getent passwd inconsistent loginShell with ldapsearch
by Rodney Simioni
Hi,
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
But when I do a ldapsearch command I get:
# check72, people, wh.local
dn: uid=check72,ou=people,dc=wh,dc=local
uid: check72
cn: Johnny Appleseed
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
shadowLastChange: 15140
shadowMax: 99999
shadowWarning: 7
uidNumber: 6072
gidNumber: 6072
homeDirectory: /home/check72
loginShell: /bin/noshell
# check72, group, wh.local
dn: cn=check72,ou=group,dc=wh,dc=local
objectClass: posixGroup
objectClass: top
cn: check72
gidNumber: 6072
userPassword:: e0NSWVBUfXg=
# search result
search: 2
result: 0 Success
I have rstarted slapd and nscd, any clue? Thanks in advance.
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
10 years, 2 months
SASL/PLAIN Passthrough auth
by Robin Helgelin
Hi,
I have a SASL pass-through authentication working when using a simple
bind only on users that has a userPassword starting with {SASL}. When
the users password contains {SASL}extraAuthInformation, the
extraAuthInformation is passed on as username to the saslauthd and
everything works as it should.
However, when using SASL/PLAIN all requests goes to the saslauthd,
without passing the extra information found in userPassword. Another
issue is that the username sent to saslauthd is the username entered
by the user, not the dn found when rewriting the username with
authz-regexp.
Is this by design or did I miss anything? Documentation states that
pass-through should be working with SASL/PLAIN, but perhaps I
misunderstood what it really meant?
--
regards,
Robin
10 years, 2 months
Server is unwilling to perform
by anil beniwal
Hi
We are getting "Server is unwilling to perform" error in our ldap log
files.
Can somebody guide me, why we are getting this.
We are having everything running fine on all the ldap servers.
We have enabled ssl/tls. And its working fine when we connect on port 636
from application.
We are not using ssl/tls for replication.
Mar 8 13:52:51 prodldap01 slapd[10659]: conn=160323 fd=13 ACCEPT from IP=
10.243.129.9:27525 (IP=0.0.0.0:636)
Mar 8 13:52:51 prodldap01 slapd[10659]: conn=160323 fd=13 closed (TLS
negotiation failure)
Mar 8 13:52:56 prodldap01 slapd[10659]: conn=160324 fd=13 ACCEPT from IP=
10.243.129.9:44600 (IP=0.0.0.0:636)
Mar 8 13:52:56 prodldap01 slapd[10659]: conn=160324 fd=13 closed (TLS
negotiation failure)
Mar 8 13:52:56 prodldap01 slapd[10659]: conn=160324 fd=13 closed (TLS
negotiation failure)
Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrep2: rid=001
LDAP_RES_SEARCH_RESULT
Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrep2: rid=001
LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform
Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrep2: rid=001 (53) Server
is unwilling to perform
Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrepl: rid=001 rc -2 retrying
Please let me know , if more details are required.
--
Thanks&Regards
AB
10 years, 2 months
why are ppolicy operational attributes not viewable by default?
by John Baker
We were testing out password policy and noticed
that attributes like pwdFailureTime that are modified during operation are
commented out in the schema so they can't be viewed by the admin.
Does anybody know the reasoning for this? We are thinking that we will want
to be able to see them for debugging problems when we implement a password
policy. But I wondered if that can cause problems if we put them in the
schema or if their are other ways to get to current values on accounts.
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
10 years, 2 months
How to build OpenLDAP against specific OpenSSL install?
by Patrick Lists
Hi,
I'm already using OpenSSL 1.0.1e for nginx 1.3.14 with SPDY support on a
CentOS 6.3 x86_64 box. Now I'm trying to build OpenLDAP 2.4.34 against
OpenSSL 1.0.1e instead of the distro provided OpenSSL. The new OpenSSL
1.0.1e header files are located under /usr/local/include/openssl and the
libs are in /usr/local/lib64.
Here is the way I'm trying to build OpenLDAP 2.4.34:
export CFLAGS="%{optflags} -fPIC -Wl,--as-needed -DLDAP_CONNECTIONLESS"
export LDFLAGS="-L/usr/local/lib64"
export CPPFLAGS="-I/usr/local/include/openssl"
%configure --enable-debug --enable-dynamic --enable-syslog \
--enable-proctitle --enable-ipv6 --enable-local \
--enable-slapd --enable-dynacl --enable-aci \
--enable-cleartext --enable-crypt --enable-lmpasswd \
--enable-spasswd --enable-modules --enable-rewrite \
--enable-rlookups --enable-slapi --disable-slp \
--enable-wrappers --enable-backends=mod --disable-ndb \
--disable-perl --enable-overlays=mod \
--disable-static --enable-shared --with-cyrus-sasl \
--without-fetch --with-threads --with-pic \
--with-tls=openssl --with-gnu-ld
# remove rpath as demanded by Packaging Guidelines
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g'
libtool
#sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make
make install
After the building/installing is done I check the output of ldd slapd I
can see that it still shows the distro provided OpenSSL:
libcrypto.so.10 => /usr/lib64/libcrypto.so.10
libssl.so.10 => /usr/lib64/libssl.so.10
Anyone have a hint how can I force the usage of the OpenSSL header files
in /usr/local/include/openssl and libs in /usr/local/lib64?
Regards,
Patrick
10 years, 2 months
RE: ssh with ldap authentication
by Rodney Simioni
Something new has just transpired. Before leaving work last night, I
created 10 accounts and then tried to ssh in. All the logins failed
prompting for the password.
I came to work this morning, and now all the accounts are able to login
successfully.
Why is it taking so long for the accounts to work?
From: Rodney Simioni
Sent: Tuesday, March 05, 2013 2:17 PM
To: 'openldap-technical(a)openldap.org'
Subject: ssh with ldap authentication
Hi,
I'm new to LDAP. I just created a new user in LDAP and it cannot login
through ssh. It keeps prompting for the password. Any help will be
greatly appreciated.
# dude12, people, wh.local
dn: uid=dude12,ou=people,dc=wh,dc=local
uid: dude12
cn: Johnny Appleseed
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9K2E0YXVTWlYwckMwRUhsVWlNVzBrS2U3MzA1a1JrOVI=
shadowLastChange: 15140
shadowMax: 99999
shadowWarning: 7
uidNumber: 1212
gidNumber: 1212
homeDirectory: /home/dude12
loginShell: /bin/bash
# dude12, group, wh.local
dn: cn=dude12,ou=group,dc=wh,dc=local
objectClass: posixGroup
objectClass: top
cn: dude12
gidNumber: 1212
userPassword:: e0NSWVBUfXg=
# search result
search: 2
result: 0 Success
# numResponses: 220
# numEntries: 219
###############################
When I created the user, the logs indicated.
###############################
Mar 5 13:53:18 rodster slapd[2678]: =>
bdb_dn2id("uid=dude12,ou=people,dc=wh,dc=local")
Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30988)
Mar 5 13:53:18 rodster slapd[2678]: => bdb_dn2id_add 0x628:
"uid=dude12,ou=people,dc=wh,dc=local"
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
%ou=people,dc=wh,dc=local
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
@ou=people,dc=wh,dc=local
Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id_add 0x628: 0
Mar 5 13:53:18 rodster slapd[2678]: => index_entry_add( 1576,
"uid=dude12,ou=people,dc=wh,dc=local" )
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [7c477315]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [1fd53424]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [02537054]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [53430dd1]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [5aef1f7f]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [acefc46f]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [caca4579]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [c37ad51a]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [9b3bdeb2]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [39ebd2f9]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [d7851707]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:54:51 rodster slapd[2678]: connection_get(24)
Mar 5 13:54:51 rodster slapd[2678]: connection_get(24): got connid=1903
Mar 5 13:54:51 rodster slapd[2678]: connection_read(24): checking for
input on id=1903
Mar 5 13:54:51 rodster slapd[2678]: ber_get_next on fd 24 failed
errno=0 (Success)
Mar 5 13:54:51 rodster slapd[2678]: connection_close: conn=1903 sd=24
#######################################
When I try to ssh as the user the logs indicates.
#######################################
Mar 5 14:14:30 rodster slapd[2678]: slap_listener_activate(7):
Mar 5 14:14:30 rodster slapd[2678]: >>> slap_listener(ldap:///)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=0 do_bind
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <>
Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=0
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=1 tag=97
err=0
Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x63, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=1 do_search
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal:
<dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal:
<dc=wh,dc=local>, <dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: SRCH "dc=wh,dc=local" 2 0
Mar 5 14:14:30 rodster slapd[2678]: 1 0 0
Mar 5 14:14:30 rodster slapd[2678]: filter: (uid=dude12)
Mar 5 14:14:30 rodster slapd[2678]: attrs:
Mar 5 14:14:30 rodster slapd[2678]: host
Mar 5 14:14:30 rodster slapd[2678]: authorizedService
Mar 5 14:14:30 rodster slapd[2678]: shadowExpire
Mar 5 14:14:30 rodster slapd[2678]: shadowFlag
Mar 5 14:14:30 rodster slapd[2678]: shadowInactive
Mar 5 14:14:30 rodster slapd[2678]: shadowLastChange
Mar 5 14:14:30 rodster slapd[2678]: shadowMax
Mar 5 14:14:30 rodster slapd[2678]: shadowMin
Mar 5 14:14:30 rodster slapd[2678]: shadowWarning
Mar 5 14:14:30 rodster slapd[2678]: uidNumber
Mar 5 14:14:30 rodster slapd[2678]:
Mar 5 14:14:30 rodster slapd[2678]: ==> limits_get: conn=1910 op=1
self="[anonymous]" this="dc=wh,dc=local"
Mar 5 14:14:30 rodster slapd[2678]: => bdb_search
Mar 5 14:14:30 rodster slapd[2678]: bdb_dn2entry("dc=wh,dc=local")
Mar 5 14:14:30 rodster slapd[2678]: search_candidates:
base="dc=wh,dc=local" (0x00000001) scope=2
Mar 5 14:14:30 rodster slapd[2678]: => bdb_dn2idl("dc=wh,dc=local")
Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates
(objectClass)
Mar 5 14:14:30 rodster slapd[2678]: => key_read
Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [b49d1940]
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read: failed (-30988)
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=0,
first=0, last=0
Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates (uid)
Mar 5 14:14:30 rodster slapd[2678]: => key_read
Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [7c477315]
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read 1 candidates
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=1,
first=1578, last=1578
Mar 5 14:14:30 rodster slapd[2678]: bdb_search_candidates: id=1
first=1578 last=1578
Mar 5 14:14:30 rodster slapd[2678]: => send_search_entry: conn 1910
dn="uid=dude12,ou=people,dc=wh,dc=local"
Mar 5 14:14:30 rodster slapd[2678]: <= send_search_entry: conn 1910
exit.
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=1
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=2 tag=101
err=0
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=2 do_bind
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal:
<uid=dude12,ou=people,dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal:
<uid=dude12,ou=people,dc=wh,dc=local>,
<uid=dude12,ou=people,dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3
dn="uid=dude12,ou=people,dc=wh,dc=local" method=128
Mar 5 14:14:30 rodster slapd[2678]: ==> bdb_bind: dn:
uid=dude12,ou=people,dc=wh,dc=local
Mar 5 14:14:30 rodster slapd[2678]:
bdb_dn2entry("uid=dude12,ou=people,dc=wh,dc=local")
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=2
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=49 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=3 tag=97
err=49
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=3 do_bind
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <>
Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=3
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=4 tag=97
err=0
Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
10 years, 2 months
FW: Userpasswords stored in plain text
by arantza serrano
It works perfect with ppolicy_hash_cleartext!!
Thanks!!
> Date: Wed, 6 Mar 2013 10:13:09 +0000
> From: tw(a)dionic.net
> To: openldap-technical(a)openldap.org
> Subject: Re: Userpasswords stored in plain text
>
> On 06/03/13 09:58, arantza serrano wrote:
> > Hello,
> >
> > I need that the userpasswords are stored hashed. I have configured the
> > slapd.conf file with this option:
> >
> > password-hash {SSHA}
>
> Hi,
>
> That only takes effect if the password is set via an Extended Operation
> password Modify command.
>
> using slapo-ppolicy and setting:
> ppolicy_hash_cleartext
>
> Will catch your cases and hash them.
>
> Another solution is to pre-hash them before sending to ldapadd. You can
> use slappasswd for this - or do it directly in perl for example.
>
> Cheers
>
> Tim
>
> --
> Tim Watts
> Personal Blog: http://squiddy.blog.dionic.net/
>
> http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage
>
10 years, 2 months
Userpasswords stored in plain text
by arantza serrano
Hello,
I need that the userpasswords are stored hashed. I have configured the slapd.conf file with this option:
password-hash {SSHA}
But when I add users with ldapadd command, I pass the values of userpassword in plain text. Like this:
/opt/openldap/bin/ldapadd -x -D "root_dn" -w pass_dn << _EOF
dn: uid=usu3,ou=users,o=my_organization
uid: usu2
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
cn: my_cn
sn: my_sn
mail: my_mail(a)mydomain.com
userPassword: usuario
_EOF
I think that these values must be stored hashed, but they are only store in plain text in base64.
/opt/openldap/bin/ldapsearch -D cn="root_dn" -w pass_dn -x -b o= my_organization uid=usu3 -LLL
dn: uid=usu3,ou=users,o=my_organization
uid: usu2
uid: usu3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: my_cn
sn: my_sn
mail: my_mail(a)mydomain.com
userPassword:: dXN1YXJpbw==
echo dXN1YXJpbw==|base64 -d
usuario
What I am doing wrong?
Thanks!
10 years, 2 months
ssh with ldap authentication
by Rodney Simioni
Hi,
I'm new to LDAP. I just created a new user in LDAP and it cannot login
through ssh. It keeps prompting for the password. Any help will be
greatly appreciated.
# dude12, people, wh.local
dn: uid=dude12,ou=people,dc=wh,dc=local
uid: dude12
cn: Johnny Appleseed
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9K2E0YXVTWlYwckMwRUhsVWlNVzBrS2U3MzA1a1JrOVI=
shadowLastChange: 15140
shadowMax: 99999
shadowWarning: 7
uidNumber: 1212
gidNumber: 1212
homeDirectory: /home/dude12
loginShell: /bin/bash
# dude12, group, wh.local
dn: cn=dude12,ou=group,dc=wh,dc=local
objectClass: posixGroup
objectClass: top
cn: dude12
gidNumber: 1212
userPassword:: e0NSWVBUfXg=
# search result
search: 2
result: 0 Success
# numResponses: 220
# numEntries: 219
###############################
When I created the user, the logs indicated.
###############################
Mar 5 13:53:18 rodster slapd[2678]: =>
bdb_dn2id("uid=dude12,ou=people,dc=wh,dc=local")
Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30988)
Mar 5 13:53:18 rodster slapd[2678]: => bdb_dn2id_add 0x628:
"uid=dude12,ou=people,dc=wh,dc=local"
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
%ou=people,dc=wh,dc=local
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
@ou=people,dc=wh,dc=local
Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id_add 0x628: 0
Mar 5 13:53:18 rodster slapd[2678]: => index_entry_add( 1576,
"uid=dude12,ou=people,dc=wh,dc=local" )
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [7c477315]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [1fd53424]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [02537054]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [53430dd1]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [5aef1f7f]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [acefc46f]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [caca4579]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [c37ad51a]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [9b3bdeb2]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [39ebd2f9]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [d7851707]
Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
Mar 5 13:54:51 rodster slapd[2678]: connection_get(24)
Mar 5 13:54:51 rodster slapd[2678]: connection_get(24): got connid=1903
Mar 5 13:54:51 rodster slapd[2678]: connection_read(24): checking for
input on id=1903
Mar 5 13:54:51 rodster slapd[2678]: ber_get_next on fd 24 failed
errno=0 (Success)
Mar 5 13:54:51 rodster slapd[2678]: connection_close: conn=1903 sd=24
#######################################
When I try to ssh as the user the logs indicates.
#######################################
Mar 5 14:14:30 rodster slapd[2678]: slap_listener_activate(7):
Mar 5 14:14:30 rodster slapd[2678]: >>> slap_listener(ldap:///)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=0 do_bind
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <>
Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=0
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=1 tag=97
err=0
Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x63, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=1 do_search
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal:
<dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal:
<dc=wh,dc=local>, <dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: SRCH "dc=wh,dc=local" 2 0
Mar 5 14:14:30 rodster slapd[2678]: 1 0 0
Mar 5 14:14:30 rodster slapd[2678]: filter: (uid=dude12)
Mar 5 14:14:30 rodster slapd[2678]: attrs:
Mar 5 14:14:30 rodster slapd[2678]: host
Mar 5 14:14:30 rodster slapd[2678]: authorizedService
Mar 5 14:14:30 rodster slapd[2678]: shadowExpire
Mar 5 14:14:30 rodster slapd[2678]: shadowFlag
Mar 5 14:14:30 rodster slapd[2678]: shadowInactive
Mar 5 14:14:30 rodster slapd[2678]: shadowLastChange
Mar 5 14:14:30 rodster slapd[2678]: shadowMax
Mar 5 14:14:30 rodster slapd[2678]: shadowMin
Mar 5 14:14:30 rodster slapd[2678]: shadowWarning
Mar 5 14:14:30 rodster slapd[2678]: uidNumber
Mar 5 14:14:30 rodster slapd[2678]:
Mar 5 14:14:30 rodster slapd[2678]: ==> limits_get: conn=1910 op=1
self="[anonymous]" this="dc=wh,dc=local"
Mar 5 14:14:30 rodster slapd[2678]: => bdb_search
Mar 5 14:14:30 rodster slapd[2678]: bdb_dn2entry("dc=wh,dc=local")
Mar 5 14:14:30 rodster slapd[2678]: search_candidates:
base="dc=wh,dc=local" (0x00000001) scope=2
Mar 5 14:14:30 rodster slapd[2678]: => bdb_dn2idl("dc=wh,dc=local")
Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates
(objectClass)
Mar 5 14:14:30 rodster slapd[2678]: => key_read
Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [b49d1940]
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read: failed (-30988)
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=0,
first=0, last=0
Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates (uid)
Mar 5 14:14:30 rodster slapd[2678]: => key_read
Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [7c477315]
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read 1 candidates
Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=1,
first=1578, last=1578
Mar 5 14:14:30 rodster slapd[2678]: bdb_search_candidates: id=1
first=1578 last=1578
Mar 5 14:14:30 rodster slapd[2678]: => send_search_entry: conn 1910
dn="uid=dude12,ou=people,dc=wh,dc=local"
Mar 5 14:14:30 rodster slapd[2678]: <= send_search_entry: conn 1910
exit.
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=1
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=2 tag=101
err=0
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=2 do_bind
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal:
<uid=dude12,ou=people,dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal:
<uid=dude12,ou=people,dc=wh,dc=local>,
<uid=dude12,ou=people,dc=wh,dc=local>
Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3
dn="uid=dude12,ou=people,dc=wh,dc=local" method=128
Mar 5 14:14:30 rodster slapd[2678]: ==> bdb_bind: dn:
uid=dude12,ou=people,dc=wh,dc=local
Mar 5 14:14:30 rodster slapd[2678]:
bdb_dn2entry("uid=dude12,ou=people,dc=wh,dc=local")
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=2
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=49 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=3 tag=97
err=49
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910
Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
input on id=1910
Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=3 do_bind
Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <>
Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <>
Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=3
p=3
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched=""
text=""
Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=4 tag=97
err=0
Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
10 years, 2 months