I have just installed the OpenLDAP server, version 2.4.42, in my Linux. I have done some basic configuration for a fictitious domain owns4.com. My slapd.conf has the following contents: include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/own.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args modulepath /usr/libexec/openldapmoduleload back_bdb.la database bdbsuffix "dc=owns4,dc=com" rootdn "uid=root,ou=People,dc=owns4,dc=com" rootpw xyzabc directory /var/lib/openldap dbconfig set_cachesize 0 2097152 0 index objectClass eq lastmod on access to attrs=userPassword,shadowLastChange by dn="cn=root,dc=owns4,dc=com" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=root,dc=owns4,dc=com" write by * read
After launching the slapd daemon with /usr/libexec/slapd -d 7 I can issue a few commands that are apparently successful: # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts -LLLdn:namingContexts: dc=owns4,dc=com # ldapwhoami -x -H ldap://myipaddressanonymous myipaddress is the IP address of the system where I am issuing the commands, which is the same as where the OpenLDAP daemon is running. However, the next command is not successful: # ldapwhoami -x -H ldap://myipaddress -D "dc=owns4,dc=com" -w xyzabcldap_bind: Invalid credentials (49) It elicits the following output from slapd: 59b4713e slap_listener_activate(7): 59b4713e >>> slap_listener(ldap:///)59b4713e connection_get(13)59b4713e connection_get(13): got connid=100159b4713e connection_read(13): checking for input on id=1001ber_get_nextldap_read: want=8, got=8 0000: 30 21 02 01 01 60 1c 02 0!...`.. ldap_read: want=27, got=27 0000: 01 03 04 0f 64 63 3d 6f 77 6e 73 34 2c 64 63 3d ....dc=owns4,dc= 0010: 63 6f 6d 80 06 78 79 7a 61 62 63 com..xyzabc ber_get_next: tag 0x30 len 33 contents:59b4713e op tag 0x60, time 1504997694ber_get_nextldap_read: want=8 error=Resource temporarily unavailable59b4713e conn=1001 op=0 do_bindber_scanf fmt ({imt) ber:ber_scanf fmt (m}) ber:59b4713e >>> dnPrettyNormal: <dc=owns4,dc=com>=> ldap_bv2dn(dc=owns4,dc=com,0)<= ldap_bv2dn(dc=owns4,dc=com)=0 => ldap_dn2bv(272)<= ldap_dn2bv(dc=owns4,dc=com)=0 => ldap_dn2bv(272)<= ldap_dn2bv(dc=owns4,dc=com)=0 59b4713e <<< dnPrettyNormal: <dc=owns4,dc=com>, <dc=owns4,dc=com>59b4713e do_bind: version=3 dn="dc=owns4,dc=com" method=12859b4713e ==> bdb_bind: dn: dc=owns4,dc=com59b4713e bdb_dn2entry("dc=owns4,dc=com")59b4713e => bdb_dn2id("dc=owns4,dc=com")59b4713e <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)59b4713e send_ldap_result: conn=1001 op=0 p=359b4713e send_ldap_result: err=49 matched="" text=""59b4713e send_ldap_response: msgid=1 tag=97 err=49ber_flush2: 14 bytes to sd 13ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... 59b4713e connection_get(13)59b4713e connection_get(13): got connid=100159b4713e connection_read(13): checking for input on id=1001ber_get_nextldap_read: want=8, got=7 0000: 30 05 02 01 02 42 00 0....B. ber_get_next: tag 0x30 len 5 contents:59b4713e op tag 0x42, time 1504997694ber_get_nextldap_read: want=8, got=0 59b4713e ber_get_next on fd 13 failed errno=0 (Success)59b4713e conn=1001 op=1 do_unbind59b4713e connection_close: conn=1001 sd=13 Isn't the argument to -w in this command supposed to be the same as the value of rootpw in slapd.conf? If so, why is this not working? What are the "ldap_read: want=8 error=Resource temporarily unavailable" and "bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found " diagnostics all about?
-D should be the rootdn in your example
On Sep 10, 2017 13:02, "JC" lovecraftesque@yahoo.com wrote:
I have just installed the OpenLDAP server, version 2.4.42, in my Linux. I have done some basic configuration for a fictitious domain owns4.com. My slapd.conf has the following contents:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/own.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/libexec/openldap moduleload back_bdb.la
database bdb suffix "dc=owns4,dc=com"
rootdn "uid=root,ou=People,dc=owns4,dc=com"
rootpw xyzabc
directory /var/lib/openldap
dbconfig set_cachesize 0 2097152 0
index objectClass eq
lastmod on
access to attrs=userPassword,shadowLastChange by dn="cn=root,dc=owns4,dc=com" write by anonymous auth by self write by * none
access to dn.base="" by * read
access to * by dn="cn=root,dc=owns4,dc=com" write by * read
After launching the slapd daemon with
/usr/libexec/slapd -d 7
I can issue a few commands that are apparently successful:
# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts -LLL dn: namingContexts: dc=owns4,dc=com
# ldapwhoami -x -H ldap://myipaddress anonymous
myipaddress is the IP address of the system where I am issuing the commands, which is the same as where the OpenLDAP daemon is running.
However, the next command is not successful:
# ldapwhoami -x -H ldap://myipaddress -D "dc=owns4,dc=com" -w xyzabc ldap_bind: Invalid credentials (49)
It elicits the following output from slapd:
59b4713e slap_listener_activate(7): 59b4713e >>> slap_listener(ldap:///) 59b4713e connection_get(13) 59b4713e connection_get(13): got connid=1001 59b4713e connection_read(13): checking for input on id=1001 ber_get_next ldap_read: want=8, got=8 0000: 30 21 02 01 01 60 1c 02 0!...`..
ldap_read: want=27, got=27 0000: 01 03 04 0f 64 63 3d 6f 77 6e 73 34 2c 64 63 3d ....dc=owns4,dc= 0010: 63 6f 6d 80 06 78 79 7a 61 62 63 com..xyzabc
ber_get_next: tag 0x30 len 33 contents: 59b4713e op tag 0x60, time 1504997694 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 59b4713e conn=1001 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: 59b4713e >>> dnPrettyNormal: <dc=owns4,dc=com> => ldap_bv2dn(dc=owns4,dc=com,0) <= ldap_bv2dn(dc=owns4,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=owns4,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=owns4,dc=com)=0 59b4713e <<< dnPrettyNormal: <dc=owns4,dc=com>, <dc=owns4,dc=com> 59b4713e do_bind: version=3 dn="dc=owns4,dc=com" method=128 59b4713e ==> bdb_bind: dn: dc=owns4,dc=com 59b4713e bdb_dn2entry("dc=owns4,dc=com") 59b4713e => bdb_dn2id("dc=owns4,dc=com") 59b4713e <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) 59b4713e send_ldap_result: conn=1001 op=0 p=3 59b4713e send_ldap_result: err=49 matched="" text="" 59b4713e send_ldap_response: msgid=1 tag=97 err=49 ber_flush2: 14 bytes to sd 13 ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
59b4713e connection_get(13) 59b4713e connection_get(13): got connid=1001 59b4713e connection_read(13): checking for input on id=1001 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 02 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents: 59b4713e op tag 0x42, time 1504997694 ber_get_next ldap_read: want=8, got=0
59b4713e ber_get_next on fd 13 failed errno=0 (Success) 59b4713e conn=1001 op=1 do_unbind 59b4713e connection_close: conn=1001 sd=13
Isn't the argument to -w in this command supposed to be the same as the value of rootpw in slapd.conf? If so, why is this not working? What are the " ldap_read: want=8 error=Resource temporarily unavailable" and "bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found " diagnostics all about?
openldap-technical@openldap.org
-
Andreas Hasenack -
JC