openldap-technical September 2013

openldap-technical@openldap.org

72 participants
78 discussions

Re: Problem pwdChangedTime
by felas 06 Sep '13

06 Sep '13

I don't know!... Il giorno 06/set/2013 22:49, "Turbo Fredriksson" <turbo(a)bayour.com> ha scritto: > On Sep 6, 2013, at 9:50 PM, felas wrote: > > > I try to add ppolicy.ldif to my schema, but no success. > > Why not? > -- > Build a man a fire, and he will be warm for the night. > Set a man on fire and he will be warm for the rest of his life. > >

1 0

2.4.36: test050-syncrepl-multimaster failed for mdm
by Покотиленко Костик 06 Sep '13

06 Sep '13

Following Quanah's advise tried to build 2.4.36 from sources: # ./configure # make depend # make ... test failed - server 1 and server 2 databases differ >>>>> test050-syncrepl-multimaster failed for mdm (exit 1) How bad is this?

2 3

SyncRepl Chaining
by espeake＠oreillyauto.com 06 Sep '13

06 Sep '13

I believe we are very close to our goal of a master/slave syncrepl configuration. I have a master that through refreshAndPersist instantly updates the slave servers. The issue I am having is is passing on updates to the master server for writing the updated information. This is the error message I get. ldap_modify: Strong(er) authentication required (8) I have set up chainingin bother the {-1}frontend database and the {1}hdb database. My understanding of what I read in man slapd-conf is that any attributes used in the {-1}frontend makes these global and I should not need that setup anywhere else unless I need to override the settings fro an individual DB. TLS with openSSL is setup through the compiling of the openldap. I am attaching the slapcat from my master. Any and all help is appreciated. (See attached file: config-20130819-master.ldif) Thank you, Eric Speake Web Systems Administrator O'Reilly Auto PartsThis communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.

2 1

overlay accesslog entrydn conflict problem (err=68)
by gottabogh 06 Sep '13

06 Sep '13

Hi all, I have a problem with overlay accesslog. Here is my overlay configuration: overlay accesslog logdb dc=log,dc=ciccio.it logops all logold (objectclass=inetOrgPerson) logpurge 10+00:00 08:00 logsuccess FALSE If I try: ldapwhoami -H ldap://myserver -D "uid=myuser,ou=People,dc= ciccio.it" -W I obtain this in the log: Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=19 ADD dn="reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it" Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=19 RESULT tag=105 err=0 text= Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1005 op=12 ADD dn="reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it" Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1005 op=12 RESULT tag=105 err=68 text= Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=20 ADD dn="reqStart=20130826100104.000004Z,dc=log,dc=ciccio.it" Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=20 RESULT tag=105 err=0 text= And those are the entries in the dblog: # 20130826100104.000000Z, log.ciccio.it dn: reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it objectClass: auditSearch reqStart: 20130826100104.000000Z reqEnd: 20130826100104.000001Z reqType: search reqSession: 1011 reqAuthzID: cn=Manager,dc=ciccio.it reqDN: uid=myuser,ou=People,dc=ciccio.it reqResult: 0 reqScope: base reqDerefAliases: never reqAttrsOnly: FALSE reqFilter: (objectClass=groupOfNames) reqAttr: member reqEntries: 0 reqTimeLimit: -1 reqSizeLimit: 1 # 20130826100104.000004Z, log.ciccio.it dn: reqStart=20130826100104.000004Z,dc=log,dc=ciccio.it objectClass: auditObject reqStart: 20130826100104.000004Z reqEnd: 20130826100104.000005Z reqType: unbind reqSession: 1011 reqAuthzID: uid=myuser,ou=People,dc=ciccio.it Like you can see there are a search and a unbind, but not the bind operation. I think that err=68 is because ldapwhoami is composed of search, bind, unbind. Since the first two operation are executed at the same time and the dn of a new entry is generated using reqStart, the bind operation takes error 68 (LDAP_ALREADY_EXISTS). How can I get around this problem? Can I modify generation of entrydn in the dblog? For example compose it in this way: "reqStart=xxxx,reqType=yyyy,dc=log,dc=ciccio.it" Thanks a lot, Fabio.

2 1

Fw: SyncRepl Chaining
by espeake＠oreillyauto.com 06 Sep '13

06 Sep '13

Bumping. Eric Speake Web Systems Administrator O'Reilly Auto Parts ----- Forwarded by Eric Speake/OReilly on 08/20/2013 07:39 AM ----- From: Eric Speake/OReilly To: openldap-technical(a)openldap.org Date: 08/19/2013 09:46 AM Subject: SyncRepl Chaining I believe we are very close to our goal of a master/slave syncrepl configuration. I have a master that through refreshAndPersist instantly updates the slave servers. The issue I am having is is passing on updates to the master server for writing the updated information. This is the error message I get. ldap_modify: Strong(er) authentication required (8) I have set up chainingin bother the {-1}frontend database and the {1}hdb database. My understanding of what I read in man slapd-conf is that any attributes used in the {-1}frontend makes these global and I should not need that setup anywhere else unless I need to override the settings fro an individual DB. TLS with openSSL is setup through the compiling of the openldap. I am attaching the slapcat from my master. Any and all help is appreciated. (See attached file: config-20130819-master.ldif) Thank you, Eric Speake Web Systems Administrator O'Reilly Auto PartsThis communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.

1 1

OpenLDAP 2.4.36 slapd stop with assertion fail message
by "POISSON Frédéric" 06 Sep '13

06 Sep '13

Hello, I'm testing the latest release of OpenLDAP 2.4.36 and my slapd stop while i'm doing a change on cn=config. My tests are with my own compilation of OpenLDAP on a RHEL6 server but i see the same problem with "LTB project RPMs" http://ltb-project.org/wiki/download#openldap with RHEL6 package. My aim is to modify cn=config like this in order to implement TLS, here is my ldif : dn: cn=config changetype: modify add: olcTLSRandFile olcTLSRandFile: /dev/random The server shutdown when i add this entry and with slapd option "-d 255" i have : slapd: result.c:813: slap_send_ldap_result: Assertion `!((rs->sr_err)<0)' failed. /etc/init.d/slapd: line 285: 5461 Aborted $SLAPD_BIN -h "$SLAPD_SERVICES" $SLAPD_PARAMS Notice that i test this ldif modification on release 2.4.35 without problem. Is there any changes inside cn=config behavior with release 2.4.36 that i don't see ? Thanks in advance, Regards, PS: In attachment my cn=config with slapcat, and the lines when starting slapd with debug -d 255. -- Frederic Poisson

2 1

Group values not returned with "id" command
by Justin Edmands 05 Sep '13

05 Sep '13

Hey, Certainly new to migrations of LDAP. I migrated our old setup from OpenLDAP to 389 Directory Server. When using the "id" command on an LDAP client, it only returns uid,gid, and one group. It for some reason does not show all of the actual groups that the user is associated with. What is set to return these values and what setting ensures they are properly mapped from OpenLDAP to 389DS? ### OpenLDAP example: ### [root openldapclient ~]# id jedmands uid=9999(jedmands) gid=100(users) groups=100(users),5000(manager),5001(linuxadmin),5002(storageadmin),5003(dbadmin),5004(webadmin),5006(it) ### 389 DS Example: ### [root 389dsclient ~]# id jedmands uid=9999(jedmands) gid=100(users) groups=100(users) Notes: Posted this to the 389-users list, nothing received. We are using the memberOf plugin for 389DS. I don't know too much about the openldap environment. I moved to CentOS 6 and figured DS was the way to go with SSL/TLS

3 4

ldappasswd: account has expired (account expired)
by john espiro 04 Sep '13

04 Sep '13

We have opnldap (Version: 2.4.31-1ubuntu2.1) setup on our ubuntu server. Just migrated over from an older server and are getting this message for a user: Our users can login to webmail to send and receive mail, and other stuff like that, they can download pop3 mail via desktop client, but when they go to send out, or su to that user we get messages like this: auth: pam_unix(dovecot:account): account has expired (account expired) Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated. How can we resolve this? /usr/share/slapd/slapd.conf access to attrs=userPassword,shadowLastChange by dn="@ADMIN@" write by anonymous auth by self write by * none access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to * by dn="@ADMIN@" write by * read Package: slapd Status: install ok installed Priority: optional Section: net Installed-Size: 4101 Maintainer: Ubuntu Developers <ubuntu-devel-discuss(a)lists.ubuntu.com> Architecture: amd64 Source: openldap Version: 2.4.31-1ubuntu2.1 Replaces: ldap-utils (<< 2.2.23-3), libldap2 Provides: ldap-server, libslapi-2.4-2 Depends: libc6 (>= 2.15), libdb5.1, libldap-2.4-2 (= 2.4.31-1ubuntu2.1), libltdl7 (>= 2.4.2), libodbc1 (>= 2.2.11) | unixodbc (>= 2.2.11), libperl5.14 (>= 5.14.2), libsasl2-2 (>= 2.1.24), libslp1, libwrap0 (>= 7.6-4~), coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl, adduser, lsb-base (>= 3.2-13) Pre-Depends: debconf (>= 0.5) | debconf-2.0, multiarch-support Recommends: libsasl2-modules Suggests: ldap-utils, ufw Conflicts: ldap-server, libltdl3 (= 1.5.4-1), umich-ldapd Conffiles:

3 2

Shadow context when modifying syncrepl sections
by Yann Bordenave 04 Sep '13

04 Sep '13

Hi, I run a 3-way multi master system and I'm replicating both configuration and payload database. When I modify something related to the syncrepl sections, I am unable to make changes on my data. I have an error message like the following: err=53, Server is unwilling to perform : shadow context; no update referral Do you have any clue about how to prevent it without having to reboot the slapd daemons ? Thank you for your answers. -- Yann Bordenave - Intern, R&E Infrastructure Smartjog S.A.S. - http://www.smartjog.com - Groupe TDF 27 Bd Hippolyte Marques, 94200 Ivry sur Seine, France Cell : +33.6.68.86.81.61

2 5

Re: Antw: Re: Object not found
by espeake＠oreillyauto.com 03 Sep '13

03 Sep '13

Eric Speake Web Systems Administrator O'Reilly Auto Parts From: "Ulrich Windl" <Ulrich.Windl(a)rz.uni-regensburg.de> To: <espeake(a)oreillyauto.com> Date: 08/29/2013 01:46 AM Subject: Antw: Re: Object not found Eric, following you progress on LDAP, why don't you use a working simple starting configuration and then try simple steps towards getting where you want to be at the end? Only proceed if the current configuration works as intended; if not either undo or fix it. Something like: olcAccess: {0}to * by dn.base="uid=syncrepl,ou=system,dc=whatever" read by group/organizationalRole/roleOccupant.exact="cn=LDAP-Manager,dc=whatever" write by * break olcAccess: {1}to attrs=userPassword by self write by * auth olcAccess: {2}to attrs=shadowLastChange by self write by * read olcAccess: {3}to attrs=userPKCS12 by self read by * none olcAccess: {4}to * by * read You can leave out rule {0}, because that's some local extension used here (use a group for Managers). Also I can recommend turning on auth logging for your tests. In LDIF-format: dn: cn=config changetype: modify add: olcLogLevel olcLogLevel: ACL - I also recommend doing frequent database dumps per slapcat, so you can revert to a working configuration once you messed up things. However when using replication, be aware that restoring one node to an older configuration, the older node may be overwritten if the other nodes still have a newer configuration. To all: Is there an option to slapadd to make any entries actually added being "new" (i.e. ignoring CSNs and modification timestamps in the LDIF)? Regards, Ulrich >>> <espeake(a)oreillyauto.com> schrieb am 29.08.2013 um 05:25 in Nachricht <OF5EFEDB5F.26657526-ON86257BD6.001209FD-86257BD6.0012CADD@LocalDomain>: > Okay so I have the access list figured out and everything looks good except > now the credentials for my user aren't working. I get an error 49 (invalid > credentials) I have reentered the password for the user. There is one > other user that will not autenticate. Both of thes users are in the ou > System. The base admin account can login and get the informatio. Here is > the new access list. > > olcAccess: {0}to * by > dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read by > dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read by > dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write by > dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write by > dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write by * > break > olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by > group/groupOfUniqueNames/uniqueMember="cn=System > Administrators,ou=Groups,dc=oreillyauto,dc=com" write > by group/groupOfUniqueNames/uniqueMember="cn=LDAP > Admin,ou=Groups,dc=oreillyauto,dc=com" write by * none break > olcAccess: {2}to attrs=userPassword by > group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillya > uto,dc=com" > write by anonymous auth by self write > olcAccess: {3}to attrs=uid by anonymous read by users read > olcAccess: {4}to attrs=ou,employeeNumber by users read > olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com" by > dn.subtree="ou=Users,dc=oreillyauto,dc=com" none by users read > olcAccess: {6}to dn.children="ou=Groups,dc=oreillyauto,dc=com" by > dnattr=owner write by dnattr=uniqueMember read by * none > olcAccess: {7}to dn.children="ou=Users,dc=oreillyauto,dc=com by self read > by > group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillya > uto,dc=com" > read by * none > olcAccess: {8}to * by self read by users read > > The two users that I need to work are: > readOnlyUser > dn="uid=readOnlyUser,ou=System,dc=oreilly,dc=com > and > ldapadmin dn="uid=ldapadmin, ou=System,dc=oreulllyauto,dc=com > > Here is the search and result: > > root@tntest-ldap-3:/var/lib/ldap# ldapsearch -Wx -D > "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" -b > "dc=oreillyauto,dc=com" -H ldap://<ldap-server>.oreillyauto.com uid=espeake > uid dsplayName employeeNumber > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > any and all ideas are welcomed. > Eric Speake > Web Systems Administrator > O'Reilly Auto Parts > > > > From: Quanah Gibson-Mount <quanah(a)zimbra.com> > To: espeake(a)oreillyauto.com, openldap-technical(a)openldap.org > Date: 08/28/2013 11:35 AM > Subject: Re: Object not found > Sent by: openldap-technical-bounces(a)OpenLDAP.org > > > > --On Wednesday, August 28, 2013 8:12 AM -0500 espeake(a)oreillyauto.com > wrote: > >> >> I have a user name readonly that we use in our applications to get uid's. >> THis has worked in the past with our old LDAP solution. We have moved to >> 2.4.31 on Ubuntu 12.04 with a n-way Multi master setup. >> >> The slap cat for this database looks like this. >> >> dn: olcDatabase={1}hdb,cn=config >> objectClass: olcDatabaseConfig >> objectClass: olcHdbConfig >> olcDatabase: {1}hdb >> olcDbDirectory: /var/lib/ldap >> olcSuffix: dc=oreillyauto,dc=com >> olcAccess: {0}to attrs=userPassword by anonymous auth by * none >> olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by >> group/groupOfUniqueName >> s/uniqueMember="cn=System > Administrators,ou=Groups,dc=oreillyauto,dc=com" >> wri >> te by group/groupOfUniqueNames/uniqueMember="cn=LDAP >> Admin,ou=Groups,dc=oreil >> lyauto,dc=com" write by * none break >> olcAccess: {2}to attrs=userPassword by >> group/groupOfUniqueNames/uniqueMember=" >> cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write by anonymous auth >> by s >> elf write > > Hi, > > You need to spend some time reading the manual pages and admin guide on > access rules for slapd. > > It is immediately obvious that rule {2) will never evaluate because of rule > > {0}. Those shouldn't even be separate rule lines, they should be a single > rule. I haven't looked further because that was so blatant, I'm guessing > you have any number of other issues in your access lines. > > --Quanah > > -- > > Quanah Gibson-Mount > Lead Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration > > > -- > This message has been scanned for viruses and dangerous content, > and is believed to be clean. > Message id: 898DB600A44.A073B > > > > > This communication and any attachments are confidential, protected by > Communications Privacy Act 18 USCS § 2510, solely for the use of the intended > recipient, and may contain legally privileged material. If you are not the > intended recipient, please return or destroy it immediately. Thank you. Here what shows up in the log. I am high lighting what I thought would have been the issue but it appears to be a double-negative so it is not where it is getting denied. Just must be missing it because it looks like it really working. Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: conn=1027 op=0 BIND dn="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" method=128 Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com" Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (userPassword) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: auth access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_get: [1] attr userPassword Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_mask: access to entry "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_mask: to value by "", (=0) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat: uid=syncrepl,ou=system,dc=oreillyauto,dc=com Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat: uid=readonlyuser,ou=system,dc=oreillyauto,dc=com Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat: uid=ldapadmin,ou=system,dc=oreillyauto,dc=com Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat: uid=newuseradmin,ou=system,dc=oreillyauto,dc=com Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat: uid=passwordadmin,ou=system,dc=oreillyauto,dc=com Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= acl_mask: no more <who> clauses, returning =0 (stop) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => slap_access_allowed: auth access denied by =0 Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: no more rules Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Aug 29 08:53:32 slapd[18777]: last message repeated 3 times Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com" Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= acl_access_allowed: granted to database root Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (objectClass) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (objectClass) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (uid) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (description) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (objectClass) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (objectClass) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (uid) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (description) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdPolicySubentry) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (structuralObjectClass) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "structuralObjectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (entryUUID) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (creatorsName) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (createTimestamp) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdHistory) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdPolicySubentry) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (structuralObjectClass) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "structuralObjectClass" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (entryUUID) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (creatorsName) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (createTimestamp) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdHistory) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (pwdHistory) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (userPassword) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (pwdHistory) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdChangedTime) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (userPassword) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdFailureTime) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdChangedTime) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (pwdFailureTime) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (pwdFailureTime) Aug 29 08:53:32 slapd[18777]: last message repeated 5 times Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (entryCSN) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryCSN" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (modifiersName) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifiersName" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (modifyTimestamp) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifyTimestamp" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (entryDN) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryDN" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (entryDN) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (subschemaSubentry) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "subschemaSubentry" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (subschemaSubentry) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not in cache (hasSubordinates) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "hasSubordinates" requested Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was in cache (hasSubordinates) Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access granted by manage(=mwrscxd) -- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 28CE360097D.AE572 This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.

2 10

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical September 2013