 05 37 fe ac 8f 2c 71 5f ed ~.E..zK.7...,q_. 0040: 60 af 26 39 57 b2 2e f4 68 e2 01 39 27 19 55 a6 `.&9W...h..9'.U. 0050: 2d 27 06 8c a8 ba b1 db 33 e3 91 51 89 0a 3b 7a -'......3..Q..;z 0060: 8b 41 03 ec 2d 44 f0 88 31 e5 32 12 98 5f db 22 .A..-D..1.2.._." 0070: cd b1 2e d2 15 22 d1 7c d9 7f 48 aa 9e 27 84 a2 .....".|..H..'.. 0080: cd 36 02 cf 26 94 0d 71 26 5e 66 45 af 86 34 de .6..&..q&^fE..4. 0090: b1 5d 9a 53 40 df ce f1 65 d7 7e d2 b5 1f d9 .].S@...e.~.... ber_scanf fmt (}) ber: ber_dump: buf=0x8066930 ptr=0x8066a1c end=0x8066a1c len=0 sasl_client_step: 1 ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80673c8 ptr=0x80673c8 end=0x80673de len=22 0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06 0....`.......... 0010: 47 53 53 41 50 49 GSSAPI ber_scanf fmt ({i) ber: ber_dump: buf=0x80673c8 ptr=0x80673cd end=0x80673de len=17 0000: 60 0f 02 01 03 04 00 a3 08 04 06 47 53 53 41 50 `..........GSSAP 0010: 49 I ber_flush2: 22 bytes to sd 4 0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06 0....`.......... 0010: 47 53 53 41 50 49 GSSAPI ldap_write: want=22, written=22 0000: 30 14 02 01 03 60 0f 02 01 03 04 00 a3 08 04 06 0....`.......... 0010: 47 53 53 41 50 49 GSSAPI ldap_msgfree ldap_result ld 0x8058520 msgid 3 wait4msg ld 0x8058520 msgid 3 (infinite timeout) wait4msg continue ld 0x8058520 msgid 3 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 3, origid 3, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 3 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 3 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 6e 02 01 03 61 69 0a 0n...ai. ldap_read: want=104, got=104 0000: 01 0e 04 00 04 40 53 41 53 4c 28 30 29 3a 20 73 .....@SASL(0): s 0010: 75 63 63 65 73 73 66 75 6c 20 72 65 73 75 6c 74 uccessful result 0020: 3a 20 73 65 63 75 72 69 74 79 20 66 6c 61 67 73 : security flags 0030: 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 20 72 65 do not match re 0040: 71 75 69 72 65 64 87 20 05 04 05 ff 00 0c 00 00 quired. ........ 0050: 00 00 00 00 12 b9 aa 10 07 01 00 00 df 4c f1 71 .............L.q 0060: 90 07 ff bd 17 a8 c4 a4 ........ ber_get_next: tag 0x30 len 110 contents: ber_dump: buf=0x8066ea0 ptr=0x8066ea0 end=0x8066f0e len=110 0000: 02 01 03 61 69 0a 01 0e 04 00 04 40 53 41 53 4c ...ai......@SASL 0010: 28 30 29 3a 20 73 75 63 63 65 73 73 66 75 6c 20 (0): successful 0020: 72 65 73 75 6c 74 3a 20 73 65 63 75 72 69 74 79 result: security 0030: 20 66 6c 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 flags do not ma 0040: 74 63 68 20 72 65 71 75 69 72 65 64 87 20 05 04 tch required. .. 0050: 05 ff 00 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 ................ 0060: 00 00 df 4c f1 71 90 07 ff bd 17 a8 c4 a4 ...L.q........ read1msg: ld 0x8058520 msgid 3 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107 0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 ai......@SASL(0) 0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful res 0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult: security fl 0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not match 0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00 required. ..... 0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00 df ................ 0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4 L.q........ read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 3 request done: ld 0x8058520 msgid 3 res_errno: 14, res_error: <SASL(0): successful result: security flags do not match required>, res_matched: <> ldap_free_request (origid 3, msgid 3) ldap_int_sasl_bind: <null> ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107 0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 ai......@SASL(0) 0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful res 0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult: security fl 0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not match 0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00 required. ..... 0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00 df ................ 0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4 L.q........ ber_scanf fmt (O) ber: ber_dump: buf=0x8066ea0 ptr=0x8066eec end=0x8066f0e len=34 0000: 87 20 05 04 05 ff 00 0c 00 00 00 00 00 00 12 b9 . .............. 0010: aa 10 07 01 00 00 df 4c f1 71 90 07 ff bd 17 a8 .......L.q...... 0020: c4 a4 .. ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066ea0 ptr=0x8066ea3 end=0x8066f0e len=107 0000: 61 69 0a 01 0e 04 00 04 40 53 41 53 4c 28 30 29 ai......@SASL(0) 0010: 3a 20 73 75 63 63 65 73 73 66 75 6c 20 72 65 73 : successful res 0020: 75 6c 74 3a 20 73 65 63 75 72 69 74 79 20 66 6c ult: security fl 0030: 61 67 73 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 ags do not match 0040: 20 72 65 71 75 69 72 65 64 87 20 05 04 05 ff 00 required. ..... 0050: 0c 00 00 00 00 00 00 12 b9 aa 10 07 01 00 00 df ................ 0060: 4c f1 71 90 07 ff bd 17 a8 c4 a4 L.q........ ber_scanf fmt (x) ber: ber_dump: buf=0x8066ea0 ptr=0x8066eec end=0x8066f0e len=34 0000: 87 20 05 04 05 ff 00 0c 00 00 00 00 00 00 12 b9 . .............. 0010: aa 10 07 01 00 00 df 4c f1 71 90 07 ff bd 17 a8 .......L.q...... 0020: c4 a4 .. ber_scanf fmt (}) ber: ber_dump: buf=0x8066ea0 ptr=0x8066f0e end=0x8066f0e len=0 sasl_client_step: 0 ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80675e0 ptr=0x80675e0 end=0x8067618 len=56 0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06 06...`1......*.. 0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00 GSSAPI. ........ 0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....| Y......... 0030: ba 92 ed 68 ba 85 78 97 ...h..x. ber_scanf fmt ({i) ber: ber_dump: buf=0x80675e0 ptr=0x80675e5 end=0x8067618 len=51 0000: 60 31 02 01 03 04 00 a3 2a 04 06 47 53 53 41 50 `1......*..GSSAP 0010: 49 04 20 05 04 04 ff 00 0c 00 00 00 00 00 00 14 I. ............. 0020: 7c 59 12 04 ff ff ff df d0 e2 d4 ba 92 ed 68 ba | Y............h. 0030: 85 78 97 .x. ber_flush2: 56 bytes to sd 4 0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06 06...`1......*.. 0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00 GSSAPI. ........ 0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....| Y......... 0030: ba 92 ed 68 ba 85 78 97 ...h..x. ldap_write: want=56, written=56 0000: 30 36 02 01 04 60 31 02 01 03 04 00 a3 2a 04 06 06...`1......*.. 0010: 47 53 53 41 50 49 04 20 05 04 04 ff 00 0c 00 00 GSSAPI. ........ 0020: 00 00 00 00 14 7c 59 12 04 ff ff ff df d0 e2 d4 .....| Y......... 0030: ba 92 ed 68 ba 85 78 97 ...h..x. ldap_msgfree ldap_result ld 0x8058520 msgid 4 wait4msg ld 0x8058520 msgid 4 (infinite timeout) wait4msg continue ld 0x8058520 msgid 4 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 4, origid 4, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid 4 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid 4 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 04 61 07 0a 0....a.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x8066a10 ptr=0x8066a10 end=0x8066a1c len=12 0000: 02 01 04 61 07 0a 01 00 04 00 04 00 ...a........ read1msg: ld 0x8058520 msgid 4 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 4 request done: ld 0x8058520 msgid 4 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 4, msgid 4) ldap_int_sasl_bind: <null> ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066a10 ptr=0x8066a13 end=0x8066a1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ ber_scanf fmt (}) ber: ber_dump: buf=0x8066a10 ptr=0x8066a1c end=0x8066a1c len=0 SASL username: dsavard(a)CIDS.CA SASL SSF: 56 ldap_pvt_sasl_generic_install SASL data security layer installed. ldap_msgfree ldap_extended_operation ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x80685e8 ptr=0x80685e8 end=0x8068608 len=32 0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 33 .4.1.4203.1.11.3 ber_scanf fmt ({) ber: ber_dump: buf=0x80685e8 ptr=0x80685ed end=0x8068608 len=27 0000: 77 19 80 17 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. 0010: 34 32 30 33 2e 31 2e 31 31 2e 33 4203.1.11.3 ber_flush2: 32 bytes to sd 4 0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 33 .4.1.4203.1.11.3 sasl_generic_write: want=96, written=96 0000: 00 00 00 5c 05 04 06 ff 00 00 00 00 00 00 00 00 ...\............ 0010: 14 7c 59 13 19 70 b3 cc d8 3f 49 e8 75 23 72 34 .| Y..p...?I.u#r4 0020: e3 36 1f 76 8b b5 33 a9 f0 f7 b7 e7 a6 03 39 5a .6.v..3.......9Z 0030: aa ff 48 4a f1 7d ff 50 1e 4c 70 42 1e 70 f9 1a ..HJ.}.P.LpB.p.. 0040: 1b a6 98 d3 ac 1f fa 0b 7c 74 5f a2 bb 33 8a 11 ........| t_..3.. 0050: d5 71 97 a5 22 e6 cb 58 4a b9 22 c7 9e 49 f0 ac .q.."..XJ."..I.. ldap_write: want=32, written=32 0000: 30 1e 02 01 05 77 19 80 17 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 33 .4.1.4203.1.11.3 ldap_result ld 0x8058520 msgid -1 wait4msg ld 0x8058520 msgid -1 (timeout 100000 usec) wait4msg continue ld 0x8058520 msgid -1 all 1 ** ld 0x8058520 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Thu Feb 9 15:30:01 2012 ** ld 0x8058520 Outstanding Requests: * msgid 5, origid 5, status InProgress outstanding referrals 0, parent count 0 ld 0x8058520 request count 1 (abandoned 0) ** ld 0x8058520 Response Queue: Empty ld 0x8058520 response count 0 ldap_chkResponseList ld 0x8058520 msgid -1 all 1 ldap_chkResponseList returns ld 0x8058520 NULL ldap_int_select read1msg: ld 0x8058520 msgid -1 all 1 ber_get_next sasl_generic_read: want=4, got=4 0000: 00 00 00 6d ...m sasl_generic_read: want=109, got=109 0000: 05 04 07 ff 00 00 00 00 00 00 00 00 12 b9 aa 11 ................ 0010: 2c b0 59 b7 a7 26 8a 02 2e 10 76 24 d1 2a 65 7f ,.Y..&....v $.*e. 0020: 06 fd ba 3c a5 23 0d d9 7a 3a 9d 05 0c 29 fc 1d ...<.#..z:...).. 0030: 7e 4f 6f db 0c 0e da 33 33 5b dc fb 58 2c 76 d9 ~Oo....33[..X,v. 0040: af ff 86 32 cc f2 08 9e e4 05 01 db 55 e8 9d 41 ...2........U..A 0050: 79 07 3f fc 60 bb e8 09 bb 67 a9 84 9c e6 61 28 y.?.`....g....a( 0060: dc f7 ee 69 eb a4 25 bf 93 42 14 4d e7 ...i..%..B.M. ldap_read: want=8, got=8 0000: 30 2f 02 01 05 78 2a 0a 0/...x*. ldap_read: want=41, got=41 0000: 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e 3d 64 61 .......! dn:cn=da 0010: 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 63 3d 63 niel savard,dc=c 0020: 69 64 73 2c 64 63 3d 63 61 ids,dc=ca ber_get_next: tag 0x30 len 47 contents: ber_dump: buf=0x8069af8 ptr=0x8069af8 end=0x8069b27 len=47 0000: 02 01 05 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e ...x*........!dn 0010: 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 :cn=daniel savar 0020: 64 2c 64 63 3d 63 69 64 73 2c 64 63 3d 63 61 d,dc=cids,dc=ca read1msg: ld 0x8058520 msgid 5 message type extended-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44 0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........! dn:cn 0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel savard,d 0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61 c=cids,dc=ca read1msg: ld 0x8058520 0 new referrals read1msg: mark request completed, ld 0x8058520 msgid 5 request done: ld 0x8058520 msgid 5 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 5, msgid 5) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44 0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........! dn:cn 0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel savard,d 0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61 c=cids,dc=ca ber_scanf fmt (x) ber: ber_dump: buf=0x8069af8 ptr=0x8069b04 end=0x8069b27 len=35 0000: 8b 21 64 6e 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 .! dn:cn=daniel s 0010: 61 76 61 72 64 2c 64 63 3d 63 69 64 73 2c 64 63 avard,dc=cids,dc 0020: 3d 63 61 =ca ber_scanf fmt (}) ber: ber_dump: buf=0x8069af8 ptr=0x8069b27 end=0x8069b27 len=0 ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8069af8 ptr=0x8069afb end=0x8069b27 len=44 0000: 78 2a 0a 01 00 04 00 04 00 8b 21 64 6e 3a 63 6e x*........! dn:cn 0010: 3d 64 61 6e 69 65 6c 20 73 61 76 61 72 64 2c 64 =daniel savard,d 0020: 63 3d 63 69 64 73 2c 64 63 3d 63 61 c=cids,dc=ca ber_scanf fmt (O) ber: ber_dump: buf=0x8069af8 ptr=0x8069b04 end=0x8069b27 len=35 0000: 8b 21 64 6e 3a 63 6e 3d 64 61 6e 69 65 6c 20 73 .! dn:cn=daniel s 0010: 61 76 61 72 64 2c 64 63 3d 63 69 64 73 2c 64 63 avard,dc=cids,dc 0020: 3d 63 61 =ca dn:cn=daniel savard,dc=cids,dc=ca ldap_msgfree ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 0000: 30 05 02 01 06 42 00 0....B. sasl_generic_write: want=71, written=71 0000: 00 00 00 43 05 04 06 ff 00 00 00 00 00 00 00 00 ...C............ 0010: 14 7c 59 14 62 4d d1 00 e2 51 30 43 8b bb 63 30 .| Y.bM...Q0C..c0 0020: 8e 74 4e 91 57 f8 10 4a 9f ec b4 d2 b2 0c 33 bc .tN.W..J......3. 0030: 67 c8 06 09 2b 22 7f f2 be 26 12 b1 96 cc 8f 10 g...+"...&...... 0040: 09 89 32 2a 02 11 d8 ..2*... ldap_write: want=7, written=7 0000: 30 05 02 01 06 42 00 0....B. ldap_free_connection: actually freed Segmentation fault THX -- Daniel Savard

11 years, 6 months

4
7
0 / 0

Re: Root not allowed to login

by SYeen Su

Hi Chris, Wow, amazingly, it only happens to root. When I logged in as test, this is the message in /var/log/secure : Mar 23 11:03:16 mgrc-prod-sdb9 login: LOGIN ON tty1 BY test The password for root is a known value, not some paswordless phrase or some passphrase. What settings do I need to do for root? On Fri, Mar 23, 2012 at 10:50 AM, Chris Jacobs <Chris.Jacobs(a)apollogrp.edu>wrote: > Is your root passwd set to a known value? Can you sudo or su to root? Is > this an issue with any other local accounts? > > > - chris > > Chris Jacobs > Systems Administrator, Technology Services Group > > Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. > 1501 4th Ave | Suite 2500 | Seattle, WA 98101 > direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 > email: chris.jacobs(a)apollogrp.edu > > ------------------------------ > *From*: SYeen Su <seauyeen(a)mgrc.com.my> > *To*: Chris Jacobs > *Cc*: mlstarling31(a)hotmail.com <mlstarling31(a)hotmail.com>; > openldap-technical(a)openldap.org <openldap-technical(a)openldap.org> > *Sent*: Thu Mar 22 19:47:06 2012 > > *Subject*: Re: Root not allowed to login > > Hello Chris, > > THis is what I got when I tried logging in from the KVM console/ILOM: > > login: pam_ldap: error trying to bind as user > "uid=root,ou=People,dc=synamatix,dc=com" (Invalid credentials) > Mar 23 10:44:40 mgrc-prod-sdb9 login: ROOT LOGIN ON tty1 > > It will alaways try to bind as user "uid=root" even though root is local. > > On Fri, Mar 23, 2012 at 10:37 AM, Chris Jacobs <Chris.Jacobs(a)apollogrp.edu > > wrote: > >> What do your logs say when root tries to login? >> >> >> Chris Jacobs >> Systems Administrator, Technology Services Group >> >> Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. >> 1501 4th Ave | Suite 2500 | Seattle, WA 98101 >> direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 >> email: chris.jacobs(a)apollogrp.edu >> >> ------------------------------ >> *From*: SYeen Su <seauyeen(a)mgrc.com.my> >> *To*: Chris Jacobs >> *Cc*: mlstarling31(a)hotmail.com <mlstarling31(a)hotmail.com>; >> openldap-technical(a)openldap.org <openldap-technical(a)openldap.org> >> *Sent*: Thu Mar 22 19:32:07 2012 >> >> *Subject*: Re: Root not allowed to login >> >> Hi Chris, >> >> For testing purpose I disabled the PermitRootLogin to yes temporarily. >> Usually it's no and the failure was noticed when the server lost connection >> to the ldap server and even root ( that's local) is not able to log in. >> Hence, I started investigating what is wrong. Bottomline, via console, root >> is not able to log in if there is no network connectivity to ldap and I am >> trying to solve this issue because if even root and any othe rlocal users >> cannot log in via console, I am not able to check what is wrong with the >> network, the only option is to reboot, which is what I'd like to avoid. >> >> >> On Fri, Mar 23, 2012 at 10:14 AM, Chris Jacobs < >> Chris.Jacobs(a)apollogrp.edu> wrote: >> >>> Syeen, >>> >>> Are you trying to login remotely? Or at the local console? >>> >>> If remotely, this may be standard behavior as usually PermitRootLogin is >>> set to no in /etc/ssh/sshd_config - which I would NOT recommend changing. >>> During an outage, local console access would have to be used (via ILO, some >>> KVM over IP, etc, solution). >>> >>> Other than that, everything in your system-auth-ac and nsswitch.conf >>> look fine to me. >>> >>> - chris >>> >>> >>> *Chris Jacobs,** *Jr. Unix System Administrator >>> Apollo Group | Apollo Marketing | ITG >>> >>> 2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 >>> phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 >>> >>> email: chris.jacobs(a)apollogrp.edu >>> >>> ------------------------------ >>> *From:* SYeen Su [seauyeen(a)mgrc.com.my] >>> *Sent:* Thursday, March 22, 2012 7:13 PM >>> >>> *To:* Chris Jacobs >>> *Cc:* mlstarling31(a)hotmail.com; openldap-technical(a)openldap.org >>> *Subject:* Re: Root not allowed to login >>> >>> Hi Chris, >>> >>> Exactly, all my configuration seems correct as I have compared. Hmm >>> let's just say i am not familiar with sssd and to migrate to sssd, I think >>> i gotta spend some time studying it. So, i know, i took the easy way out by >>> just porting over my previous ldap configuration to RHEL6. >>> >>> Anyway, my snippets from /etc/nsswitch.conf file as below: >>> >>> *passwd: files ldap >>> shadow: files ldap >>> group: files ldap >>> * >>> It matches yours too, right? If i put the sequence the other way round, >>> root practically cannot log in at all! >>> >>> What else do I need to configure on my client side? I am lost! >>> >>> On Fri, Mar 23, 2012 at 10:10 AM, Chris Jacobs < >>> Chris.Jacobs(a)apollogrp.edu> wrote: >>> >>>> Again, this isn't an openldap issue, but... >>>> >>>> Your /etc/pam.d/system-auth-ac file looks fine to me - it matches both >>>> our CentOS5 and CentOS6 machines. >>>> >>>> I looked and was unable to find any attachments or included snippets >>>> from your /etc/nsswitch.conf file. >>>> >>>> On our systems using PADL's pam_ldap, you should have in there: >>>> passwd: files ldap >>>> shadow: files ldap >>>> group: files ldap >>>> >>>> Digression: I'm a little surprised you're using pam's padl software. >>>> Between nss-pam-ldapd and sssd we decided to embrace the apparent future >>>> and have successfully moved to sssd for our CentOS 6 boxes. >>>> ** This doesn't impact your problem though. ** >>>> >>>> *Chris Jacobs,** *Jr. Unix System Administrator >>>> Apollo Group | Apollo Marketing | ITG >>>> >>>> 2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 >>>> phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 >>>> >>>> email: chris.jacobs(a)apollogrp.edu >>>> >>>> ------------------------------ >>>> *From:* SYeen Su [seauyeen(a)mgrc.com.my] >>>> *Sent:* Thursday, March 22, 2012 6:22 PM >>>> *To:* Chris Jacobs >>>> *Cc:* mlstarling31(a)hotmail.com; openldap-technical(a)openldap.org >>>> >>>> *Subject:* Re: Root not allowed to login >>>> >>>> Hi Chris, >>>> >>>> That's what I suspect too but I am not sure how else to tweak my pam >>>> and nsswitch files. Do you have any suggestions? Below is my >>>> pam.d/system-auth file and my nsswitch file excerpt has been attached >>>> previously. >>>> >>>> #%PAM-1.0 >>>> # This file is auto-generated. >>>> # User changes will be destroyed the next time authconfig is run. >>>> auth required pam_env.so >>>> auth sufficient pam_unix.so nullok try_first_pass >>>> auth requisite pam_succeed_if.so uid >= 500 quiet >>>> auth sufficient pam_ldap.so use_first_pass >>>> auth required pam_deny.so >>>> >>>> account required pam_unix.so broken_shadow >>>> account sufficient pam_localuser.so >>>> account sufficient pam_succeed_if.so uid < 500 quiet >>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so >>>> account required pam_permit.so >>>> >>>> password requisite pam_cracklib.so try_first_pass retry=3 >>>> dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 minlen=8 type=strong >>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass >>>> use_authtok >>>> password sufficient pam_ldap.so use_authtok >>>> password required pam_deny.so >>>> >>>> session optional pam_keyinit.so revoke >>>> session required pam_limits.so >>>> session [success=1 default=ignore] pam_succeed_if.so service in >>>> crond quiet use_uid >>>> session required pam_unix.so >>>> session optional pam_ldap.so >>>> >>>> Is there anything amiss with my pam file? If you need to have a look at >>>> my login and sshd pam file, please tell me so. >>>> >>>> Thanks a lot. >>>> >>>> On Fri, Mar 23, 2012 at 9:17 AM, Chris Jacobs < >>>> Chris.Jacobs(a)apollogrp.edu> wrote: >>>> >>>>> The timeouts are how long to wait for ldap to respond. It should >>>>> check local (normally via pam) next. >>>>> >>>>> We have our user's in LDAP and can still login using the local >>>>> accounts. >>>>> >>>>> Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue. >>>>> >>>>> - chris >>>>> >>>>> Chris Jacobs >>>>> Systems Administrator, Technology Services Group >>>>> >>>>> Apollo Group | Apollo Marketing & Product Development | Aptimus, >>>>> Inc. >>>>> 1501 4th Ave | Suite 2500 | Seattle, WA 98101 >>>>> direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 >>>>> email: chris.jacobs(a)apollogrp.edu >>>>> >>>>> ------------------------------ >>>>> *From*: openldap-technical-bounces(a)OpenLDAP.org<openldap-technical-bounces(a)OpenLDAP.org> >>>>> >>>>> *To*: Michael Starling <mlstarling31(a)hotmail.com> >>>>> *Cc*: openldap <openldap-technical(a)openldap.org> >>>>> *Sent*: Thu Mar 22 18:10:55 2012 >>>>> *Subject*: Re: Root not allowed to login >>>>> >>>>> Hi Michael, >>>>> >>>>> I have changed the timelimit and bind_timelimit to 4 but it still >>>>> checks with ldap immediately ( I mean when root logs in ). i doubt it has >>>>> anything to do with the time because it checks immediately without any >>>>> delay. >>>>> >>>>> On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling < >>>>> mlstarling31(a)hotmail.com> wrote: >>>>> >>>>>> Try setting your timelimt and bind_timelimit to something like a >>>>>> bit lower. >>>>>> >>>>>> timelimit 4 >>>>>> >>>>>> bind_timelimit 4 >>>>>> >>>>>> ------------------------------ >>>>>> Date: Thu, 22 Mar 2012 17:03:56 +0800 >>>>>> Subject: Root not allowed to login >>>>>> From: seauyeen(a)mgrc.com.my >>>>>> To: openldap-technical(a)openldap.org >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. >>>>>> When the box loses connection with the ldap server, even the root cannot >>>>>> log in as it tries to bind with the ldap server. This can be seen when I >>>>>> log in with root and the message below appears : >>>>>> >>>>>> sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, >>>>>> dc=example,dc=com" (Invalid credentials). >>>>>> >>>>>> My root user is not even in the ldap database. When connection is >>>>>> fine, the message above does not affect the login of root. The login of >>>>>> root is only screwed up when the box loses connectivity. >>>>>> >>>>>> Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and >>>>>> ldap.conf files. >>>>>> >>>>>> I have been googling around but some either switch to kerberos, or >>>>>> the question is left unatttended to. Please help. I can only resort to >>>>>> restarting the box whenever this happens. How can I configure the ldap so >>>>>> that local users can login when there's no connectivity to ldap server? >>>>>> >>>>>> Thanks heaps! >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> MGRC - *Sequence. Analyse. Innovate.* >>>>>> *Su Seau Yeen >>>>>> Manager, IT Operations >>>>>> *** >>>>>> *Malaysian Genomics Resource Centre Berhad (MGRC)* >>>>>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | >>>>>> www.mgrc.com.my >>>>>> ------------------------------ >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> This e-mail is intended only for the use of the individual or >>>>>> entity to which it is addressed and may contain confidential and/or >>>>>> privileged material. Any review, retransmission, dissemination or other use >>>>>> of or taking of any action in reliance upon this information by persons or >>>>>> entities other than the intended recipient, is strictly prohibited. If you >>>>>> receive this e-mail in error, please contact us immediately by return >>>>>> e-mail and delete the original message(s). >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> ------------------------------ >>>>> MGRC - *Sequence. Analyse. Innovate.* >>>>> *Su Seau Yeen >>>>> Manager, IT Operations >>>>> *** >>>>> *Malaysian Genomics Resource Centre Berhad (MGRC)* >>>>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | >>>>> www.mgrc.com.my >>>>> ------------------------------ >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> This e-mail is intended only for the use of the individual or >>>>> entity to which it is addressed and may contain confidential and/or >>>>> privileged material. Any review, retransmission, dissemination or other use >>>>> of or taking of any action in reliance upon this information by persons or >>>>> entities other than the intended recipient, is strictly prohibited. If you >>>>> receive this e-mail in error, please contact us immediately by return >>>>> e-mail and delete the original message(s). >>>>> >>>>> ------------------------------ >>>>> This message is private and confidential. If you have received it in >>>>> error, please notify the sender and remove it from your system. >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> >>>> >>>> ------------------------------ >>>> MGRC - *Sequence. Analyse. Innovate.* >>>> *Su Seau Yeen >>>> Manager, IT Operations >>>> *** >>>> *Malaysian Genomics Resource Centre Berhad (MGRC)* >>>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | >>>> www.mgrc.com.my >>>> ------------------------------ >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> This e-mail is intended only for the use of the individual or entity >>>> to which it is addressed and may contain confidential and/or privileged >>>> material. Any review, retransmission, dissemination or other use of or >>>> taking of any action in reliance upon this information by persons or >>>> entities other than the intended recipient, is strictly prohibited. If you >>>> receive this e-mail in error, please contact us immediately by return >>>> e-mail and delete the original message(s). >>>> >>>> ------------------------------ >>>> This message is private and confidential. If you have received it in >>>> error, please notify the sender and remove it from your system. >>>> >>>> >>> >>> >>> -- >>> >>> >>> >>> ------------------------------ >>> MGRC - *Sequence. Analyse. Innovate.* >>> *Su Seau Yeen >>> Manager, IT Operations >>> *** >>> *Malaysian Genomics Resource Centre Berhad (MGRC)* >>> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | >>> www.mgrc.com.my >>> ------------------------------ >>> >>> >>> >>> >>> >>> >>> >>> This e-mail is intended only for the use of the individual or entity >>> to which it is addressed and may contain confidential and/or privileged >>> material. Any review, retransmission, dissemination or other use of or >>> taking of any action in reliance upon this information by persons or >>> entities other than the intended recipient, is strictly prohibited. If you >>> receive this e-mail in error, please contact us immediately by return >>> e-mail and delete the original message(s). >>> >>> ------------------------------ >>> This message is private and confidential. If you have received it in >>> error, please notify the sender and remove it from your system. >>> >>> >> >> >> -- >> >> >> >> ------------------------------ >> MGRC - *Sequence. Analyse. Innovate.* >> *Su Seau Yeen >> Manager, IT Operations >> *** >> *Malaysian Genomics Resource Centre Berhad (MGRC)* >> T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | >> www.mgrc.com.my >> ------------------------------ >> >> >> >> >> >> >> >> This e-mail is intended only for the use of the individual or entity >> to which it is addressed and may contain confidential and/or privileged >> material. Any review, retransmission, dissemination or other use of or >> taking of any action in reliance upon this information by persons or >> entities other than the intended recipient, is strictly prohibited. If you >> receive this e-mail in error, please contact us immediately by return >> e-mail and delete the original message(s). >> >> ------------------------------ >> This message is private and confidential. If you have received it in >> error, please notify the sender and remove it from your system. >> >> > > > -- > > > > ------------------------------ > MGRC - *Sequence. Analyse. Innovate.* > *Su Seau Yeen > Manager, IT Operations > *** > *Malaysian Genomics Resource Centre Berhad (MGRC)* > T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | > www.mgrc.com.my > ------------------------------ > > > > > > > > This e-mail is intended only for the use of the individual or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of or > taking of any action in reliance upon this information by persons or > entities other than the intended recipient, is strictly prohibited. If you > receive this e-mail in error, please contact us immediately by return > e-mail and delete the original message(s). > > ------------------------------ > This message is private and confidential. If you have received it in > error, please notify the sender and remove it from your system. > > -- ------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen Manager, IT Operations ** * *Malaysian Genomics Resource Centre Berhad (MGRC)* T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------ This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).

11 years, 6 months

3
4
0 / 0

Where I can report bugs of OpenLDAP?

by Tianyin Xu

Hi, all, Does anyone know where I can report bugs in OpenLDAP? It seems that OpenLDAP does not have bugzilla. Thanks, Tianyin -- Tianyin XU, http://cseweb.ucsd.edu/~tixu/

11 years, 6 months

2
1
0 / 0

clarification on N-way MMR

by mallapadi niranjan

Hi all, I am configuring N-way mmr between 2 Providers (there are no consumers as of now) . My master servers are in this case: ldap1.example.org and ldap2.example.org . version used are: openldap-servers-2.4.23-20.el6.x86_64 I am using http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Masteras my reference for configuration. My syncrepl for cn=config database is as follows: #Specify ServerID for both the masters dn: cn=config changetype: modify add: olcServerID olcServerID: 101 ldap://ldap1.example.org olcServerID: 201 ldap://ldap2.example.org #Enable Syncprov Overlay for config database dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectclass: olcOverlayConfig objectclass: olcSyncProvConfig olcOverlay: syncprov #Configure SyncRepl for config database dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://ldap1.example.orgbinddn="cn=admin,cn=config" bindmethod=simple credentials=config searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://ldap2.example.orgbinddn="cn=admin,cn=config" bindmethod=simple credentials=config searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE my syncrepl for bdb is as follows: dn: olcDatabase={2}bdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=003 provider=ldap://ldap1.example.orgbinddn="cn=replicator,ou=Admins,dc=example,dc=org" bindmethod=simple credentials=Secret123 searchbase="dc=example,dc=org" type=refreshAndPersist retry="5 5 5 +" olcSyncRepl: rid=004 provider=ldap://ldap2.example.orgbinddn="cn=replicator,ou=Admins,dc=example,dc=org" bindmethod=simple credentials=Secret123 searchbase="dc=example,dc=org" type=refreshAndPersist retry="5 5 5 +" - add: olcMirrorMode olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={2}bdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov Q) I would like to know should i have 2 syncrepl agreements in both Masters (ldap1.example.org and ldap2.example.org) Q) On provider-1 (ldap1.example.org) can i just have 1 single olcsyncrepl specifying the provider as "ldap2" ? dn: olcDatabase={2}bdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=003 provider=ldap://ldap2.example.orgbinddn="cn=replicator,ou=Admins,dc=example,dc=org" bindmethod=simple credentials=Secret123 searchbase="dc=example,dc=org" type=refreshAndPersist retry="5 5 5 +" - add: olcMirrorMode olcMirrorMode: TRUE Q) What is the use of specify the olcsyncrepl which is pointing to it's own provider ? Any pointers on the above would be helpful Regards Niranjan

11 years, 6 months

1
0
0 / 0

moduleload is buggy because of libltdl

by Tianyin Xu

I used the newest version, i.e., OpenLDAP-2.4.30, my OS is ubuntu 10.04, and the libltdl version is 2.2.6b-2ubuntu1. I used the following configuration setting in my slapd.conf, trying to load a module. moduleload /home/tianyin/openldap-2.4.30/module/mod_info.so start slapd, and the log shows that: Mar 24 22:06:49 tianyin-desktop slapd[7952]: lt_dlopenext failed: (/home/tianyin/openldap-2.4.30/module/mod_info.so) file not found I'm sure that I used the correct path by ls the path (i'm not stupid) # ll /home/tianyin/openldap-2.4.30/module/mod_info.so -rwxr-xr-x 1 tianyin tianyin 194708 2012-03-24 21:05 /home/tianyin/openldap-2.4.30/module/mod_info.so* use gdb to trace the code. I find the problem is caused by libltdl: if ((module->lib = lt_dlopenext(file)) == NULL) { error = lt_dlerror(); #ifdef HAVE_EBCDIC strcpy( ebuf, error ); __etoa( ebuf ); error = ebuf; #endif => Debug(LDAP_DEBUG_ANY, "lt_dlopenext failed: (%s) %s\n", file_name, error, 0); the call chain is as follows: #0 module_load (file_name=0x91507b "/home/tianyin/openldap-2.4.30/module/mod_info.so", argc=0, argv=0x0) at module.c:190 #1 0x0000000000421284 in config_generic (c=0x915760) at bconfig.c:2021 #2 0x0000000000433a00 in config_set_vals (Conf=0x814a40, c=0x915760) at config.c:345 #3 0x0000000000433f5f in config_add_vals (Conf=0x814a40, c=0x915760) at config.c:418 #4 0x00000000004351b3 in read_config_file (fname=0x5a0a98 "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0, cft=0x8140c0) at config.c:783 #5 0x000000000042846b in read_config (fname=0x0, dir=0x0) at bconfig.c:4213 #6 0x000000000041c217 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792 error returned by lt_dlerror() is a misleading log message, which is really annoying. Thanks, Tianyin -- Tianyin XU, http://cseweb.ucsd.edu/~tixu/

11 years, 6 months

1
0
0 / 0

2.4.30 - libldap & libldap_r do not coexist

by Amol Kulkarni

Hi, I've a program which links to both libldap & libldap_r dynamically. I've been running this program with openldap 2.4.23 without any problem. But when I upgraded to openldap 2.4.30, the program crashes with segfault. The crash occurs at the end when the program is closing connections. I googled and found that libldap & libldap_r should not be used in same process space bcos they one is non-threadsafe and other is threadsafe and they have same symbols. It is difficult for me to solve the problem by changing my compile configuration bcos my program loads 2 third party libraries which load these different versions of ldaplibraries. One solution for me is to make a soft link from libldap to libldap_r, i.e make everyone use the threadsafe library. Would it be create any problems ? Also, can anyone tell why I did not face the problem in 2.4.23 - I mean is there any compile time setting in openldap for this - which I've missed in 2.4.30 ? Thanks and Regards, Amol Kulkarni.

11 years, 6 months

1
0
0 / 0

nested groups for openldap v2.2

by Utsav Mohata

Hi All, Versions of my software are : OpenLDAP 2.2.13-7.4E Samba : 3.0.10-1.4E.11 I am a newbie trying to implement nested groups for openLDAP. Does the above version of OpenLDAP support nested groups ? I have been trying multiple ways to implement nested groups (1) As per my understanding, I could add sids of the subgroups as value of sambSIDList My ldif file : dn: cn=PDM,ou=Groups,dc=example,dc=com cn: PDM objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 625 sambaSid: S-1-5-21-3782130030-2455357663-1162092550-626 sambaGroupType: 2 sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-620 <-- another group entry sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-622 <- another group entry This does not work for me. I read somewhere that this just works for local groups and not domain groups which all of the above groups are. (2) Another idea was to edit the nis.schema and include "member" attribute in posixGroup, which can take other group entries as members. My ldif file is: dn: cn=LKM2,ou=Groups,dc=example,dc=com cn: LKM2 objectClass: posixGroup objectClass: sambaGroupMapping objectClass: top gidNumber: 6099 sambaSid: S-1-5-21-3782130030-2455357663-1162092550-6090 sambaGroupType: 5 displayName: example member: cn=LKM,ou=groups,dc=example,dc=com member: cn=ken1,ou=People, dc=example,dc=com Even this did not work. Am I missing something? Do let me know if I should post output of something else also. Thanks in advance. Apologies if I posted this twice. Rgds, Utsav

11 years, 6 months

1
0
0 / 0

which is the structural object class for posixAccount/shadowAccount?

by stefano

hi, i've a second question: posixAccount and posixShadow are auxiliary objectClasses but i don't understand which is their structural objectclass. i've seen some examples with account object class. is it this one?

11 years, 6 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2012