Please excuse the long email, but I wanted to include everything that might be useful for a diagnosis:
I am having trouble setting up my OpenLDAP proxy. Eventually, I would like it to authenticate to our domain controller using idassert-bind, but I'm not worried about that at the moment. When I issue an ldapsearch command against the domain controller:
ldapsearch -Hldap://LOCALDC -b "" -s base -x -D "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,DC=emea,DC=corp,DC=local" -W
It works and I get a reply. When I try it via slapd (running on my machine), It seems to authenticate me ok (wrong passwords and "-D" options return errors), but I don't get my details back, other than a success and no results:
ldapsearch -b "" -s base -x -D "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery ,DC=emea,DC=corp,DC=local" -W '(samaccountname=clemsoc)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (samaccountname=clemsoc) # requesting: ALL #
# search result search: 2 result: 0 Success
# numResponses: 1
"ldapsearch -b "" -s base -x '(samaccountname=clemsoc)'" also returns the same result. When I do the following (ie, not search for anything): ldapsearch -b "" -s base -x -D "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,DC=emea,DC=corp,DC=local" -W I get the following output:
Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# dn: objectClass: top objectClass: OpenLDAProotDSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
I am running slapd with -d 9, but can't really see anything that helps me.
I guess I am missing something, or am not specific enough with my Base DN. Basically, all my users (that I want to search for) are in various OUs under the "Service Delivery" OU in Active Directory.
Ldap.conf --------- BASE ou=Service Delivery, dc=emea, dc=corp, dc=local URI ldap://MYMACHINE
Slapd.conf ---------- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/MSOutlook.schema <- custom one I found on for other attributes pidfile /var/openldap/run/slapd.pid argsfile /var/openldap/run/slapd.args Moduleload back_ldap.la access to * by * read database ldap uri ldap://LOCALDC suffix "dc=emea,dc=corp,dc=local" idassert-bind bindmethod=simple binddn="cn=OpenLDAP Access Account,cn=users,DC=emea,DC=corp,DC=local" credentials="xxxxx" mode=none
Below is the "slapd -d 9" output of a request attempt:
@(#) $OpenLDAP: slapd 2.3.39 (Nov 24 2007 18:26:23) $ vzell@vzell-de:/usr/src/openldap-2.3.39-1/build/servers/slapd daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap:///) daemon: listener initialized ldap:/// daemon_init: 1 listeners opened slapd init: initiated server. slap_sasl_init: initialized! bdb_back_initialize: initialize BDB backend bdb_back_initialize: Berkeley DB 4.5.20: (December 17, 2007) hdb_back_initialize: initialize HDB backend hdb_back_initialize: Berkeley DB 4.5.20: (December 17, 2007) ldap_url_parse_ext(ldap://LOCALDC)
dnPrettyNormal: <dc=emea,dc=corp,dc=local>
<<< dnPrettyNormal: <dc=emea,dc=corp,dc=local>, <dc=emea,dc=corp,dc=local>
dnNormalize: <cn=OpenLDAP Access
Account,cn=users,DC=emea,DC=corp,DC=local> <<< dnNormalize: <cn=openldap access account,cn=users,dc=emea,dc=corp,dc=local>
dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema> matching_rule_use_init 1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog $ mailPreferenceOption ) ) 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog $ mailPreferenceOption ) ) 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox ) ) 2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME 'certificateMatch' APPLIES ( userCertificate $ cACertificate ) ) 2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) ) 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) ) 2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog $ mailPreferenceOption ) ) 2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $ reqStart $ reqEnd $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime ) ) 2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation ) 2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember ) 2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) 2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager $ otherFacsimiletelephoneNumber $ IPPhone ) ) 2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ reqControls $ reqRespControls $ reqMod $ reqOld $ reqData $ pwdHistory $ queryid ) ) 2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) 2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ reqResult $ reqId $ reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog $ mailPreferenceOption ) ) 2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcAccessLogSuccess $ reqDeleteOldRDN $ reqAttrsOnly $ pwdReset $ olcPPolicyHashCleartext $ olcPPolicyUseLockout $ olcSpNoPresent $ olcSpReloadHint ) ) 2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) ) 2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) ) 2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcAuditlogFile $ olcDLattrSet $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ rdn $ URL $ comment $ conferenceInformation ) ) 2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) 2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $ reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $ reqAttr $ olcAuditlogFile $ olcDLattrSet $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $ errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ rdn $ URL $ comment $ conferenceInformation ) ) 1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcAccessLogDB $ reqDN $ reqAuthzID $ reqNewRDN $ reqNewSuperior $ pwdPolicySubentry $ olcPPolicyDefault $ errMatchedDN $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect $ reports ) ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) slapd startup: initiated. backend_startup_one: starting "cn=config" config_back_db_open config_build_entry: "cn=config" config_build_entry: "cn=include{0}" config_build_entry: "cn=include{1}" config_build_entry: "cn=include{2}" config_build_entry: "cn=include{3}" config_build_entry: "cn=schema" config_build_entry: "cn={0}core" config_build_entry: "cn={1}cosine" config_build_entry: "cn={2}inetorgperson" config_build_entry: "cn={3}MSOutlook" config_build_entry: "olcDatabase={-1}frontend" config_build_entry: "olcDatabase={0}config" config_build_entry: "olcDatabase={1}ldap" backend_startup_one: starting "dc=emea,dc=corp,dc=local" ldap_back_db_open: URI=ldap://LOCALDC slapd starting daemon: added 3r listener=0x0 daemon: added 5r listener=0x10041fc8 daemon: select: listen=5 active_threads=0 tvp=NULL daemon: activity on 1 descriptor
slap_listener(ldap:///)
daemon: listen=5, new connection on 6 daemon: added 6r (active) listener=0x0 daemon: select: listen=5 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 6r daemon: read activity on 6 connection_get(6): got connid=0 connection_read(6): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 121 contents: ber_get_next daemon: select: listen=5 active_threads=0 tvp=NULL do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber:
dnPrettyNormal: <cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,DC=emea,DC=corp,DC=local> <<< dnPrettyNormal: <cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,dc=emea,dc=corp,dc=local>, <cn=chris clemson,ou=users,ou=SITE,ou=corp,ou=service delivery,dc=emea,dc=corp,dc=local> do_bind: version=3 dn="cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,dc=emea,dc=corp,dc=local" method=128 ldap_create ldap_url_parse_ext(ldap://LOCALDC) =>ldap_back_getconn: conn=0 op=0: lc=0x10076828 inserted refcnt=1 rc=0 ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP LOCALDC:389 ldap_new_socket: 7 ldap_prepare_socket: 7 ldap_connect_to_host: Trying LOCALDCIP:389 ldap_connect_timeout: fd: 7 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush: 123 bytes to sd 7 ldap_result ld 0x100a60b0 msgid 1 ldap_chkResponseList ld 0x100a60b0 msgid 1 all 1 ldap_chkResponseList returns ld 0x100a60b0 NULL wait4msg ld 0x100a60b0 msgid 1 (timeout 100000 usec) wait4msg continue ld 0x100a60b0 msgid 1 all 1 ** ld 0x100a60b0 Connections: * host: LOCALDC port: 389 (default) refcnt: 2 status: Connected last used: Wed Apr 9 16:36:19 2008
** ld 0x100a60b0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x100a60b0 Response Queue: Empty ldap_chkResponseList ld 0x100a60b0 msgid 1 all 1 ldap_chkResponseList returns ld 0x100a60b0 NULL ldap_int_select read1msg: ld 0x100a60b0 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 16 contents: read1msg: ld 0x100a60b0 msgid 1 message type bind ber_scanf fmt ({eaa) ber: ber_scanf fmt ({eaa}) ber: new result: res_errno: 0, res_error: <>, res_matched: <> read1msg: ld 0x100a60b0 0 new referrals read1msg: mark request completed, ld 0x100a60b0 msgid 1 request done: ld 0x100a60b0 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree do_bind: v3 bind: "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,dc=emea,dc=corp,dc=local" to "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,dc=emea,dc=corp,dc=local" send_ldap_result: conn=0 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush: 14 bytes to sd 6 daemon: activity on 1 descriptor daemon: activity on: 6r daemon: read activity on 6 connection_get(6): got connid=0 connection_read(6): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 51 contents: ber_get_next do_search ber_scanf fmt ({miiiib) ber:
dnPrettyNormal: <>
daemon: select: listen=5 active_threads=0 tvp=NULL <<< dnPrettyNormal: <>, <> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: send_ldap_result: conn=0 op=1 p=3 send_ldap_response: msgid=2 tag=101 err=0 ber_flush: 14 bytes to sd 6 daemon: activity on 1 descriptor daemon: activity on: 6r daemon: read activity on 6 connection_get(6): got connid=0 connection_read(6): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next ber_get_next on fd 6 failed errno=0 (No error) connection_read(6): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=6 for close connection_close: deferring conn=0 sd=6 daemon: select: listen=5 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked daemon: select: listen=5 active_threads=0 tvp=NULL do_unbind connection_resched: attempting closing conn=0 sd=6 connection_close: conn=0 sd=6 =>ldap_back_conn_destroy: fetching conn 0 daemon: removing 6 daemon: shutdown requested and initiated. daemon: closing 5 slapd shutdown: waiting for 0 threads to terminate slapd shutdown: initiated slapd destroy: freeing system resources. ldap_free_connection 1 1 ldap_send_unbind ber_flush: 7 bytes to sd 7 ldap_free_connection: actually freed slapd stopped.
Thank you,
Chris