openldap-technical

openldap-technical@openldap.org

20 participants
9802 discussions

threads and concurrency
by Omer Faruk SEN 19 Feb '11

19 Feb '11

Hi , I have and ldap server (openldap-2.4.23 ) in slapd.conf I set concurrency 8192 threads 256 but when I do top -b -H -d 2 -p 25560 I always see 8 threads ( show 9 slapd instances) not more even if I instruct to create 256 threads. Is there anything that I miss? Additionally what is the releation of threads and concurrency. Is there any calculation method that I must obey? Regards.

3 2

Mapping user names from multiple attributes
by Jaap Winius 19 Feb '11

19 Feb '11

Hi folks, My site has user accounts defined in Kerberos and LDAP. User IDs, group IDs, given names and surnames are stored in LDAP using the person schema object E.g. for uid=jwinius, these are: cn: Jaap sn: Winius However, I recently noticed that if I send email from a random host, the name included with the source email address is just "Jaap" when I would like it to be "Jaap Winius". I suspect libnss_ldap is responsible. Is there an easy way to change how these names are mapped, so that user names would be composed of cn + space + sn? Thanks, Jaap

2 1

undefined reference to `ldap_int_tls_impl' (tls2.c) ?
by Elle Y Suzuki 18 Feb '11

18 Feb '11

make is exiting with several "undefined reference to 'ldap_int_tls_impl'" error messages: ./.libs/libldap.a(tls2.o): In function `ldap_pvt_tls_ctx_free': /home/vmplanet/Downloads/openldap-2.4.24/libraries/libldap/tls2.c:79: undefined reference to `ldap_int_tls_impl' ./.libs/libldap.a(tls2.o): In function `tls_init': /home/vmplanet/Downloads/openldap-2.4.24/libraries/libldap/tls2.c:163: undefined reference to `ldap_int_tls_impl' /home/vmplanet/Downloads/openldap-2.4.24/libraries/libldap/tls2.c:163: undefined reference to `ldap_int_tls_impl' /home/vmplanet/Downloads/openldap-2.4.24/libraries/libldap/tls2.c:168: undefined reference to `ldap_int_tls_impl' ./.libs/libldap.a(tls2.o): In function `ldap_pvt_tls_check_hostname': /home/vmplanet/Downloads/openldap-2.4.24/libraries/libldap/tls2.c:494: undefined reference to `ldap_int_tls_impl' ./.libs/libldap.a(tls2.o):/home/vmplanet/Downloads/openldap-2.4.24/libraries/libldap/tls2.c:860: more undefined references to `ldap_int_tls_impl' follow collect2: ld returned 1 exit status make[2]: *** [apitest] Error 1 make[2]: Leaving directory `/home/vmplanet/Downloads/openldap-2.4.24/libraries/libldap' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/home/vmplanet/Downloads/openldap-2.4.24/libraries' make: *** [all-common] Error 1 what is the proper way to fix this so that i might successfully make? BACKGROUND i am attempting to set up and install openldap 2.4.24 on a virtual kubuntu on windows xp. 'configure' and 'make depend' appear to run successfully. i execute the following steps: export CPPFLAGS="-I/usr/include/nss -I/usr/include/nspr -I/usr/local/BerkeleyDB.5.0/include" export LDFLAGS="-L/usr/lib/nss -L/usr/local/BerkeleyDB.5.0/lib" export LD_LIBRARY_PATH="/home/vmplanet/Downloads/db-5.0.32/build_unix/.libs" configure --enable-shell=yes --without-threads make depend (in case you're wondering why back-shell, i've included details in a previous thread, http://tinyurl.com/4flbgh4. note that in that thread, i successfully installed openldap directly on windows, but had questions about successfully testing back-shell -- and still do.) going back to the errors above, i note in which files this 'ldap_int_tls_impl' appears with a grep: ./libraries/libldap_r/tls2.c:40:static tls_impl *tls_imp = &ldap_int_tls_impl; ./libraries/libldap_r/tls_g.c:1095:tls_impl ldap_int_tls_impl = { ./libraries/libldap_r/tls_o.c:1253:tls_impl ldap_int_tls_impl = { ./libraries/libldap_r/tls_m.c:3040:tls_impl ldap_int_tls_impl = { ./libraries/libldap/tls2.c:40:static tls_impl *tls_imp = &ldap_int_tls_impl; ./libraries/libldap/tls_g.c:1095:tls_impl ldap_int_tls_impl = { ./libraries/libldap/ldap-tls.h:75:extern tls_impl ldap_int_tls_impl; Binary file ./libraries/libldap/.libs/libldap-2.4.so.2.6.0 matches Binary file ./libraries/libldap/.libs/libldap.so matches Binary file ./libraries/libldap/.libs/tls2.o matches Binary file ./libraries/libldap/.libs/libldap-2.4.so.2 matches Binary file ./libraries/libldap/.libs/libldap.a matches Binary file ./libraries/libldap/tls2.o matches ./libraries/libldap/tls_o.c:1253:tls_impl ldap_int_tls_impl = { ./libraries/libldap/tls_m.c:3040:tls_impl ldap_int_tls_impl = { ldap_int_tls_impl appears (defined) in the fellow tls* files above. is this then an indication that tls2.c is not communicating or 'linked' to its fellow tls* files or ? the output from 'make depend' appears to show that mkdep traversed the libldap and libldap_r subdirectories and successfully constructed the necessary sets of include file dependencies. admittedly, i am not altogether that familiar with (the intricacies of) the compile/make process. please advise; thanks in advance.

2 1

Syncrepl in openldap 2.3.43
by Michael Starling 18 Feb '11

18 Feb '11

I've been using slurpd for quite some time now with fairly good results however I wanted to take advantage of the newer features in syncrepl. Specifically the ability to have the slave push to the master. I was able to set this up in relative short order using the example provided in http://www.openldap.org/doc/admin23/syncrepl.html I start up my slave server and it does indeed grab all the database information from my master, however I can no longer write to my master server. What am i missing from the documentation? If I try to add a simple ldif file it fails with the following error: [root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Server is unwilling to perform (53) additional info: shadow context; no update referral If I add an updateref to my slave slapd.conf pointing back to my master server the error changes to this: [root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Referral (10) referrals: ldap://myserver.aa.bb.cc:389/cn=replicate,ou=policies,dc=somedomain,dc=somedomain Master syncrepl config #Syncrepl overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 Slave syncrepl config #SYNCREPL SETTINGS syncrepl rid=357 provider=ldap://myserver.aa.bb.cc:389 type=refreshAndPersist retry="60 10 300 +" searchbase="dc=somedomain,dc=somedomain" attrs="*,+" bindmethod=simple binddn="uid=replicator,ou=people,dc=somedomain,dc=somedomain" credentials=replicatorpassword

3 5

BDB performance issue
by Amol Kulkarni 18 Feb '11

18 Feb '11

Hi All, I'm a newbie with bdb - and I have a server not performing well - openldap shows high cpu usage and iowait of server is high. So I got stats of bdb but I'm not sure what to make out of it. With help of google I could see that the basic parameters like requested pages and locks are ok. But there are other parameters which are suspect. The output of db_stat -c is as follows : 196 Last allocated locker ID 0x7fffffff Current maximum unused locker ID 9 Number of lock modes 1000 Maximum number of locks possible 1000 Maximum number of lockers possible 1000 Maximum number of lock objects possible 25 Number of current locks 758 Maximum number of locks at any one time 163 Number of current lockers 167 Maximum number of lockers at any one time 25 Number of current lock objects 394 Maximum number of lock objects at any one time 3609M Total number of locks requested (3609996536) 3609M Total number of locks released (3609996497) 0 Total number of locks upgraded 50 Total number of locks downgraded 3054935 Lock requests not available due to conflicts, for which we waited 0 Lock requests not available due to conflicts, for which we did not wait 14 Number of deadlocks 0 Lock timeout value 0 Number of locks that have timed out 0 Transaction timeout value 0 Number of transactions that have timed out 712KB The size of the lock region 187M The number of region locks that required waiting (56%) The output of dbstat -m is ( which looks ok to me ) 1GB 869MB 672KB Total cache size 1 Number of caches 1 Maximum number of caches 1GB 869MB 672KB Pool individual cache size 0 Maximum memory-mapped file size 0 Maximum open file descriptors 0 Maximum sequential buffer writes 0 Sleep after writing maximum sequential buffers 0 Requested pages mapped into the process' address space 1535M Requested pages found in the cache (99%) 247743 Requested pages not found in the cache 5517 Pages created in the cache 247743 Pages read into the cache 3491659 Pages written from the cache to the backing file 0 Clean pages forced from the cache 0 Dirty pages forced from the cache 0 Dirty pages written by trickle-sync thread 253260 Current total page count 253253 Current clean page count 7 Current dirty page count 262147 Number of hash buckets used for page location 1535M Total number of times hash chains searched for a page (1535296125) 4 The longest hash chain searched for a page 1245M Total number of hash chain entries checked for page (1245967353) 31M The number of hash bucket locks that required waiting (0%) 30M The maximum number of times any hash bucket lock was waited for (1%) 13566 The number of region locks that required waiting (4%) 0 The number of buffers frozen 0 The number of buffers thawed 0 The number of frozen buffers freed Are the lines in red really prbs or just side effects ? How do I go abt it ? Thanks and Regards, Amol.

2 1

objectClass attribute merging
by Hugo Monteiro 18 Feb '11

18 Feb '11

Hello, I'm trying to merge the objectClass attribute between a central LDAP server and a local one which is using translucent overlay. I have configured the overlay with translucent_remote objectClass translucent_local objectClass If i issue a query like ldapsearch -D "cn=cdstaff,dc=unl,dc=pt" -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h localhost -W -x "(cn=cpd_srv_adm)" i get # extended LDIF # # LDAPv3 # base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree # filter: (cn=cpd_srv_adm) # requesting: ALL # # 637, grupos, fct.unl.pt dn: uniqueIdentifier=637,ou=grupos,dc=fct,dc=unl,dc=pt displayName: Admins Servidores ADM cn: cpd_srv_adm uniqueIdentifier: 637 gidNumber: 1637 member: uniqueIdentifier=18172,ou=agentes,dc=fct,dc=unl,dc=pt member: uniqueIdentifier=18272,ou=agentes,dc=fct,dc=unl,dc=pt member: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt objectClass: top objectClass: grupoUNL objectClass: posixGroup # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 but then, if i change the filter to also use objectClass like ldapsearch -D "cn=cdstaff,dc=unl,dc=pt" -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h localhost -W -x "(&(objectClass=*)(cn=cpd_srv_adm))" i get # extended LDIF # # LDAPv3 # base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree # filter: (&(objectClass=*)(cn=cpd_srv_adm)) # requesting: ALL # # 637, grupos, fct.unl.pt dn: uniqueIdentifier=637,ou=grupos,dc=fct,dc=unl,dc=pt displayName: Admins Servidores ADM cn: cpd_srv_adm uniqueIdentifier: 637 gidNumber: 1637 member: uniqueIdentifier=18172,ou=agentes,dc=fct,dc=unl,dc=pt member: uniqueIdentifier=18272,ou=agentes,dc=fct,dc=unl,dc=pt member: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt objectClass: top objectClass: grupoUNL objectClass: posixGroup # search result search: 2 result: 32 No such object # numResponses: 2 # numEntries: 1 which apparently works, but do notice that it also reports result: 32 No such object If i try the query in another client, like phpldapadmin or even luma, i'm only presented with the error message. Is this a bug? Best regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email : hugo.monteiro(a)fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.pt apoio(a)fct.unl.pt fct.unl.pt:~# _

1 0

Local root browsing for translucent proxy
by Hugo Monteiro 18 Feb '11

18 Feb '11

Hello, I have set a translucent proxy and things have been working rather well. I've been able to add/delete and modify local attributes authenticating with the local rootdn. All this has been done using openldap's command line tools. I now have the need to use a web based interface and so i installed phpldapadmin. To my surprise, i can login using the local rootdn but i'm not able to browse or search for any entry in that branch, although i have write access acls, besides the rootdn declaration. the database definition is as follows: --- snip --- database hdb suffix "dc=example,dc=com" rootdn cn=loadmin,dc=example,dc=com rootpw secret directory "/var/lib/ldap" lastmod on access to attrs=userPassword,sambaNTPassword,krb5Key by dn.exact="cn=admin,dc=example,dc=com" write by dn.exact="cn=loadmin,dc=example,dc=com" write by dn.exact="cn=reader,dc=example,dc=com" read by self read by anonymous auth by * none access to * by dn.exact="cn=admin,dc=example,dc=com" write by dn.exact="cn=loadmin,dc=example,dc=com" write by * read index sambaSID,sambaPrimaryGroupSID eq overlay translucent uri "ldap://ldapbackend.example.com" acl-bind binddn="cn=reader,dc=example,dc=com" credentials="secret" translucent_strict translucent_remote objectClass translucent_local sambaSID,sambaPrimaryGroupSID,sambaAcctFlags overlay glue --- snip --- I seen no problem in the configuration, but do please point me out any misconfiguration that might be leading to this behaviour. Since i've been able to use the command line tools, i initially supposed it was a misconfiguration or even a bug in phpldapadmin, but i'm starting to consider the problem as limitiation for the translucent overlay. Should i consider this scenario also? (I know i should be using runtime config already... Let us leave that to another occasion ;) ) Best regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email : hugo.monteiro(a)fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.pt apoio(a)fct.unl.pt fct.unl.pt:~# _

1 2

How to make ldappasswd obey password policy restrictions?
by Konstantin Boyandin 17 Feb '11

17 Feb '11

Greetings, Given: OpenLDAP: 2.4.23, password policy module enabled, default password policy loaded as dn: cn=default,ou=Policies,dc=example,dc=com cn: default objectClass: pwdPolicy objectClass: person objectClass: top pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 0 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 30 pwdMaxAge: 7776000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value Authentication is set via LDAP (. The problem: when I try to set password via ldappassword, using command like this: ldappasswd -e ppolicy -W -x -D "cn=Manager,dc=example,dc=com" \ -H ldap://127.0.0.1/ -A -S "uid=testuser,ou=Users,dc=example,dc=com" it bypasses password policy settings - I can set the same password, can set the previously used password. It doesn't matter whether I specify '-e ppolicy' or not. However, when I try to change password with passwd (authentication is set via LDAP, /etc/ldap.conf contains 'pam_password exop'): passwd testuser the password policy restrictions are in effect. I am not allowed to set the same password, to set previous or similar password etc. Is it possible to make ldappaswd observe password policy restrictions? Thanks. Sincerely, Konstantin

3 3

Ppolicy does not seem to work
by Jan Kohnert 17 Feb '11

17 Feb '11

Hi there, I'm new to this list, so first of all welcome to everyone. I have a problem with ppolicy and got stuck finding a solution. I configured slapd using the information from [1] trying to be able to lock users. But anyway, the lock seems to be ignored: As soon as one tries to log in, the pwdLockedTime agument es removed from the entry and I seem to be too blind or dumb to see the reason why. Here is what happens (testing my own account): b079 /etc/openldap # grep -v "^#" ldif/locked_users.ldif dn: uid=jan,ou=xxx,dc=yyy,dc=zzz,dc=org changetype: modify add: pwdAccountLockedTime pwdAccountLockedTime: 20110119225403Z b079 /etc/openldap # ldapmodify -x -D "cn=admin, dc=yyy, dc=zzz, dc=org" -W -f ldif/locked_users.ldif Enter LDAP Password: modifying entry "uid=jan,ou=xxx,dc=yyy,dc=zzz,dc=org" b079 /etc/openldap # slapcat | grep -B 13 Locked | grep "uid: jan" uid: jan b079 /etc/openldap # ldapwhoami -x -D "uid=jan, ou=xxx, dc=yyy, dc=zzz, dc=org" -W Enter LDAP Password: dn:uid=jan,ou=xxx,dc=yyy,dc=zzz,dc=org b079 /etc/openldap # slapcat | grep -B 13 Locked | grep "uid: jan"b079 /etc/openldap # And here is the relevant configuration; b079 /etc/openldap # grep ppolicy slapd.conf include /etc/openldap/schema/ppolicy.schema moduleload ppolicy.so overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=yyy,dc=zzz,dc=org" b079 /etc/openldap # b079 /etc/openldap # ldapsearch -x -s base -b "cn=default, ou=policies, dc=yyy, dc=zzz, dc=org" # extended LDIF # # LDAPv3 # base <cn=default, ou=policies, dc=yyy, dc=zzz, dc=org> with scope baseObject # filter: (objectclass=*) # requesting: ALL # # default, policies, yyy.zzz.org dn: cn=default,ou=policies,dc=yyy,dc=zzz,dc=org cn: default sn: dummy value objectClass: pwdPolicy objectClass: person objectClass: top pwdAttribute: userPassword pwdMinAge: 0 pwdMaxAge: 0 pwdInHistory: 0 pwdCheckQuality: 0 pwdLockout: TRUE pwdLockoutDuration: 900 pwdFailureCountInterval: 1800 pwdMustChange: FALSE pwdAllowUserChange: TRUE pwdSafeModify: TRUE pwdExpireWarning: 604800 pwdMaxFailure: 5 pwdGraceAuthNLimit: 0 pwdMinLength: 8 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 b079 /etc/openldap # Thank a lot in advance! [1] http://www.openldap.org/lists/openldap-technical/200810/msg00107.html -- MfG Jan

4 8

[Q] Does anybody succeed to setup SASL(digest-md5) authentication with mysql database and latest openldap-server??
by Hiroyuki Sato 17 Feb '11

17 Feb '11

Dear members. Does anybody succeed to setup SASL(digest-md5) authentication with mysql database and latest openldap-server?? I'm not sure, why this configuration does not work correctly. and It seems that LDAP server compare dn and input password in ldap authentication. (see log below) Thank you for your advice. Sincerely. -- Hiroyuki Sato. My Environment OS: Ubuntu 10.10 OpenLDAP : 2.4.24 (build myself) 1, slapd.conf .. sasl-realm mydomain.com sasl-auxprops sql sasl-regexp uid=(.*),cn=mydomain.com,cn=digest-md5,cn=auth uid=$1,ou=users,ou=mydomain.com,dc=test,dc=mydomain,dc=com Note: ``sasl-auxprops sql'' does not well document. It is important config for sql authentication 2, /usr/lib/sasl2/slapd.conf pwcheck_method: auxprop mech_list: DIGEST-MD5 log_level: 7 auxprop_plugin: sql sql_verbose: yes sql_engine: mysql sql_hostnames: database.server.add.ress sql_user: username sql_passwd: password sql_database: db_name sql_select: select password from sasl_test where username = '%u@%r' 3, dataase entry mysql> select * from sasl_test \G *************************** 1. row *************************** username: ldapuser(a)mydomain.com password: ldapuser_password 4, auth ldapsearch -R mydomain.com -h server_add.ress -Y digest-md5 -U ldapuser -b 'ou=users,ou=mydomain.com,dc=test,dc=test,dc=mydomain,dc=com' -LLL '(objectclass=*)' Password: ldap_sasl_interactive_bind_s: Insufficient access (50) 5, log ...... <= ldap_dn2bv(uid=ldap_user,cn=mydomain,dc=com,cn=DIGEST-MD5,cn=auth)=0 slap_sasl_getdn: u:id converted to uid=ldap_user,cn=mydomain,dc=com,cn=DIGEST-MD5,cn=auth >>> dnNormalize: <uid=ldap_user,cn=mydomain,dc=com,cn=DIGEST-MD5,cn=auth> => ldap_bv2dn(uid=ldap_user,cn=mydomain,dc=com,cn=DIGEST-MD5,cn=auth,0) <= ldap_bv2dn(uid=ldap_user,cn=mydomain,dc=com,cn=DIGEST-MD5,cn=auth)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=ldap_user,cn=mydomain,dc=com,cn=digest-md5,cn=auth)=0 <<< dnNormalize: <uid=ldap_user,cn=mydomain,dc=com,cn=digest-md5,cn=auth> ==>slap_sasl2dn: converting SASL name uid=ldap_user,cn=mydomain,dc=com,cn=digest-md5,cn=auth to a DN daemon: activity on 1 descriptor ==> rewrite_context_apply [depth=1] string='uid=ldap_user,cn=mydomain,dc=com,cn=digest-md5,cn=auth' ==> rewrite_rule_apply rule='uid=(.*),cn=mydomain,dc=com,cn=digest-md5,cn=auth' string='uid=ldap_user,cn=mydomain,dc=com,cn=digest-md5,cn=auth' [1 pass(es)] ==> rewrite_context_apply [depth=1] res={0,'uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com'} [rw] authid: "uid=ldap_user,cn=mydomain,dc=com,cn=digest-md5,cn=auth" -> "uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com" slap_parseURI: parsing uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com ldap_url_parse_ext(uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com) >>> dnNormalize: <uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com> => ldap_bv2dn(uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com,0) <= ldap_bv2dn(uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com)=0 <<< dnNormalize: <uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com> <==slap_sasl2dn: Converted SASL name to uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com slap_sasl_getdn: dn:id converted to uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com SASL Canonicalize [conn=1003]: slapAuthcDN="uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com" daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL SASL Canonicalize [conn=1003]: authzid="ldap_user" SASL proxy authorize [conn=1003]: authcid="ldap_user@mydomain,dc=com" authzid="ldap_user@mydomain,dc=com" ==>slap_sasl_authorized: can uid=ldap_user,ou=users,ou=mydomain,dc=com,dc=test,dc=mydomain,dc=com become <INPUT_PASSWORD>? ^^^^^^^^^^^^^^^^^^^^ <== slap_sasl_authorized: return 48 SASL Proxy Authorize [conn=1003]: proxy authorization disallowed (48) SASL [conn=1003] Failure: not authorized send_ldap_result: conn=1003 op=1 p=3 send_ldap_result: err=50 matched="" text="SASL(-14): authorization failure: not authorized" send_ldap_response: msgid=2 tag=97 err=50

2 7

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical