Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
From: "Ulrich Windl" <Ulrich.Windl(a)rz.uni-regensburg.de>
To: <espeake(a)oreillyauto.com>
Date: 08/29/2013 01:46 AM
Subject: Antw: Re: Object not found
Eric,
following you progress on LDAP, why don't you use a working simple starting
configuration and then try simple steps towards getting where you want to
be at
the end? Only proceed if the current configuration works as intended; if
not
either undo or fix it.
Something like:
olcAccess: {0}to * by dn.base="uid=syncrepl,ou=system,dc=whatever" read by
group/organizationalRole/roleOccupant.exact="cn=LDAP-Manager,dc=whatever"
write
by * break
olcAccess: {1}to attrs=userPassword by self write by * auth
olcAccess: {2}to attrs=shadowLastChange by self write by * read
olcAccess: {3}to attrs=userPKCS12 by self read by * none
olcAccess: {4}to * by * read
You can leave out rule {0}, because that's some local extension used here
(use a group for Managers).
Also I can recommend turning on auth logging for your tests. In
LDIF-format:
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: ACL
-
I also recommend doing frequent database dumps per slapcat, so you can
revert
to a working configuration once you messed up things. However when using
replication, be aware that restoring one node to an older configuration,
the
older node may be overwritten if the other nodes still have a newer
configuration.
To all: Is there an option to slapadd to make any entries actually added
being
"new" (i.e. ignoring CSNs and modification timestamps in the LDIF)?
Regards,
Ulrich
>>> <espeake(a)oreillyauto.com> schrieb am 29.08.2013 um 05:25 in Nachricht
<OF5EFEDB5F.26657526-ON86257BD6.001209FD-86257BD6.0012CADD@LocalDomain>:
> Okay so I have the access list figured out and everything looks good
except
> now the credentials for my user aren't working. I get an error 49
(invalid
> credentials) I have reentered the password for the user. There is one
> other user that will not autenticate. Both of thes users are in the ou
> System. The base admin account can login and get the informatio. Here
is
> the new access list.
>
> olcAccess: {0}to * by
> dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read by
> dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read by
> dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write by
> dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write by
> dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write by *
> break
> olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by
> group/groupOfUniqueNames/uniqueMember="cn=System
> Administrators,ou=Groups,dc=oreillyauto,dc=com" write
> by group/groupOfUniqueNames/uniqueMember="cn=LDAP
> Admin,ou=Groups,dc=oreillyauto,dc=com" write by * none break
> olcAccess: {2}to attrs=userPassword by
>
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillya
> uto,dc=com"
> write by anonymous auth by self write
> olcAccess: {3}to attrs=uid by anonymous read by users read
> olcAccess: {4}to attrs=ou,employeeNumber by users read
> olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com" by
> dn.subtree="ou=Users,dc=oreillyauto,dc=com" none by users read
> olcAccess: {6}to dn.children="ou=Groups,dc=oreillyauto,dc=com" by
> dnattr=owner write by dnattr=uniqueMember read by * none
> olcAccess: {7}to dn.children="ou=Users,dc=oreillyauto,dc=com by self read
> by
>
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillya
> uto,dc=com"
> read by * none
> olcAccess: {8}to * by self read by users read
>
> The two users that I need to work are:
> readOnlyUser
> dn="uid=readOnlyUser,ou=System,dc=oreilly,dc=com
> and
> ldapadmin dn="uid=ldapadmin,
ou=System,dc=oreulllyauto,dc=com
>
> Here is the search and result:
>
> root@tntest-ldap-3:/var/lib/ldap# ldapsearch -Wx -D
> "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" -b
> "dc=oreillyauto,dc=com" -H ldap://<ldap-server>.oreillyauto.com
uid=espeake
> uid dsplayName employeeNumber
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> any and all ideas are welcomed.
> Eric Speake
> Web Systems Administrator
> O'Reilly Auto Parts
>
>
>
> From: Quanah Gibson-Mount <quanah(a)zimbra.com>
> To: espeake(a)oreillyauto.com, openldap-technical(a)openldap.org
> Date: 08/28/2013 11:35 AM
> Subject: Re: Object not found
> Sent by: openldap-technical-bounces(a)OpenLDAP.org
>
>
>
> --On Wednesday, August 28, 2013 8:12 AM -0500 espeake(a)oreillyauto.com
> wrote:
>
>>
>> I have a user name readonly that we use in our applications to get
uid's.
>> THis has worked in the past with our old LDAP solution. We have moved
to
>> 2.4.31 on Ubuntu 12.04 with a n-way Multi master setup.
>>
>> The slap cat for this database looks like this.
>>
>> dn: olcDatabase={1}hdb,cn=config
>> objectClass: olcDatabaseConfig
>> objectClass: olcHdbConfig
>> olcDatabase: {1}hdb
>> olcDbDirectory: /var/lib/ldap
>> olcSuffix: dc=oreillyauto,dc=com
>> olcAccess: {0}to attrs=userPassword by anonymous auth by * none
>> olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by
>> group/groupOfUniqueName
>> s/uniqueMember="cn=System
> Administrators,ou=Groups,dc=oreillyauto,dc=com"
>> wri
>> te by group/groupOfUniqueNames/uniqueMember="cn=LDAP
>> Admin,ou=Groups,dc=oreil
>> lyauto,dc=com" write by * none break
>> olcAccess: {2}to attrs=userPassword by
>> group/groupOfUniqueNames/uniqueMember="
>> cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write by anonymous
auth
>> by s
>> elf write
>
> Hi,
>
> You need to spend some time reading the manual pages and admin guide on
> access rules for slapd.
>
> It is immediately obvious that rule {2) will never evaluate because of
rule
>
> {0}. Those shouldn't even be separate rule lines, they should be a
single
> rule. I haven't looked further because that was so blatant, I'm guessing
> you have any number of other issues in your access lines.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
>
> --
> This message has been scanned for viruses and dangerous content,
> and is believed to be clean.
> Message id: 898DB600A44.A073B
>
>
>
>
> This communication and any attachments are confidential, protected by
> Communications Privacy Act 18 USCS § 2510, solely for the use of the
intended
> recipient, and may contain legally privileged material. If you are not
the
> intended recipient, please return or destroy it immediately. Thank you.
Here what shows up in the log. I am high lighting what I thought would
have been the issue but it appears to be a double-negative so it is not
where it is getting denied. Just must be missing it because it looks like
it really working.
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: conn=1027 op=0 BIND
dn="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" method=128
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (userPassword)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: auth access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_get: [1] attr
userPassword
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_mask: access to entry
"uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_mask: to value by "",
(=0)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=syncrepl,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=readonlyuser,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=ldapadmin,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=newuseradmin,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=passwordadmin,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= acl_mask: no more <who>
clauses, returning =0 (stop)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => slap_access_allowed: auth
access denied by =0
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: no more
rules
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 slapd[18777]: last message repeated 3 times
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= acl_access_allowed: granted
to database root
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (uid)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (description)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (uid)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (description)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdPolicySubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (structuralObjectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryUUID)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (creatorsName)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (createTimestamp)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdPolicySubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (structuralObjectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryUUID)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (creatorsName)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (createTimestamp)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (userPassword)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdChangedTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (userPassword)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdFailureTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdChangedTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdFailureTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (pwdFailureTime)
Aug 29 08:53:32 slapd[18777]: last message repeated 5 times
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryCSN)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryCSN" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (modifiersName)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifiersName"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (modifyTimestamp)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifyTimestamp"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryDN)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryDN" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (entryDN)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (subschemaSubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "subschemaSubentry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (subschemaSubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (hasSubordinates)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "hasSubordinates"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (hasSubordinates)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
Message id: 28CE360097D.AE572
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.