OS: Debian 13 Running in an LXC on Proxmox VE 9.0.10
OpenLDAP Ver:
@(#) $OpenLDAP: slapd 2.6.10+dfsg-1 (May 29 2025 23:41:48) $
Debian OpenLDAP Maintainers <pkg-openldap-devel(a)lists.alioth.debian.org>
Current mdb ACL (Playing around with ACLS to get this to work)
# {1}mdb, config
dn: olcDatabase={1}mdb,cn=config
olcAccess: {0}to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
l,cn=auth" manage
olcAccess: {1}to * by dn.exact="cn=admin,dc=ahmza,dc=com" manage
olcAccess: {2}to attrs=userPassword by anonymous auth by self auth
olcAccess: {3}to * by * none
Oct 25 02:30:35 ldap slapd[460]: >>> slap_listener(ldaps:///)
Oct 25 02:30:35 ldap slapd[460]: conn=1011 fd=15 ACCEPT from IP=10.10.100.12:19604 (IP=0.0.0.0:636)
Oct 25 02:30:35 ldap slapd[460]: connection_get(15): got connid=1011
Oct 25 02:30:35 ldap slapd[460]: connection_read(15): checking for input on id=1011
Oct 25 02:30:35 ldap slapd[460]: connection_get(15): got connid=1011
Oct 25 02:30:35 ldap slapd[460]: connection_read(15): checking for input on id=1011
Oct 25 02:30:35 ldap slapd[460]: connection_read(15): unable to get TLS client DN, error=49 id=1011
Oct 25 02:30:35 ldap slapd[460]: conn=1011 fd=15 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384
Oct 25 02:30:35 ldap slapd[460]: connection_get(15): got connid=1011
Oct 25 02:30:35 ldap slapd[460]: connection_read(15): checking for input on id=1011
Oct 25 02:30:35 ldap slapd[460]: op tag 0x60, time 1761359435
Oct 25 02:30:35 ldap slapd[460]: conn=1011 op=0 do_bind
Oct 25 02:30:35 ldap slapd[460]: >>> dnPrettyNormal: <uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com>
Oct 25 02:30:35 ldap slapd[460]: <<< dnPrettyNormal: <uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com>, <uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com>
Oct 25 02:30:35 ldap slapd[460]: conn=1011 op=0 BIND dn="uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com" method=128
Oct 25 02:30:35 ldap slapd[460]: do_bind: version=3 dn="uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com" method=128
Oct 25 02:30:35 ldap slapd[460]: mdb_dn2entry("uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com")
Oct 25 02:30:35 ldap slapd[460]: => mdb_dn2id("uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com")
Oct 25 02:30:35 ldap slapd[460]: <= mdb_dn2id: got id=0xa
Oct 25 02:30:35 ldap slapd[460]: => mdb_entry_decode:
Oct 25 02:30:35 ldap slapd[460]: <= mdb_entry_decode
Oct 25 02:30:35 ldap slapd[460]: => access_allowed: result not in cache (userPassword)
Oct 25 02:30:35 ldap slapd[460]: => access_allowed: auth access to "uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com" "userPassword" requested
Oct 25 02:30:35 ldap slapd[460]: => acl_get: [1] attr userPassword
Oct 25 02:30:35 ldap slapd[460]: => acl_mask: access to entry "uid=jellyfin,ou=service-accounts,dc=ahmza,dc=com", attr "userPassword" requested
Oct 25 02:30:35 ldap slapd[460]: => acl_mask: to value by "", (=0)
Oct 25 02:30:35 ldap slapd[460]: <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
Oct 25 02:30:35 ldap slapd[460]: <= acl_mask: no more <who> clauses, returning =0 (stop)
Oct 25 02:30:35 ldap slapd[460]: => slap_access_allowed: auth access denied by =0
Oct 25 02:30:35 ldap slapd[460]: => access_allowed: no more rules
Oct 25 02:30:35 ldap slapd[460]: send_ldap_result: conn=1011 op=0 p=3
Oct 25 02:30:35 ldap slapd[460]: send_ldap_response: msgid=1 tag=97 err=49
Oct 25 02:30:35 ldap slapd[460]: conn=1011 op=0 RESULT tag=97 err=49 qtime=0.000029 etime=0.000148 text=
Oct 25 02:30:35 ldap slapd[460]: connection_get(15): got connid=1011
Oct 25 02:30:35 ldap slapd[460]: connection_read(15): checking for input on id=1011
Oct 25 02:30:35 ldap slapd[460]: op tag 0x42, time 1761359435
Oct 25 02:30:35 ldap slapd[460]: ber_get_next on fd 15 failed errno=0 (Success)
Oct 25 02:30:35 ldap slapd[460]: conn=1011 op=1 do_unbind
Oct 25 02:30:35 ldap slapd[460]: conn=1011 op=1 UNBIND
Oct 25 02:30:35 ldap slapd[460]: connection_close: conn=1011 sd=15
Oct 25 02:30:35 ldap slapd[460]: conn=1011 fd=15 closed
Im happy to share my config too but this is already getting long