On Wed, Mar 30, 2011 at 12:18 PM, sim123 Sim3159@gmail.com wrote:
On Wed, Mar 30, 2011 at 7:49 AM, Dan White dwhite@olp.net wrote:
On 30/03/11 04:36 -0700, sim123 wrote:
On Tue, Mar 29, 2011 at 7:43 PM, Dan White dwhite@olp.net wrote:
It looks like the search is not returning any entries. From your confluence server, can you perform an ldapsearch as your privileged user to see if you get any entries returned?
Thanks for your reply. You got me right and I am sure the first two things are working so my authentication user has privileges, Confluence is submitting base,scope and filter. I am not sure about the third point, needs to validate it.
I tried doing ldapsearch from ldap server machine (local) and from confluence server using filter on uid/cn. However, don't know why wild card works and specific search doesn't.
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b 'ou=users,dc=example,dc=com' '(uid=123)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=users,dc=example,dc=com> with scope subtree # filter: (uid=123) # requesting: ALL #
# search result search: 2 result: 0 Success
# numResponses: 1
where as ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b 'ou=users,dc=example,dc=com' '(uid=123*)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=users,dc=example,dc=com> with scope subtree # filter: (uid=123*) # requesting: ALL #
# 123, users, example.com dn: uid=123,ou=users,dc=example,dc=com displayName: Barbara Jason objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top mail: bjason@example.com uid: 123 userPassword:: bXJhanZhaWR5YQ== sn: Jason cn: Barbara
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
again, I tried searching for it but couldn't find it, sorry for being naive but would appreciate any help. Thanks
My guess is that you're running into a bdb/hdb indexing problem. Try adding an index in your slapd.conf/slapd-config for uid (if it doesn't exist), and then rebuild your indexes using slapindex.
See the man pages for slapd-bdb/slapd-hdb and slapindex for details.
-- Dan White
Thanks for your response, its index, I recreated the index and cane do ldapsearch.
Confluence is doing the three step process you described i.e Init session and bind with confluence user, search for dn and bind with dn. For some reason I see search can not find anything and log says:
bdb_nidex_read: failed (-30988)
bdb_search: no candidates
I had it working once!! don't know what magic happend that time ... posting logs incase there is any clue there :
*Success Logs* slap_listener_activate(8):
slap_listener(ldap:///)
connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 43 contents: op tag 0x60, time 1301501949 ber_get_next conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber:
dnPrettyNormal: <cn=Manager,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com> *do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128* do_bind: v3 bind: "cn=Manager,dc=example,dc=com" to "cn=Manager,dc=example,dc=com" send_ldap_result: conn=1000 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 120 contents: op tag 0x63, time 1301501949 ber_get_next conn=1000 op=1 do_search ber_scanf fmt ({miiiib) ber:
dnPrettyNormal: <ou=users,dc=example,dc=com>
<<< dnPrettyNormal: <ou=users,dc=example,dc=com>, <ou=dc=example,dc=com> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: => get_ctrls ber_scanf fmt ({m) ber: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) <= get_ctrls: n=1 rc=0 err="" => bdb_search bdb_dn2entry("ou=users,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: got id=0x1 => bdb_dn2id("ou=users,dc=example,dc=com") <= bdb_dn2id: got id=0x3 entry_decode: "ou=users,dc=example,dc=com" <= entry_decode(ou=users,dc=example,dc=com) search_candidates: base="ou=users,dc=example,dc=com" (0x00000003) scope=2 => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read: failed (-30988) <= bdb_equality_candidates: id=0, first=0, last=0 => bdb_dn2idl("ou=users,dc=example,dc=com") <= bdb_dn2idl: id=2 first=3 last=6 => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read 2 candidates <= bdb_equality_candidates: id=2, first=6, last=7 => bdb_equality_candidates (cn) => key_read <= bdb_index_read 1 candidates <= bdb_equality_candidates: id=1, first=6, last=6 bdb_search_candidates: id=1 first=6 last=6 *entry_decode: "uid=123,ou=users,dc=example,dc=com"* <= entry_decode(uid=123,ou=users,dc=example,dc=com) => bdb_dn2id("uid=123,ou=users,dc=example,dc=com") <= bdb_dn2id: got id=0x6 *=> send_search_entry: conn 1000 dn="uid=123,ou=users,dc=example,dc=com"* ber_flush2: 265 bytes to sd 12 <= send_search_entry: conn 1000 exit. send_ldap_result: conn=1000 op=1 p=3 send_ldap_response: msgid=2 tag=101 err=0 ber_flush2: 14 bytes to sd 12 slap_listener_activate(8):
slap_listener(ldap:///)
connection_get(15): got connid=1001 connection_read(15): checking for input on id=1001 ber_get_next ber_get_next: tag 0x30 len 52 contents: op tag 0x60, time 1301501949 ber_get_next conn=1001 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber:
dnPrettyNormal: <uid=123,ou=users,dc=example,dc=com>
<<< dnPrettyNormal: <uid=123,ou=users,dc=example,dc=com>, <uid=123,ou=users,dc=example,dc=com> *do_bind: version=3 dn="uid=123,ou=users,dc=example,dc=com" method=128* bdb_dn2entry("uid=123,ou=users,dc=example,dc=com") do_bind: v3 bind: "uid=123,ou=users,dc=example,dc=com" to "uid=123,ou=users,dc=example,dc=com" send_ldap_result: conn=1001 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 15 connection_get(15): got connid=1001 connection_read(15): checking for input on id=1001 ber_get_next ber_get_next: tag 0x30 len 34 contents: op tag 0x42, time 1301501968 ber_get_next ber_get_next on fd 15 failed errno=0 (Success) conn=1001 op=1 do_unbind connection_close: conn=1001 sd=15
*Failure log*
connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 118 contents: op tag 0x63, time 1301512406 ber_get_next conn=1000 op=2 do_search ber_scanf fmt ({miiiib) ber:
dnPrettyNormal: <ou=users,dc=example,dc=com>
<<< dnPrettyNormal: <ou=users,dc=example,dc=com>, <ou=users,dc=example,dc=com> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: => get_ctrls ber_scanf fmt ({m) ber: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) <= get_ctrls: n=1 rc=0 err="" => bdb_search bdb_dn2entry("ou=users,dc=example,dc=com") search_candidates: base="ou=users,dc=example,dc=com" (0x00000003) scope=2 => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read: failed (-30988) <= bdb_equality_candidates: id=0, first=0, last=0 => bdb_dn2idl("ou=users,dc=example,dc=com") <= bdb_dn2idl: id=2 first=3 last=6 => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read 2 candidates <= bdb_equality_candidates: id=2, first=6, last=7 => bdb_equality_candidates (cn) => key_read <= bdb_index_read: failed (-30988) <= bdb_equality_candidates: id=0, first=0, last=0 bdb_search_candidates: id=0 first=3 last=0 *bdb_search: no candidates* send_ldap_result: conn=1000 op=2 p=3 send_ldap_response: msgid=3 tag=101 err=0 ber_flush2: 14 bytes to sd 12
Thanks
Sorry for long logs above, I just found out I can use cn field for logging in and it works fine, however uid field doesn't work, I have index on cn and uid so not sure why uid doesn't work.
Thanks.