openldap-technical

openldap-technical@openldap.org

20 participants
9802 discussions

can't use godaddy SSL cert
by bluethundr 26 Nov '10

26 Nov '10

Hey list, I was having a similar SSL/openLDAP problem to this last week. I had a chance to look at this again today and it still appears to not be working. I called godaddy and had the last cert cancelled and reissued as I had mis-typed the name of the CN on the last one. I am trying to setup a Godaddy turbo SSL certificate with an openLDAP 2.4 server under FreeBSD 8.1. [root@LBSD2:/usr/home/bluethundr]#pkg_info | grep openldap openldap-sasl-client-2.4.23 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.23 Open source LDAP server implementation I have setup the certificate chain in my slapd.conf like so: [root@LBSD2:/usr/home/bluethundr]#grep -i tls /usr/local/etc/openldap/slapd.conf## TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/cacerts/LBSD2.summitnjhome.com.crt TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt I have tried each of the following certs with no luck in getting my cert to talk to it's CA: -rw-r--r-- 1 root bluethundr 2604 Nov 25 11:37 ca_bundle.crt -r--r----- 1 root ldap 4604 Nov 24 18:57 gd_bundle.crt -r--r----- 1 root ldap 1537 Nov 25 02:00 sf_issuing.crt and I get the same result for each when I attempt to connect to SSL on the LDAP server: [root@LCENT01:/tmp/Foswiki-1.1.2]#openssl s_client -connect ldap.example.com:389 -showcerts -CAfile sf_issuing.crt 13730:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('sf_issuing.crt','r') 13730:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: 13730:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279: CONNECTED(00000003) 13730:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: ldapsearch -h ldap.example.com -d -1 -ZZ "dc=example,dc=com" TLS certificate verification: depth: 0, err: 20, subject: /O=LBSD2.summitnjhome.com/OU=Domain Control Validated/CN=LBSD2.summitnjhome.com, issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 TLS certificate verification: Error, unable to get local issuer certificate tls_write: want=7, written=7 0000: 15 03 01 00 02 02 30 ......0 TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_perror ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed It seems to indicate that it can't talk to it's CA... does anyone have any suggestions on how to make this work? thanks! -- Here's my RSA Public key: gpg --keyserver pgp.mit.edu --recv-keys B6D6EAC3

3 2

syncrepl problems
by Bram Cymet 25 Nov '10

25 Nov '10

Hi, I am trying to set up a syncrepl consumer. I have done this a number of times without any problem. The consumer seems to be connecting via TLS to the producer and authenticating but the consumer directory never gets populated. Here is the log from the producer: Nov 22 19:19:57 anubis slapd[24088]: slap_listener_activate(7): Nov 22 19:19:57 anubis slapd[24088]: >>> slap_listener(ldap://) Nov 22 19:19:57 anubis slapd[24088]: conn=1026 fd=15 ACCEPT from IP=172.20.150.141:38831 (IP=0.0.0.0:389) Nov 22 19:19:57 anubis slapd[24088]: connection_get(15) Nov 22 19:19:57 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:57 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:57 anubis slapd[24088]: op tag 0x77, time 1290471597 Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 do_extended Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Nov 22 19:19:57 anubis slapd[24088]: do_extended: oid=1.3.6.1.4.1.1466.20037 Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 STARTTLS Nov 22 19:19:57 anubis slapd[24088]: send_ldap_extended: err=0 oid= len=0 Nov 22 19:19:57 anubis slapd[24088]: send_ldap_response: msgid=1 tag=120 err=0 Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 RESULT oid= err=0 text= Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): unable to get TLS client DN, error=49 id=1026 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 TLS established tls_ssf=256 ssf=256 Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: op tag 0x60, time 1290471598 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 do_bind Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal: <uid=syncrepl,ou=system,dc=ls,dc=cbn>, <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128 Nov 22 19:19:58 anubis slapd[24088]: do_bind: version=3 dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128 Nov 22 19:19:58 anubis slapd[24088]: ==> hdb_bind: dn: uid=syncrepl,ou=system,dc=ls,dc=cbn Nov 22 19:19:58 anubis slapd[24088]: bdb_dn2entry("uid=syncrepl,ou=system,dc=ls,dc=cbn") Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: result not in cache (userPassword) Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access to "uid=syncrepl,ou=system,dc=ls,dc=cbn" "userPassword" requested Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [2] attr userPassword Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry "uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0) Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: uid=syncrepl,ou=system,dc=ls,dc=cbn Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: * Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying +0 (break) Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: =0 Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [3] attr userPassword Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry "uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0) Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: self Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: * Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying auth(=xd) (stop) Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: auth(=xd) Nov 22 19:19:58 anubis slapd[24088]: => slap_access_allowed: auth access granted by auth(=xd) Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access granted by auth(=xd) Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" mech=SIMPLE ssf=0 Nov 22 19:19:58 anubis slapd[24088]: do_bind: v3 bind: "uid=syncrepl,ou=system,dc=ls,dc=cbn" to "uid=syncrepl,ou=system,dc=ls,dc=cbn" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=1 p=3 Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 matched="" text="" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=2 tag=97 err=0 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 RESULT tag=97 err=0 text= Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: op tag 0x63, time 1290471598 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 do_search Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal: <dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal: <dc=ls,dc=cbn>, <dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: SRCH "dc=ls,dc=cbn" 2 0 Nov 22 19:19:58 anubis slapd[24088]: 0 0 0 Nov 22 19:19:58 anubis slapd[24088]: filter: (objectClass=*) Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls: oid="1.3.6.1.4.1.4203.1.9.1.1" (noncritical) Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (critical) Nov 22 19:19:58 anubis slapd[24088]: <= get_ctrls: n=2 rc=0 err="" Nov 22 19:19:58 anubis slapd[24088]: attrs: Nov 22 19:19:58 anubis slapd[24088]: * Nov 22 19:19:58 anubis slapd[24088]: + Nov 22 19:19:58 anubis slapd[24088]: Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH base="dc=ls,dc=cbn" scope=2 deref=0 filter="(objectClass=*)" Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH attr=* + Nov 22 19:19:58 anubis slapd[24088]: ==> limits_get: conn=1026 op=2 self="uid=syncrepl,ou=system,dc=ls,dc=cbn" this="dc=ls,dc=cbn" Nov 22 19:19:58 anubis slapd[24088]: <== limits_get: type=DN match=EXACT dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=2 p=3 Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 matched="" text="" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=3 tag=101 err=0 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: op tag 0x42, time 1290471598 Nov 22 19:19:58 anubis slapd[24088]: ber_get_next on fd 15 failed errno=0 (Success) Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 do_unbind Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 UNBIND Nov 22 19:19:58 anubis slapd[24088]: connection_close: conn=1026 sd=15 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 closed Here is the log from the consumer: Nov 22 18:22:49 mgaauth1 slapd[12587]: daemon: shutdown requested and initiated. Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: waiting for 0 operations/tasks to finish Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: initiated Nov 22 18:22:49 mgaauth1 slapd[12587]: ====> bdb_cache_release_all Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd destroy: freeing system resources. Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=001 Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=002 Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd stopped. Nov 22 18:22:52 mgaauth1 slapd[12638]: @(#) $OpenLDAP: slapd 2.4.20 (Jun 16 2010 10:21:06) $ abuild@anonymi:/usr/src/packages/BUILD/openldap-2.4.20/servers/slapd Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn=schema objectClass: olcSchemaConfig cn: schema structuralObjectClass: olcSchemaConfig entryUUID: 1a05f3b8-8ade-102f-8d02-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.437126Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=schema> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=schema>, <cn=schema> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn=schema) -> 0x7ff49ab19758 Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={0}core objectClass: olcSchemaConfig cn: {0}core olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{32768} ) olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f amily) name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two- letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 S INGLE-VALUE ) olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc ality which this object resides in' SUP name ) olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2 256: state or province which this object resides in' SUP name ) olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 : organization this object belongs to' SUP name ) olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC ' RFC2256: organizational unit this object belongs to' SUP name ) olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ) olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15{40} ) olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{40} ) olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.22 ) olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.36{15} ) olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256 : international ISDN number' EQUALITY numericStringMatch SUBSTR numericString SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d estination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256 : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU E ) olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: pr esentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.43 SINGLE-VALUE ) olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC 2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a gro up' SUP distinguishedName ) olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob ject)' SUP distinguishedName ) olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ) olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.8 ) olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.8 ) olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256 : X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.9 ) olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC22 56: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.9 ) olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X .509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 0 ) olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir st name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s ome or all of names, but not the surname(s).' SUP name ) olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na me qualifier indicating a generation' SUP name ) olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X .500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.6 ) olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifi er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: en hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: pr otocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.42 ) olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .34 ) olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' S UP name ) olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ) olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbo x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR ca seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {49}( 0.9.234 Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={0}core> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={0}core>, <cn={0}core> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={0}core) -> 0x7ff49ab19758 Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={1}cosine objectClass: olcSchemaConfig cn: {1}cosine olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15{256} ) olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 ) olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.50 ) olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.12 ) olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.50 ) olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .50 ) olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15{256} ) olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN GLE-VALUE ) olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 23 ) olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 ) olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep hone Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={1}cosine> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={1}cosine>, <cn={1}cosine> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={1}cosine) -> 0x7ff49ab19758 Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={2}inetorgperson objectClass: olcSchemaConfig cn: {2}inetorgperson olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF C2798: numerically identifies an employee within an organization' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.5 ) olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.5 ) olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) structuralObjectClass: olcSchemaConfig entryUUID: 1a06766c-8ade-102f-8d05-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.440473Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={2}inetorgperson> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={2}inetorgperson>, <cn={2}inetorgperson> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={2}inetorgperson) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={3}rfc2307bis objectClass: olcSchemaConfig cn: {3}rfc2307bis olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 ) olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr oup triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service p ort number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE ) olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Servi ce protocol name' SUP name ) olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP pro tocol number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC nu mber' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 addre sses as a dotted decimal omitting leading zeros or IPv6 addresses as de fined in RFC2373' SUP name ) olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw ork as a dotted decimal, eg. 192.168, omitting leading zeros' SUP name SINGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm ask as a dotted decimal, eg. 255.255.255.0, omitting leading zeros' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' EQUALI TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp aramd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 ) olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a A generic NIS map' SUP name ) olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic N IS entry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {25}( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE ) olcAttributeTypes: {26}( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE ) olcAttributeTypes: {27}( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {28}( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automo unt Map Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {29}( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {30}( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Au tomount information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY D ESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNu mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid MAY ( userPassword $ description $ shadowLastChange $ shadowMin $ shadowMax $ shado wWarning $ shadowInactive $ shadowExpire $ shadowFlag ) ) olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY DES C 'Abstraction of a group of accounts' MUST gidNumber MAY ( userPassword $ me mberUid $ description ) ) olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL DES C 'Abstraction an Internet Protocol service. Maps an IP port and protoc ol (such as tcp or udp) to one or more names; the distinguished value o f the cn attribute denotes the services canonical name' MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description ) olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL DE SC 'Abstraction of an IP protocol. Maps a protocol number to one or mor e names. The distinguished value of the cn attribute denotes the protoc ols canonical name' MUST ( cn $ ipProtocolNumber ) MAY description ) olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL DESC ' Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedur e Call (RPC) binding. This class maps an ONC RPC number to a name. The distinguished value of the cn attribute denotes the RPC services can onical name' MUST ( cn $ oncRpcNumber ) MAY description ) olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY DESC 'A bstraction of a host, an IP device. The distinguished value of the cn a ttribute denotes the hosts canonical name. Device SHOULD be used as a s tructural class' MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ descript ion $ manager ) ) olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL DES C 'Abstraction of a network. The distinguished value of the cn attribut e denotes the networks canonical name' MUST ipNetworkNumber MAY ( cn $ ipNetm askNumber $ l $ description $ manager ) ) olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL D ESC 'Abstraction of a netgroup. May refer to other netgroups' MUST cn MAY ( n isNetgroupTriple $ memberNisNetgroup $ description ) ) olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL DESC ' A generic abstraction of a NIS map' MUST nisMapName MAY description ) olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL D ESC 'An entry in a NIS map' MUST ( cn $ nisMapE Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={3}rfc2307bis> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={3}rfc2307bis>, <cn={3}rfc2307bis> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={3}rfc2307bis) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={4}yast.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={4}yast objectClass: olcSchemaConfig cn: {4}yast olcObjectIdentifier: {0}SUSE 1.3.6.1.4.1.7057 olcObjectIdentifier: {1}SUSE.YaST SUSE:10.1 olcObjectIdentifier: {2}SUSE.YaST.ModuleConfig SUSE:10.1.2 olcObjectIdentifier: {3}SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1 olcObjectIdentifier: {4}SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2 olcAttributeTypes: {0}( SUSE.YaST.ModuleConfig.Attr:2 NAME ( 'suseDefaultBase' ) DESC 'Base DN where new Objects should be created by default' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {1}( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId ' ) DESC 'Next unused unique ID, can be used to generate directory wide uniqe IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {2}( SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' ) DESC 'lower Border for Unique IDs' EQUALITY integerMatch ORDERING integerO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {3}( SUSE.YaST.ModuleConfig.Attr:5 NAME ( 'suseMaxUniqueId' ) DESC 'upper Border for Unique IDs' EQUALITY integerMatch ORDERING integerO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTempl ate' ) DESC 'The DN of a template that should be used by default' EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {5}( SUSE.YaST.ModuleConfig.Attr:7 NAME ( 'suseSearchFilter ' ) DESC 'Search filter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE ) olcAttributeTypes: {6}( SUSE.YaST.ModuleConfig.Attr:11 NAME ( 'suseDefaultValu e' ) DESC 'an Attribute-Value-Assertions to define defaults for specific Attr ibutes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {7}( SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttri bute' ) DESC 'AttributeType that should be used as the RDN' EQUALITY caseIgno reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {8}( SUSE.YaST.ModuleConfig.Attr:15 NAME ( 'suseSecondaryGr oup' ) DESC 'seconday group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {9}( SUSE.YaST.ModuleConfig.Attr:16 NAME ( 'suseMinPassword Length' ) DESC 'minimum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE ) olcAttributeTypes: {10}( SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswor dLength' ) DESC 'maximum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA LUE ) olcAttributeTypes: {11}( SUSE.YaST.ModuleConfig.Attr:18 NAME ( 'susePasswordHa sh' ) DESC 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {12}( SUSE.YaST.ModuleConfig.Attr:19 NAME ( 'suseSkelDir' ) DESC '' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}( SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' ) DESC 'plugin to use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {14}( SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribu te' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {15}( SUSE.YaST.ModuleConfig.Attr:22 NAME ( 'suseImapServer ' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {16}( SUSE.YaST.ModuleConfig.Attr:23 NAME ( 'suseImapAdmin' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {17}( SUSE.YaST.ModuleConfig.Attr:24 NAME ( 'suseImapDefaul tQuota' ) DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {18}( SUSE.YaST.ModuleConfig.Attr:25 NAME ( 'suseImapUseSsl ' ) DESC '' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.7 SINGLE-VALUE ) olcObjectClasses: {0}( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfigurati on' SUP top STRUCTURAL DESC 'Contains configuration of Management Modu les' MUST ( cn ) MAY ( suseDefaultBase )) olcObjectClasses: {1}( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfiguration ' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user m anagement tools' MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute )) olcObjectClasses: {2}( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate' SUP top STRUCTURAL DESC 'Base Class for Object-Templates' MUST ( cn ) M AY ( susePlugin $ suseDefaultValue $ suseNamingAttribute )) olcObjectClasses: {3}( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'User object template' MUST ( cn ) MAY ( suseSecondaryGroup )) olcObjectClasses: {4}( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'Group object template' MUST ( cn )) olcObjectClasses: {5}( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfiguratio n' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user management tools' MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUni queId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribut e )) olcObjectClasses: {6}( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of CA manage ment tools') olcObjectClasses: {7}( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of mail se rver management tools') olcObjectClasses: {8}( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfiguratio n' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of DHCP server management tools') olcObjectClasses: {9}( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfiguratio n' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of IMAP user management tools' MUST ( suseImapServer $ suseImapAdmin $ suseImap DefaultQuota $ suseImapUseSsl )) structuralObjectClass: olcSchemaConfig entryUUID: 1a06ad4e-8ade-102f-8d07-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.441878Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={4}yast> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={4}yast>, <cn={4}yast> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={4}yast) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={5}kerberos.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={5}kerberos objectClass: olcSchemaConfig cn: {5}kerberos olcAttributeTypes:: ezB9KCAyLjE2Ljg0MC4xLjExMzcxOS4xLjMwMS40LjEuMSAgICAgICAgIC AgICAgIE5BTUUgJ2tyYlByaW5jaXBhbE5hbWUnICAgICAgICAgICAgICAgRVFVQUxJVFkgY2FzZUV 4YWN0SUE1TWF0Y2ggCVNVQlNUUiBjYXNlRXhhY3RTdWJzdHJpbmdzTWF0Y2ggICAgICAgICAgICAg ICBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYp olcAttributeTypes: {1}( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanoni calName' EQUALITY caseExactIA5Match SUBSTR caseEx actSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) olcAttributeTypes: {2}( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbP rincipalType' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {3}( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbU PEnabled' DESC 'Boolean' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE) olcAttributeTypes: {4}( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbP rincipalExpiration' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {5}( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbT icketFlags' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {6}( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbM axTicketLife' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {7}( 2.16.840.1.113719.1.301.4.10.1 NAME 'krb MaxRenewableAge' EQUALITY integerMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {8}( 2.16.840.1.113719.1.301.4.14.1 NAME 'krb RealmReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {9}( 2.16.840.1.113719.1.301.4.15.1 NAME 'krb LdapServers' EQUALITY caseIgnoreMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {10}( 2.16.840.1.113719.1.301.4.17.1 NAME 'kr bKdcServers' EQUALITY distinguishedNameMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {11}( 2.16.840.1.113719.1.301.4.18.1 NAME 'kr bPwdServers' EQUALITY distinguishedNameMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {12}( 2.16.840.1.113719.1.301.4.24.1 NAME 'kr bHostServer' EQUALITY caseExactIA5Match SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {13}( 2.16.840.1.113719.1.301.4.25.1 NAME 'kr bSearchScope' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {14}( 2.16.840.1.113719.1.301.4.26.1 NAME 'kr bPrincipalReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {15}( 2.16.840.1.113719.1.301.4.28.1 NAME 'kr bPrincNamingAttr' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) olcAttributeTypes: {16}( 2.16.840.1.113719.1.301.4.29.1 NAME 'kr bAdmServers' EQUALITY distinguishedNameMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {17}( 2.16.840.1.113719.1.301.4.30.1 NAME 'kr bMaxPwdLife' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {18}( 2.16.840.1.113719.1.301.4.31.1 NAME 'kr bMinPwdLife' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {19}( 2.16.840.1.113719.1.301.4.32.1 NAME 'kr bPwdMinDiffChars' EQUALITY integerMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {20}( 2.16.840.1.113719.1.301.4.33.1 NAME 'kr bPwdMinLength' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {21}( 2.16.840.1.113719.1.301.4.34.1 NAME 'kr bPwdHistoryLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {22}( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMax Failure' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {23}( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFai lureCountInterval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {24}( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLoc koutDuration' EQUALITY integerMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {25}( 2.16.840.1.113719.1.301.4.36.1 NAME 'kr bPwdPolicyReference' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) olcAttributeTypes: {26}( 2.16.840.1.113719.1.301.4.37.1 NAME 'kr bPasswordExpiration' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {27}( 2.16.840.1.113719.1.301.4.39.1 NAME 'kr bPrincipalKey' EQUALITY octetStringMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.40) olcAttributeTypes: {28}( 2.16.840.1.113719.1.301.4.40.1 NAME 'kr bTicketPolicyReference' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) olcAttributeTypes: {29}( 2.16.840.1.113719.1.301.4.41.1 NAME 'kr bSubTrees' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {30}( 2.16.840.1.113719.1.301.4.42.1 NAME 'kr bDefaultEncSaltTypes' EQUALITY caseIgnoreMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {31}( 2.16.840.1.113719.1.301.4.43.1 NAME 'kr bSupportedEncSaltTypes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {32}( 2.16.840.1.113719.1.301.4.44.1 NAME 'kr bPwdHistory' EQUALITY octetStringMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.40) olcAttributeTypes: {33}( 2.16.840.1.113719.1.301.4.45.1 NAME 'kr bLastPwdChange' EQUALITY generalizedTimeMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {34}( 2.16.840.1.113719.1.301.4.46.1 NAME 'kr bMKey' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.40) olcAttributeTypes: {35}( 2.16.840.1.113719.1.301.4.47.1 NAME 'kr bPrincipalAliases' EQUALITY caseExactIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {36}( 2.16.840.1.113719.1.301.4.48.1 NAME 'kr bLastSuccessfulAuth' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {37}( 2.16.840.1.113719.1.301.4.49.1 NAME 'kr bLastFailedAuth' EQUALITY generalizedTimeMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {38}( 2.16.840.1.113719.1.301.4.50.1 NAME 'kr bLo Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={5}kerberos> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={5}kerberos>, <cn={5}kerberos> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={5}kerberos) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={6}uidnext.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={6}uidnext objectClass: olcSchemaConfig cn: {6}uidnext olcObjectClasses: {0}( 1.1.2.2.1.30 NAME 'uidnext' SUP top STRUCTURAL MUST ( cn $ uidNumber )) structuralObjectClass: olcSchemaConfig entryUUID: 189d1db6-8adf-102f-87a7-a13f60af0032 creatorsName: cn=config createTimestamp: 20101122235057Z entryCSN: 20101122235057.569075Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122235057Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={6}uidnext> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={6}uidnext>, <cn={6}uidnext> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={6}uidnext) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig olcDatabase: {-1}frontend olcAccess: {0}to dn.base="" by * read olcAccess: {1}to dn.base="cn=Subschema" by * read structuralObjectClass: olcDatabaseConfig entryUUID: 1a06c66c-8ade-102f-8d08-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.442520Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcDatabase={-1}frontend> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcDatabase={-1}frontend>, <olcDatabase={-1}frontend> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcDatabase={-1}frontend) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="uid=syncrepl,ou=system,dc=ls,dc=cbn" read by * break olcLimits: {0}dn.exact="uid=syncrepl,ou=system,dc=ls,dc=cbn" size.soft=unlimit ed olcRootDN: cn=config olcRootPW:: e1NTSEF9K3hqNDB5T2U1ZGtyTU45aWVrMGhpSlFMMFVGUlFVNWFXZz09 olcSecurity: simple_bind=128 ssf=71 olcSyncrepl: {0}rid=1 provider="ldap://mgaauth1.ni.ls.cbn/" searchbase="cn=con fig" type="refreshAndPersist" retry="120 +" starttls=critical tls_reqcert=dem and bindmethod="simple" binddn="uid=syncrepl,ou=system,dc=ls,dc=cbn" credenti als="I9BpLVmLdOaL" olcUpdateRef: ldap://mgaauth1.ni.ls.cbn/ structuralObjectClass: olcDatabaseConfig entryUUID: 1a06cd10-8ade-102f-8d09-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.442690Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcDatabase={0}config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcDatabase={0}config>, <olcDatabase={0}config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcDatabase={0}config) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=config>, <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=config>, <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcOverlay={0}syncprov objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 10 structuralObjectClass: olcSyncProvConfig entryUUID: 1a06d9fe-8ade-102f-8d0a-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.443021Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcOverlay={0}syncprov> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcOverlay={0}syncprov>, <olcOverlay={0}syncprov> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcOverlay={0}syncprov) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=ls,dc=cbn olcAccess: {0}to attrs=userPassword by self write by * auth olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to attrs=userPKCS12 by self read by * none olcAccess: {3}to * by * read olcRootDN: cn=admin,dc=ls,dc=cbn olcRootPW:: e1NTSEF9TkJSVVEyR0FGMlNQN1dsbFh3eS9GK2t5MFBST1UxaEpWQT09 olcUpdateRef: ldap://anubis.ls.cbn/ olcDbCacheSize: 10000 olcDbCheckpoint: 1024 5 olcDbConfig: {0}set_cachesize 0 15000000 1 olcDbConfig: {1}set_lg_regionmax 262144 olcDbConfig: {2}set_lg_bsize 2097152 olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE olcDbIDLcacheSize: 30000 olcDbIndex: objectclass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: member eq olcDbIndex: memberUid eq olcDbIndex: mail eq olcDbIndex: cn eq,sub olcDbIndex: displayName eq,sub olcDbIndex: uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: givenName eq,sub olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq structuralObjectClass: olcHdbConfig entryUUID: 65b86196-8adf-102f-87a8-a13f60af0032 creatorsName: cn=config createTimestamp: 20101122235306Z olcSyncrepl: {0}rid=2 provider="ldap://anubis.ls.cbn/" searchbase="dc=ls,dc=cb n" type="refreshOnly" retry="120 +" interval="00:00:01:00" starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,ou=system,dc=ls,d c=cbn" credentials="lieguYwHee" entryCSN: 20101123001649.251496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101123001649Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcDatabase={1}hdb> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcDatabase={1}hdb>, <olcDatabase={1}hdb> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcDatabase={1}hdb) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <dc=ls,dc=cbn>, <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: hdb_db_init: Initializing HDB database Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <dc=ls,dc=cbn>, <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: conn=-1 op=0 p=0 Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: matching_rule_use_init Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.804 (integerBitOrMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.803 (integerBitAndMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $ automountInformation $ suseNamingAttribute $ susePasswordHash $ suseSkelDir $ krbPrincipalName $ krbCanonicalName $ krbHostServer $ krbPrincipalAliases $ krbAllowedToDelegateTo ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $ automountInformation $ suseNamingAttribute $ susePasswordHash $ suseSkelDir $ krbPrincipalName $ krbCanonicalName $ krbHostServer $ krbPrincipalAliases $ krbAllowedToDelegateTo ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.39 (certificateListMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.38 (certificateListExactMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.35 (certificateMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.34 (certificateExactMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.30 (objectIdentifierFirstComponentMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.29 (integerFirstComponentMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.27 (generalizedTimeMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime $ krbPrincipalExpiration $ krbPasswordExpiration $ krbLastPwdChange $ krbLastSuccessfulAuth $ krbLastFailedAuth ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.24 (protocolInformationMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.23 (uniqueMemberMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.22 (presentationAddressMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.20 (telephoneNumberMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.17 (octetStringMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey $ pwdHistory $ nisPublicKey $ nisSecretKey $ krbPrincipalKey $ krbPwdHistory $ krbMKey $ krbExtraData ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.16 (bitStringMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.14 (integerMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.13 (booleanMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $ olcDbNoUndefFilter $ olcAccessLogSuccess $ olcDDSstate $ olcMemberOfRefInt $ pwdReset $ olcPPolicyHashCleartext $ olcPPolicyForwardUpdates $ olcPPolicyUseLockout $ olcPcachePersist $ olcPcacheValidate $ olcPcacheOffline $ olcRetcodeInDir $ olcRwmNormalizeMapped $ olcRwmDropUnrequested $ olcSpNoPresent $ olcSpReloadHint $ olcTranslucentStrict $ olcTranslucentNoGlue $ olcTranslucentBindLocal $ olcTranslucentPwModLocal $ olcUniqueStrict $ suseImapUseSsl $ krbUPEnabled ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.11 (caseIgnoreListMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.8 (numericStringMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.7 (caseExactSubstringsMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.6 (caseExactOrderingMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.5 (caseExactMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin $ krbLdapServers $ krbPrincNamingAttr $ krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.4 (caseIgnoreSubstringsMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.3 (caseIgnoreOrderingMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.2 (caseIgnoreMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin $ krbLdapServers $ krbPrincNamingAttr $ krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.36.79672281.1.13.3 (rdnMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.1 (distinguishedNameMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcRelay $ olcAccessLogDB $ memberOf $ olcMemberOfDN $ pwdPolicySubentry $ olcPPolicyDefault $ olcRefintNothing $ olcRefintModifiersName $ olcRetcodeParent $ olcUniqueBase $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect $ suseDefaultBase $ suseDefaultTemplate $ suseSecondaryGroup $ krbRealmReferences $ krbKdcServers $ krbPwdServers $ krbPrincipalReferences $ krbAdmServers $ krbPwdPolicyReference $ krbTicketPolicyReference $ krbSubTrees $ krbObjectReferences $ krbPrincContainerRef ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.0 (objectIdentifierMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd startup: initiated. Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting "cn=config" Nov 22 18:22:53 mgaauth1 slapd[12651]: config_back_db_open Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: conn=-1 op=0 p=0 Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting "dc=ls,dc=cbn" Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: "dc=ls,dc=cbn" Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: database "dc=ls,dc=cbn": dbenv_open(/var/lib/ldap). Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_monitor_db_open: monitoring disabled; configure monitor database to enable Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd starting Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrepl rid=002 Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: ndn: "dc=ls,dc=cbn" Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: oc: "(null)", at: "contextCSN" Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_dn2entry("dc=ls,dc=cbn") Nov 22 18:22:53 mgaauth1 slapd[12651]: => hdb_dn2id("dc=ls,dc=cbn") Nov 22 18:22:53 mgaauth1 slapd[12651]: <= hdb_dn2id: got id=0x1 Nov 22 18:22:53 mgaauth1 slapd[12651]: entry_decode: "" Nov 22 18:22:53 mgaauth1 slapd[12651]: <= entry_decode() Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_entry_get: rc=0 Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrep2 rid=002 Nov 22 18:22:53 mgaauth1 slapd[12651]: do_syncrep2: rid=002 LDAP_RES_SEARCH_RESULT Nov 22 18:22:54 mgaauth1 slapd[12651]: slap_listener_activate(7): Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> slap_listener(ldap://) Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 ACCEPT from IP=127.0.0.1:33205 (IP=0.0.0.0:389) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for input on id=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x60, time 1290471774 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 do_bind Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <> Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <> Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 BIND dn="" method=128 Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: version=3 dn="" method=128 Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 op=0 p=3 Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=1 tag=97 err=0 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 RESULT tag=97 err=0 text= Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: v3 anonymous bind Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for input on id=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x63, time 1290471774 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 do_search Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <> Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <> Nov 22 18:22:54 mgaauth1 slapd[12651]: SRCH "" 0 0 Nov 22 18:22:54 mgaauth1 slapd[12651]: 0 0 0 Nov 22 18:22:54 mgaauth1 slapd[12651]: filter: (objectClass=*) Nov 22 18:22:54 mgaauth1 slapd[12651]: attrs: Nov 22 18:22:54 mgaauth1 slapd[12651]: Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Nov 22 18:22:54 mgaauth1 slapd[12651]: => send_search_entry: conn 1000 dn="" Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 ENTRY dn="" Nov 22 18:22:54 mgaauth1 slapd[12651]: <= send_search_entry: conn 1000 exit. Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 op=1 p=3 Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=2 tag=101 err=0 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for input on id=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x42, time 1290471774 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 do_unbind Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 UNBIND Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_close: conn=1000 sd=13 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 closed Any idea what could be going on? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752

2 2

Is it possible to prevent many loggings on many computer from only one user?
by Olivier PAVILLA 25 Nov '10

25 Nov '10

Hi everyone I would like to know if it's possible to prevent many loggings on many computers from only one user? I have LDAP/Samba server. Anyone must connect with LDAP to acces its home. So I have user who opened 12 computers, logged on those 12 computers and ran boinc-client on those 12 computers... I want to prevent this kind of behaviour... Thanks in advance. Regards. -- Olivier Pavilla << 仕事を探しています。求職中です。>> S.C.I.R.C. Orléans (Bourgogne) - I.U.F.M. Centre-Val de Loire 72 Rue du Faubourg Bourgogne -45044 ORLEANS Cedex 1 Tel : 02-38-49-26-20 , mailto:olivier.pavilla@univ-orleans.fr http://blog.linux-squad.com - 僕の傑作です。 http://gallery.linux-squad.com - 僕の傑作です。

2 1

How to set Multiple base dn
by Laurent gobalraja 25 Nov '10

25 Nov '10

Hi ! I'm new to openldap 2.4 and have set up a running server. 1) How can i add a second base DN using the new cn=config files ? I've got a "dn=domain1.org,dn=org", i'd like to add a "dn=domain2,dn=org" base. 2) How can i set TLS using the new cn=config style ? System : Debian/Squeeze Thx for any help.

2 1

dynamic groups
by Christian Bösch 25 Nov '10

25 Nov '10

Hi, I have built my ldap groups with dynlist overlay. _If i search for a group i can see the members: ldapsearch -Y EXTERNAL -b 'ou=Groups,dc=abc,dc=net' 'cn=ou-is' dn: cn=ou-is,ou=Groups,dc=abc,dc=net objectClass: groupOfURLs objectClass: fhvGroup cn: ou-is memberURL: ldap:///ou=People,dc=abc,dc=net??sub?(fhvIsAISMemberOf=cn=ou-is,ou=Groups,dc=abc,dc=net) member: uid=cb,ou=fhv,ou=People,dc=abc,dc=net _But if i search for members i only get empty results: ldapsearch -Y EXTERNAL -b 'ou=Groups,dc=abc,dc=net' '(member=uid=cb,ou=fhv,ou=People,dc=abc,dc=net)' cn member Is this not working with dynamic groups? And does it make sense to build indexes for dynamic member attributes? /thx,chris

3 6

RE: About locked LDAP user
by Sotomayor, Vicente (ITD) 24 Nov '10

24 Nov '10

>Message: 4 >Date: Mon, 22 Nov 2010 06:02:53 -0800 (PST) >From: "=?gb2312?B?R2FyeS5qc3o=?=" <gary.jsz(a)gmail.com> >To: openldap-technical(a)openldap.org >Subject: About locked LDAP user >Message-ID: <4cea780d.1e30dc0a.1b96.77a5(a)mx.google.com> >Content-Type: text/plain; charset="gb2312" >Hi,ALL > I'm new openLDAP user. But now, I have a problem about LDAP user manager. > > > I want stop a specify user in LDAP system,but I don't want to delete this user and change the user's password. > > How to locked this user? such as Linux system "passwd -l xxx" to locked system users. > > Help me,please! Use lusermode -L username to to lock it down. That's how I do it in RH.

1 0

About locked LDAP user
by Gary.jsz 23 Nov '10

23 Nov '10

Hi,ALL I'm new openLDAP user. But now, I have a problem about LDAP user manager. I want stop a specify user in LDAP system,but I don't want to delete this user and change the user's password. How to locked this user? such as Linux system "passwd -l xxx" to locked system users. Help me,please! Thanks.

2 1

Issues migrating from openLDAP 2.0.27-11 to 2.3.43-12.el5_5.2
by Chris Beach 23 Nov '10

23 Nov '10

I've purchased a new server to replace my current domain controller, one issue I'm having is migrating LDAP from my old server to the new one, I've worked out a lot of the problems I've had, but I'm not having any luck with this one. Please keep in mind, I am not very knowledgeable with LDAP in general, so I may have missed things more experienced people may not have. I had two objectClasses that were conflicting: account and inetOrgPerson, apparently in my old LDAP version it allowed this, but the new one was giving errors ( (65) invalid structural object class chain (inetOrgPerson/account)), so I simply removed all of the account objectClasses to see what it would do, this did get rid of half the errors, and all of my users now show up in LDAP, but I find now that all of my ou=Computers are erroring out with: slapadd: dn="uid=STCQA01$,ou=Computers,dc=pin,dc=com" (line=10425): (65) no structural object class provided I can only assume this is because I've removed the account object class from the file, but if I add it back in I get: slapadd: dn="uid=STCQA01$,ou=Computers,dc=pin,dc=com" (line=10426): (65) invalid structural object class chain (inetOrgPerson/account) Any suggestions on what I'm doing wrong here? Here is my includes in slapd.conf: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /usr/share/doc/samba-3.0.33/LDAP/samba.schema include /etc/openldap/schema/RADIUS-LDAPv3.schema I really would appreciate any feedback, thanks!

2 2

Passwords in DIT after MOD from Solaris Client
by Ben Rockwood 22 Nov '10

22 Nov '10

Hello, I'm using pam_ldap on a Solaris 10 client and an OpenLDAP server. Everything works great, with one little exception. I can create new accounts from an LDIF specifying the password as {SSHA} and everything works fine. Users can login, etc. However, if a user changes their password from Solaris ('passwd -r ldap') the password is now stored in the directory as plaintext. The user can still login, change their password, etc, it works fine... but I don't want plaintext passwords in the directory. I tried adding "password-hash {SSHA}" to slapd.conf, but that didn't do anything... nor would I expect it to because its the default setting. Can anyone point me in the right direction? benr.

2 2

self signed certificate
by Márcio Luciano Donada 22 Nov '10

22 Nov '10

Hi list, When using TLS, I have information that I'm using a self-signed certificate, as shown below: # ldapsearch -x -d5 -b 'ou=Usuarios,dc=xx,dc=com,dc=br' -H ldaps://121.1.1.97/ '(objectclass=*)' ldap_url_parse_ext(ldaps://121.1.1.97/) ldap_create ldap_url_parse_ext(ldaps://121.1.1.97:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 121.1.1.97:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 121.1.1.97:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 0, err: 18, subject: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ldap.xx.com.br, issuer: -State/O=Internet Widgits Pty Ltd/CN=ldap.xx.com.br TLS certificate verification: Error, self signed certificate TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate). ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) My slapd.conf: TLSRandFile /dev/random TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/ssl/cert.crt TLSCertificateKeyFile /usr/local/etc/openldap/ssl/cert.key TLSCACertificateFile /usr/local/etc/openldap/ssl/cert.crt my ldap.conf pam_login_attribute uid base dc=xxxx,dc=com,dc=br uri ldap://127.0.0.1/ PORT 636 HOST 127.0.0.1 TLS_REQCERT allow TLS_CACERT /usr/local/etc/openldap/ssl/cert.crt TLS_CACERTDIR /usr/local/etc/openldap/ssl -- Márcio Luciano Donada <mdonada -at- auroraalimentos -dot- com -dot- br> Aurora Alimentos - Cooperativa Central Oeste Catarinense Departamento de T.I.

5 5

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical