Hi all,

I am using OpenLDAP with MySQL backend for testing purpose, a future project of linux authentication via LDAP but with MySQL backend.

For this I am using 2 virtual machines with the following configurations:

Centos 5.6 x86_64

Iptables is off

Memory: 1 GB of RAM

Packages installed on server: openldap.x86_64 , openldap-servers-sql.x86_64 , openldap-servers.x86_64 , openldap-clients.x86_64 (all are version 2.3.43) , openldap24-libs.x86_64 (version 2.4.23) , mysql-connector-odbc.x86_64 (version 3.51.26r1127 )

Packages installed on client: openldap-clients.x86_64 (version 2.3.43)

On the server I have created a user ldap, group ldap and granted him FULL access on ldap_test database

After that I imported from /usr/share/doc/openldap-servers-sql-2.3.43/rdbms_depend/mysql/

the files: backsql_create.sql , testdb_create.sql , testdb_data.sql , testdb_metadata.sql

into the database ldap_test

When I try to ldap search from the CLIENT computer with

ldapsearch –x

it should show me all the contents in the database

tried also with

ldapsearch –x –D “cn=admin,dc=example,dc=com” –W

still no result

In a manual check the data is in the MySQL database, in all tables

Can someone provide me some info/ideeas on how to configure it to work?

Thank you in advance.

Below are all my config files and the output from slapd

############

/etc/odbc.ini

############

; ; odbc.ini configuration for Connector/ODBC and Connector/ODBC 3.51 drivers ;

[ODBC Data Sources]

mysql = MySQL 3.51

[mysql]

driver = mysql

server = localhost

port = 3306

database = ldap_test

user = ldap

password = ldappass

socket = /var/lib/mysql/mysql.sock

[default]

driver = MySQL

server = localhost

port = 3306

database = ldap_test

user = ldap

password = ldappass

socket = /var/lib/mysql/mysql.sock

##########

/etc/odbcinst.ini

##########

mysql]

driver = /usr/lib64/libmyodbc3.so

usagecount = 1

############

/etc/openldap/slapd.conf

############

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

include /etc/openldap/schema/nis.schema

# Allow LDAPv2 client connections. This is NOT the default.

allow bind_v2

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral ldap://root.openldap.org

# Level of LOG

loglevel -1

pidfile /var/run/openldap/slapd.pid

argsfile /var/run/openldap/slapd.args

# Load dynamic backend modules:

#modulepath /usr/lib64/openldap/

# Modules available in openldap-servers-overlays RPM package

# Module syncprov.la is now statically linked with slapd and there

# is no need to load it here

# moduleload accesslog.la

# moduleload auditlog.la

# moduleload denyop.la

# moduleload dyngroup.la

# moduleload dynlist.la

# moduleload lastmod.la

# moduleload pcache.la

# moduleload ppolicy.la

# moduleload refint.la

# moduleload retcode.la

# moduleload rwm.la

# moduleload smbk5pwd.la

# moduleload translucent.la

# moduleload unique.la

# moduleload valsort.la

# modules available in openldap-servers-sql RPM package:

moduleload /usr/lib64/openldap/back_sql.la

# The next three lines allow use of TLS for encrypting connections using a

# dummy test certificate which you can generate by changing to

# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on

# slapd.pem so that the ldap user or group can read it. Your client software

# may balk at self-signed certificates, however.

# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

# TLSCertificateFile /etc/pki/tls/certs/slapd.pem

# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

# Sample security restrictions

# Require integrity protection (prevent hijacking)

# Require 112-bit (3DES or better) encryption for updates

# Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

# Root DSE: allow anyone to read it

# Subschema (sub)entry DSE: allow anyone to read it

# Other DSEs:

# Allow self write access

# Allow authenticated users read access

# Allow anonymous users to authenticate

# Directives needed to implement policy:

# access to dn.base="" by * read

# access to dn.base="cn=Subschema" by * read

access to *

by self write

by users read

by anonymous auth

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn. (e.g., "access to * by * read")

# rootdn can always read and write EVERYTHING!

#######################################################################

# SQL database definitions

#######################################################################

database sql

suffix "dc=example,dc=com"

rootdn "cn=admin,dc=example,dc=com"

rootpw {SHA}28Jb9vUzoK2ufUP85ZVsNUV9kJ4=

dbname ldap_test

dbuser ldap

dbpasswd ldappass

at_query "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return FROM `ldap_test`.`ldap_attr_mappings` WHERE oc_map_id=?"

oc_query "SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM `ldap_test`.`ldap_oc_mappings`"

insentry_query "INSERT INTO `ldap_test`.`ldap_entries` (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from `ldap_test`.`ldap_entries`),?,?,?,?)"

id_query "SELECT id,keyval,oc_map_id,dn FROM `ldap_test`.`ldap_entries` WHERE dn=?"

#########

/etc/openldap/ldap.conf

#########

# LDAP Defaults

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

#BASE dc=example, dc=com

#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12

#TIMELIMIT 15

#DEREF never

URI ldap://192.168.200.128/

BASE dc=example,dc=com

TLS_CACERTDIR /etc/openldap/cacerts

Slapd –d -1 output when in do a

ldapsearch -x -D "cn=admin,dc=example,dc=com" -W

#####

daemon: activity on 1 descriptor

daemon: activity on:

slap_listener_activate(7):

daemon: epoll: listen=7 busy

>>> slap_listener(ldap:///)

daemon: activity on 1 descriptor

daemon: activity on:

daemon: epoll: listen=7 active_threads=0 tvp=NULL

daemon: listen=7, new connection on 8

daemon: added 8r (active) listener=(nil)

conn=0 fd=8 ACCEPT from IP=192.168.200.131:50069 (IP=0.0.0.0:389)

daemon: activity on 2 descriptors

daemon: activity on: 8r

daemon: epoll: listen=7 active_threads=0 tvp=NULL

daemon: activity on 1 descriptor

daemon: activity on: 8r

daemon: read active on 8

daemon: epoll: listen=7 active_threads=0 tvp=NULL

connection_get(8)

connection_get(8): got connid=0

connection_read(8): checking for input on id=0

ber_get_next

ldap_read: want=8, got=8

0000: 30 2e 02 01 01 60 29 02 0....`).

ldap_read: want=40, got=40

0000: 01 03 04 1a 63 6e 3d 61 64 6d 69 6e 2c 64 63 3d ....cn=admin,dc=

0010: 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 80 08 example,dc=com..

0020: 61 6c 66 61 62 65 74 61 alfabeta

ber_get_next: tag 0x30 len 46 contents:

ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb0 end=0x2b23ef734cde len=46

0000: 02 01 01 60 29 02 01 03 04 1a 63 6e 3d 61 64 6d ...`).....cn=adm

0010: 69 6e 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 in,dc=example,dc

0020: 3d 63 6f 6d 80 08 61 6c 66 61 62 65 74 61 =com..alfabeta

ber_get_next

ldap_read: want=8 error=Resource temporarily unavailable

daemon: activity on 1 descriptor

do_bind

ber_scanf fmt ({imt) ber:

ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb3 end=0x2b23ef734cde len=43

0000: 60 29 02 01 03 04 1a 63 6e 3d 61 64 6d 69 6e 2c `).....cn=admin,

0010: 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f dc=example,dc=co

0020: 6d 80 08 61 6c 66 61 62 65 74 61 m..alfabeta

ber_scanf fmt (m}) ber:

ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cd4 end=0x2b23ef734cde len=10

0000: 00 08 61 6c 66 61 62 65 74 61 ..alfabeta

>>> dnPrettyNormal: <cn=admin,dc=example,dc=com>

=> ldap_bv2dn(cn=admin,dc=example,dc=com,0)

<= ldap_bv2dn(cn=admin,dc=example,dc=com)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=admin,dc=example,dc=com)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=admin,dc=example,dc=com)=0

<<< dnPrettyNormal: <cn=admin,dc=example,dc=com>, <cn=admin,dc=example,dc=com>

do_bind: version=3 dn="cn=admin,dc=example,dc=com" method=128

daemon: activity on:

daemon: epoll: listen=7 active_threads=0 tvp=NULL

conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128

==>backsql_bind()

<==backsql_bind() root bind

conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0

do_bind: v3 bind: "cn=admin,dc=example,dc=com" to "cn=admin,dc=example,dc=com"

send_ldap_result: conn=0 op=0 p=3

send_ldap_result: err=0 matched="" text=""

send_ldap_response: msgid=1 tag=97 err=0

ber_flush: 14 bytes to sd 8

0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........

ldap_write: want=14, written=14

0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........

conn=0 op=0 RESULT tag=97 err=0 text=

daemon: activity on 1 descriptor

daemon: activity on: 8r

daemon: read active on 8

daemon: epoll: listen=7 active_threads=0 tvp=NULL

connection_get(8)

connection_get(8): got connid=0

connection_read(8): checking for input on id=0

ber_get_next

ldap_read: want=8, got=8

0000: 30 36 02 01 02 63 31 04 06...c1.

ldap_read: want=48, got=48

0000: 11 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 .dc=example,dc=c

0010: 6f 6d 0a 01 02 0a 01 00 02 01 00 02 01 00 01 01 om..............

0020: 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 00 ...objectclass0.

ber_get_next: tag 0x30 len 54 contents:

ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb0 end=0x2b23ef734ce6 len=54

0000: 02 01 02 63 31 04 11 64 63 3d 65 78 61 6d 70 6c ...c1..dc=exampl

0010: 65 2c 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 e,dc=com........

0020: 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 .........objectc

0030: 6c 61 73 73 30 00 lass0.

ber_get_next

ldap_read: want=8 error=Resource temporarily unavailable

do_search

daemon: activity on 1 descriptor

ber_scanf fmt ({miiiib) ber:

ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb3 end=0x2b23ef734ce6 len=51

0000: 63 31 04 11 64 63 3d 65 78 61 6d 70 6c 65 2c 64 c1..dc=example,d

0010: 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02 01 c=com...........

0020: 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 ......objectclas

0030: 73 30 00 s0.

>>> dnPrettyNormal: <dc=example,dc=com>

=> ldap_bv2dn(dc=example,dc=com,0)

<= ldap_bv2dn(dc=example,dc=com)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(dc=example,dc=com)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(dc=example,dc=com)=0

<<< dnPrettyNormal: <dc=example,dc=com>, <dc=example,dc=com>

daemon: activity on:

daemon: epoll: listen=7 active_threads=0 tvp=NULL

SRCH "dc=example,dc=com" 2 0 0 0 0

begin get_filter

PRESENT

ber_scanf fmt (m) ber:

ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cd7 end=0x2b23ef734ce6 len=15

0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 00 ..objectclass0.

end get_filter 0

filter: (objectClass=*)

ber_scanf fmt ({M}}) ber:

ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734ce4 end=0x2b23ef734ce6 len=2

0000: 00 00 ..

attrs:

conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)"

==>backsql_search(): base="dc=example,dc=com", filter="(objectClass=*)", scope=2, deref=0, attrsonly=0, attributes to load: all

==>backsql_get_db_conn()

==>backsql_open_db_conn(0)

<==backsql_open_db_conn(0)

backsql_open_db_conn(0): connected, adding to tree.

<==backsql_get_db_conn()

==>backsql_dn2id("dc=example,dc=com") matched expected

backsql_dn2id("dc=example,dc=com"): id_query "SELECT id,keyval,oc_map_id,dn FROM `ldap_test`.`ldap_entries` WHERE dn=?"

backsql_dn2id("dc=example,dc=com"): upperdn="MOC=CD,ELPMAXE=CD"

<==backsql_dn2id("dc=example,dc=com"): err=32

send_ldap_result: conn=0 op=1 p=3

send_ldap_result: err=32 matched="" text=""

send_ldap_response: msgid=2 tag=101 err=32

ber_flush: 14 bytes to sd 8

0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....

ldap_write: want=14, written=14

0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....

conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=

daemon: activity on 1 descriptor

<==backsql_search()

daemon: activity on: 8r

daemon: read active on 8

daemon: epoll: listen=7 active_threads=0 tvp=NULL

connection_get(8)

connection_get(8): got connid=0

connection_read(8): checking for input on id=0

ber_get_next

ldap_read: want=8, got=7

0000: 30 05 02 01 03 42 00 0....B.

ber_get_next: tag 0x30 len 5 contents:

ber_dump: buf=0x2b23ef5e0ba0 ptr=0x2b23ef5e0ba0 end=0x2b23ef5e0ba5 len=5

0000: 02 01 03 42 00 ...B.

ber_get_next

ldap_read: want=8, got=0

ber_get_next on fd 8 failed errno=0 (Success)

connection_read(8): input error=-2 id=0, closing.

connection_closing: readying conn=0 sd=8 for close

daemon: activity on 1 descriptor

connection_close: deferring conn=0 sd=8

daemon: activity on:

do_unbind

daemon: epoll: listen=7 active_threads=0 tvp=NULL

conn=0 op=2 UNBIND

connection_resched: attempting closing conn=0 sd=8

connection_close: conn=0 sd=8

==>backsql_connection_destroy()

==>backsql_free_db_conn()

backsql_free_db_conn(): closing db connection 0 (0x2b23ef754530)

==>backsql_close_db_conn(0)

<==backsql_close_db_conn(0)

<==backsql_free_db_conn()

<==backsql_connection_destroy()

daemon: removing 8

conn=0 fd=8 closed