openldap-technical March 2013

openldap-technical@openldap.org

84 participants
80 discussions

getent passwd inconsistent loginShell with ldapsearch
by Rodney Simioni 08 Mar '13

08 Mar '13

Hi, When I do a 'getent check72 passwd' I get: check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash But when I do a ldapsearch command I get: # check72, people, wh.local dn: uid=check72,ou=people,dc=wh,dc=local uid: check72 cn: Johnny Appleseed objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k= shadowLastChange: 15140 shadowMax: 99999 shadowWarning: 7 uidNumber: 6072 gidNumber: 6072 homeDirectory: /home/check72 loginShell: /bin/noshell # check72, group, wh.local dn: cn=check72,ou=group,dc=wh,dc=local objectClass: posixGroup objectClass: top cn: check72 gidNumber: 6072 userPassword:: e0NSWVBUfXg= # search result search: 2 result: 0 Success I have rstarted slapd and nscd, any clue? Thanks in advance. This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.

2 3

SASL/PLAIN Passthrough auth
by Robin Helgelin 08 Mar '13

08 Mar '13

Hi, I have a SASL pass-through authentication working when using a simple bind only on users that has a userPassword starting with {SASL}. When the users password contains {SASL}extraAuthInformation, the extraAuthInformation is passed on as username to the saslauthd and everything works as it should. However, when using SASL/PLAIN all requests goes to the saslauthd, without passing the extra information found in userPassword. Another issue is that the username sent to saslauthd is the username entered by the user, not the dn found when rewriting the username with authz-regexp. Is this by design or did I miss anything? Documentation states that pass-through should be working with SASL/PLAIN, but perhaps I misunderstood what it really meant? -- regards, Robin

3 2

Server is unwilling to perform
by anil beniwal 08 Mar '13

08 Mar '13

Hi We are getting "Server is unwilling to perform" error in our ldap log files. Can somebody guide me, why we are getting this. We are having everything running fine on all the ldap servers. We have enabled ssl/tls. And its working fine when we connect on port 636 from application. We are not using ssl/tls for replication. Mar 8 13:52:51 prodldap01 slapd[10659]: conn=160323 fd=13 ACCEPT from IP= 10.243.129.9:27525 (IP=0.0.0.0:636) Mar 8 13:52:51 prodldap01 slapd[10659]: conn=160323 fd=13 closed (TLS negotiation failure) Mar 8 13:52:56 prodldap01 slapd[10659]: conn=160324 fd=13 ACCEPT from IP= 10.243.129.9:44600 (IP=0.0.0.0:636) Mar 8 13:52:56 prodldap01 slapd[10659]: conn=160324 fd=13 closed (TLS negotiation failure) Mar 8 13:52:56 prodldap01 slapd[10659]: conn=160324 fd=13 closed (TLS negotiation failure) Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrep2: rid=001 (53) Server is unwilling to perform Mar 8 13:52:57 prodldap01 slapd[10659]: do_syncrepl: rid=001 rc -2 retrying Please let me know , if more details are required. -- Thanks&Regards AB

1 0

why are ppolicy operational attributes not viewable by default?
by John Baker 08 Mar '13

08 Mar '13

We were testing out password policy and noticed that attributes like pwdFailureTime that are modified during operation are commented out in the schema so they can't be viewed by the admin. Does anybody know the reasoning for this? We are thinking that we will want to be able to see them for debugging problems when we implement a password policy. But I wondered if that can cause problems if we put them in the schema or if their are other ways to get to current values on accounts. -- John Baker Network Administrator Marlboro College Phone: 451-7551 Cell: 490-0066

2 1

How to build OpenLDAP against specific OpenSSL install?
by Patrick Lists 08 Mar '13

08 Mar '13

Hi, I'm already using OpenSSL 1.0.1e for nginx 1.3.14 with SPDY support on a CentOS 6.3 x86_64 box. Now I'm trying to build OpenLDAP 2.4.34 against OpenSSL 1.0.1e instead of the distro provided OpenSSL. The new OpenSSL 1.0.1e header files are located under /usr/local/include/openssl and the libs are in /usr/local/lib64. Here is the way I'm trying to build OpenLDAP 2.4.34: export CFLAGS="%{optflags} -fPIC -Wl,--as-needed -DLDAP_CONNECTIONLESS" export LDFLAGS="-L/usr/local/lib64" export CPPFLAGS="-I/usr/local/include/openssl" %configure --enable-debug --enable-dynamic --enable-syslog \ --enable-proctitle --enable-ipv6 --enable-local \ --enable-slapd --enable-dynacl --enable-aci \ --enable-cleartext --enable-crypt --enable-lmpasswd \ --enable-spasswd --enable-modules --enable-rewrite \ --enable-rlookups --enable-slapi --disable-slp \ --enable-wrappers --enable-backends=mod --disable-ndb \ --disable-perl --enable-overlays=mod \ --disable-static --enable-shared --with-cyrus-sasl \ --without-fetch --with-threads --with-pic \ --with-tls=openssl --with-gnu-ld # remove rpath as demanded by Packaging Guidelines sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool #sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool make make install After the building/installing is done I check the output of ldd slapd I can see that it still shows the distro provided OpenSSL: libcrypto.so.10 => /usr/lib64/libcrypto.so.10 libssl.so.10 => /usr/lib64/libssl.so.10 Anyone have a hint how can I force the usage of the OpenSSL header files in /usr/local/include/openssl and libs in /usr/local/lib64? Regards, Patrick

2 2

RE: ssh with ldap authentication
by Rodney Simioni 06 Mar '13

06 Mar '13

Something new has just transpired. Before leaving work last night, I created 10 accounts and then tried to ssh in. All the logins failed prompting for the password. I came to work this morning, and now all the accounts are able to login successfully. Why is it taking so long for the accounts to work? From: Rodney Simioni Sent: Tuesday, March 05, 2013 2:17 PM To: 'openldap-technical(a)openldap.org' Subject: ssh with ldap authentication Hi, I'm new to LDAP. I just created a new user in LDAP and it cannot login through ssh. It keeps prompting for the password. Any help will be greatly appreciated. # dude12, people, wh.local dn: uid=dude12,ou=people,dc=wh,dc=local uid: dude12 cn: Johnny Appleseed objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e1NTSEF9K2E0YXVTWlYwckMwRUhsVWlNVzBrS2U3MzA1a1JrOVI= shadowLastChange: 15140 shadowMax: 99999 shadowWarning: 7 uidNumber: 1212 gidNumber: 1212 homeDirectory: /home/dude12 loginShell: /bin/bash # dude12, group, wh.local dn: cn=dude12,ou=group,dc=wh,dc=local objectClass: posixGroup objectClass: top cn: dude12 gidNumber: 1212 userPassword:: e0NSWVBUfXg= # search result search: 2 result: 0 Success # numResponses: 220 # numEntries: 219 ############################### When I created the user, the logs indicated. ############################### Mar 5 13:53:18 rodster slapd[2678]: => bdb_dn2id("uid=dude12,ou=people,dc=wh,dc=local") Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) Mar 5 13:53:18 rodster slapd[2678]: => bdb_dn2id_add 0x628: "uid=dude12,ou=people,dc=wh,dc=local" Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 %ou=people,dc=wh,dc=local Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 @ou=people,dc=wh,dc=local Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id_add 0x628: 0 Mar 5 13:53:18 rodster slapd[2678]: => index_entry_add( 1576, "uid=dude12,ou=people,dc=wh,dc=local" ) Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [7c477315] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [1fd53424] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [02537054] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [53430dd1] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [5aef1f7f] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [acefc46f] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [caca4579] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [c37ad51a] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [9b3bdeb2] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [39ebd2f9] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [d7851707] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:54:51 rodster slapd[2678]: connection_get(24) Mar 5 13:54:51 rodster slapd[2678]: connection_get(24): got connid=1903 Mar 5 13:54:51 rodster slapd[2678]: connection_read(24): checking for input on id=1903 Mar 5 13:54:51 rodster slapd[2678]: ber_get_next on fd 24 failed errno=0 (Success) Mar 5 13:54:51 rodster slapd[2678]: connection_close: conn=1903 sd=24 ####################################### When I try to ssh as the user the logs indicates. ####################################### Mar 5 14:14:30 rodster slapd[2678]: slap_listener_activate(7): Mar 5 14:14:30 rodster slapd[2678]: >>> slap_listener(ldap:///) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=0 do_bind Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=0 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=1 tag=97 err=0 Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x63, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=1 do_search Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <dc=wh,dc=local>, <dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: SRCH "dc=wh,dc=local" 2 0 Mar 5 14:14:30 rodster slapd[2678]: 1 0 0 Mar 5 14:14:30 rodster slapd[2678]: filter: (uid=dude12) Mar 5 14:14:30 rodster slapd[2678]: attrs: Mar 5 14:14:30 rodster slapd[2678]: host Mar 5 14:14:30 rodster slapd[2678]: authorizedService Mar 5 14:14:30 rodster slapd[2678]: shadowExpire Mar 5 14:14:30 rodster slapd[2678]: shadowFlag Mar 5 14:14:30 rodster slapd[2678]: shadowInactive Mar 5 14:14:30 rodster slapd[2678]: shadowLastChange Mar 5 14:14:30 rodster slapd[2678]: shadowMax Mar 5 14:14:30 rodster slapd[2678]: shadowMin Mar 5 14:14:30 rodster slapd[2678]: shadowWarning Mar 5 14:14:30 rodster slapd[2678]: uidNumber Mar 5 14:14:30 rodster slapd[2678]: Mar 5 14:14:30 rodster slapd[2678]: ==> limits_get: conn=1910 op=1 self="[anonymous]" this="dc=wh,dc=local" Mar 5 14:14:30 rodster slapd[2678]: => bdb_search Mar 5 14:14:30 rodster slapd[2678]: bdb_dn2entry("dc=wh,dc=local") Mar 5 14:14:30 rodster slapd[2678]: search_candidates: base="dc=wh,dc=local" (0x00000001) scope=2 Mar 5 14:14:30 rodster slapd[2678]: => bdb_dn2idl("dc=wh,dc=local") Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates (objectClass) Mar 5 14:14:30 rodster slapd[2678]: => key_read Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [b49d1940] Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read: failed (-30988) Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=0, first=0, last=0 Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates (uid) Mar 5 14:14:30 rodster slapd[2678]: => key_read Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [7c477315] Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read 1 candidates Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=1, first=1578, last=1578 Mar 5 14:14:30 rodster slapd[2678]: bdb_search_candidates: id=1 first=1578 last=1578 Mar 5 14:14:30 rodster slapd[2678]: => send_search_entry: conn 1910 dn="uid=dude12,ou=people,dc=wh,dc=local" Mar 5 14:14:30 rodster slapd[2678]: <= send_search_entry: conn 1910 exit. Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=1 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=2 tag=101 err=0 Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=2 do_bind Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <uid=dude12,ou=people,dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <uid=dude12,ou=people,dc=wh,dc=local>, <uid=dude12,ou=people,dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="uid=dude12,ou=people,dc=wh,dc=local" method=128 Mar 5 14:14:30 rodster slapd[2678]: ==> bdb_bind: dn: uid=dude12,ou=people,dc=wh,dc=local Mar 5 14:14:30 rodster slapd[2678]: bdb_dn2entry("uid=dude12,ou=people,dc=wh,dc=local") Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=2 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=49 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=3 tag=97 err=49 Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=3 do_bind Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=3 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=4 tag=97 err=0 Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.

4 13

configuring digital certificate on openldap
by Jignesh Patel 06 Mar '13

06 Mar '13

I am working on setting ldap certification discovery on openldap 2.4. version. Is it possible to configure it such that an CERT entry like "test.direct.icare.com" gets translated to the "certificate" attribute of a mapped inetOrgPerson

1 0

FW: Userpasswords stored in plain text
by arantza serrano 06 Mar '13

06 Mar '13

It works perfect with ppolicy_hash_cleartext!! Thanks!! > Date: Wed, 6 Mar 2013 10:13:09 +0000 > From: tw(a)dionic.net > To: openldap-technical(a)openldap.org > Subject: Re: Userpasswords stored in plain text > > On 06/03/13 09:58, arantza serrano wrote: > > Hello, > > > > I need that the userpasswords are stored hashed. I have configured the > > slapd.conf file with this option: > > > > password-hash {SSHA} > > Hi, > > That only takes effect if the password is set via an Extended Operation > password Modify command. > > using slapo-ppolicy and setting: > ppolicy_hash_cleartext > > Will catch your cases and hash them. > > Another solution is to pre-hash them before sending to ldapadd. You can > use slappasswd for this - or do it directly in perl for example. > > Cheers > > Tim > > -- > Tim Watts > Personal Blog: http://squiddy.blog.dionic.net/ > > http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage >

1 0

Userpasswords stored in plain text
by arantza serrano 06 Mar '13

06 Mar '13

Hello, I need that the userpasswords are stored hashed. I have configured the slapd.conf file with this option: password-hash {SSHA} But when I add users with ldapadd command, I pass the values of userpassword in plain text. Like this: /opt/openldap/bin/ldapadd -x -D "root_dn" -w pass_dn << _EOF dn: uid=usu3,ou=users,o=my_organization uid: usu2 objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson cn: my_cn sn: my_sn mail: my_mail(a)mydomain.com userPassword: usuario _EOF I think that these values must be stored hashed, but they are only store in plain text in base64. /opt/openldap/bin/ldapsearch -D cn="root_dn" -w pass_dn -x -b o= my_organization uid=usu3 -LLL dn: uid=usu3,ou=users,o=my_organization uid: usu2 uid: usu3 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: my_cn sn: my_sn mail: my_mail(a)mydomain.com userPassword:: dXN1YXJpbw== echo dXN1YXJpbw==|base64 -d usuario What I am doing wrong? Thanks!

3 2

ssh with ldap authentication
by Rodney Simioni 06 Mar '13

06 Mar '13

Hi, I'm new to LDAP. I just created a new user in LDAP and it cannot login through ssh. It keeps prompting for the password. Any help will be greatly appreciated. # dude12, people, wh.local dn: uid=dude12,ou=people,dc=wh,dc=local uid: dude12 cn: Johnny Appleseed objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e1NTSEF9K2E0YXVTWlYwckMwRUhsVWlNVzBrS2U3MzA1a1JrOVI= shadowLastChange: 15140 shadowMax: 99999 shadowWarning: 7 uidNumber: 1212 gidNumber: 1212 homeDirectory: /home/dude12 loginShell: /bin/bash # dude12, group, wh.local dn: cn=dude12,ou=group,dc=wh,dc=local objectClass: posixGroup objectClass: top cn: dude12 gidNumber: 1212 userPassword:: e0NSWVBUfXg= # search result search: 2 result: 0 Success # numResponses: 220 # numEntries: 219 ############################### When I created the user, the logs indicated. ############################### Mar 5 13:53:18 rodster slapd[2678]: => bdb_dn2id("uid=dude12,ou=people,dc=wh,dc=local") Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) Mar 5 13:53:18 rodster slapd[2678]: => bdb_dn2id_add 0x628: "uid=dude12,ou=people,dc=wh,dc=local" Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 %ou=people,dc=wh,dc=local Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 @ou=people,dc=wh,dc=local Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id_add 0x628: 0 Mar 5 13:53:18 rodster slapd[2678]: => index_entry_add( 1576, "uid=dude12,ou=people,dc=wh,dc=local" ) Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [7c477315] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [1fd53424] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [02537054] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [53430dd1] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [5aef1f7f] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [acefc46f] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [caca4579] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [c37ad51a] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [9b3bdeb2] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [39ebd2f9] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628 [d7851707] Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0 Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628) Mar 5 13:54:51 rodster slapd[2678]: connection_get(24) Mar 5 13:54:51 rodster slapd[2678]: connection_get(24): got connid=1903 Mar 5 13:54:51 rodster slapd[2678]: connection_read(24): checking for input on id=1903 Mar 5 13:54:51 rodster slapd[2678]: ber_get_next on fd 24 failed errno=0 (Success) Mar 5 13:54:51 rodster slapd[2678]: connection_close: conn=1903 sd=24 ####################################### When I try to ssh as the user the logs indicates. ####################################### Mar 5 14:14:30 rodster slapd[2678]: slap_listener_activate(7): Mar 5 14:14:30 rodster slapd[2678]: >>> slap_listener(ldap:///) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=0 do_bind Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=0 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=1 tag=97 err=0 Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x63, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=1 do_search Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <dc=wh,dc=local>, <dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: SRCH "dc=wh,dc=local" 2 0 Mar 5 14:14:30 rodster slapd[2678]: 1 0 0 Mar 5 14:14:30 rodster slapd[2678]: filter: (uid=dude12) Mar 5 14:14:30 rodster slapd[2678]: attrs: Mar 5 14:14:30 rodster slapd[2678]: host Mar 5 14:14:30 rodster slapd[2678]: authorizedService Mar 5 14:14:30 rodster slapd[2678]: shadowExpire Mar 5 14:14:30 rodster slapd[2678]: shadowFlag Mar 5 14:14:30 rodster slapd[2678]: shadowInactive Mar 5 14:14:30 rodster slapd[2678]: shadowLastChange Mar 5 14:14:30 rodster slapd[2678]: shadowMax Mar 5 14:14:30 rodster slapd[2678]: shadowMin Mar 5 14:14:30 rodster slapd[2678]: shadowWarning Mar 5 14:14:30 rodster slapd[2678]: uidNumber Mar 5 14:14:30 rodster slapd[2678]: Mar 5 14:14:30 rodster slapd[2678]: ==> limits_get: conn=1910 op=1 self="[anonymous]" this="dc=wh,dc=local" Mar 5 14:14:30 rodster slapd[2678]: => bdb_search Mar 5 14:14:30 rodster slapd[2678]: bdb_dn2entry("dc=wh,dc=local") Mar 5 14:14:30 rodster slapd[2678]: search_candidates: base="dc=wh,dc=local" (0x00000001) scope=2 Mar 5 14:14:30 rodster slapd[2678]: => bdb_dn2idl("dc=wh,dc=local") Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates (objectClass) Mar 5 14:14:30 rodster slapd[2678]: => key_read Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [b49d1940] Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read: failed (-30988) Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=0, first=0, last=0 Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates (uid) Mar 5 14:14:30 rodster slapd[2678]: => key_read Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [7c477315] Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read 1 candidates Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=1, first=1578, last=1578 Mar 5 14:14:30 rodster slapd[2678]: bdb_search_candidates: id=1 first=1578 last=1578 Mar 5 14:14:30 rodster slapd[2678]: => send_search_entry: conn 1910 dn="uid=dude12,ou=people,dc=wh,dc=local" Mar 5 14:14:30 rodster slapd[2678]: <= send_search_entry: conn 1910 exit. Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=1 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=2 tag=101 err=0 Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=2 do_bind Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <uid=dude12,ou=people,dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <uid=dude12,ou=people,dc=wh,dc=local>, <uid=dude12,ou=people,dc=wh,dc=local> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="uid=dude12,ou=people,dc=wh,dc=local" method=128 Mar 5 14:14:30 rodster slapd[2678]: ==> bdb_bind: dn: uid=dude12,ou=people,dc=wh,dc=local Mar 5 14:14:30 rodster slapd[2678]: bdb_dn2entry("uid=dude12,ou=people,dc=wh,dc=local") Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=2 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=49 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=3 tag=97 err=49 Mar 5 14:14:30 rodster slapd[2678]: connection_get(17) Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got connid=1910 Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for input on id=1910 Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870 Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=3 do_bind Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn="" method=128 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=3 p=3 Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text="" Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=4 tag=97 err=0 Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.

3 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2013