Hi all,
we're running Debian Jessie with slapd-2.4.40+dfsg-1+deb8u2 and ldap-utils-2.4.40+dfsg-1+deb8u2. No special modifications have been taken to slapd's configuration and/or the directory itself , and trying to add the following ldif file...
dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.gnutls.key - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldap.gnutls.crt - add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ssl/intermediate.pem
...results in error 80:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f ./ssl.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Other (e.g., implementation specific) error (80)
All the files are readable for the user slapd is running as. Invoking slapd with debug level 255 shows:
[..] 56e2e677 => slap_access_allowed: add access granted by manage(=mwrscxd) 56e2e677 => access_allowed: add access granted by manage(=mwrscxd) 56e2e677 oc_check_required entry (cn=config), objectClass "olcGlobal" 56e2e677 oc_check_allowed type "objectClass" 56e2e677 oc_check_allowed type "cn" 56e2e677 oc_check_allowed type "olcArgsFile" 56e2e677 oc_check_allowed type "olcLogLevel" 56e2e677 oc_check_allowed type "olcPidFile" 56e2e677 oc_check_allowed type "olcToolThreads" 56e2e677 oc_check_allowed type "structuralObjectClass" 56e2e677 oc_check_allowed type "entryUUID" 56e2e677 oc_check_allowed type "creatorsName" 56e2e677 oc_check_allowed type "createTimestamp" 56e2e677 oc_check_allowed type "olcTLSCertificateKeyFile" 56e2e677 oc_check_allowed type "olcTLSCertificateFile" 56e2e677 oc_check_allowed type "olcTLSCACertificateFile" 56e2e677 oc_check_allowed type "entryCSN" 56e2e677 oc_check_allowed type "modifiersName" 56e2e677 oc_check_allowed type "modifyTimestamp" 56e2e677 send_ldap_result: conn=1002 op=1 p=3 56e2e677 send_ldap_result: err=80 matched="" text="" 56e2e677 send_ldap_response: msgid=2 tag=103 err=80 <---- Error 80 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 02 67 07 0a 01 50 04 00 04 00 0....g...P.... ldap_write: want=14, written=14 0000: 30 0c 02 01 02 67 07 0a 01 50 04 00 04 00 0....g...P.... 56e2e677 conn=1002 op=1 RESULT tag=103 err=80 text= [..]
What's wrong there? I couldn't find anything useful to feed $SEARCHENGINE with.
Thanks & Regards, Christian
Christian Schmidt wrote:
Hi all,
we're running Debian Jessie with slapd-2.4.40+dfsg-1+deb8u2 and ldap-utils-2.4.40+dfsg-1+deb8u2. No special modifications have been taken to slapd's configuration and/or the directory itself , and trying to add the following ldif file...
This error isn't tripping anything familiar for me. Try again with debug -1; if that doesn't show more info then we would need to use gdb to see what actually failed.
dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.gnutls.key
add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldap.gnutls.crt
add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ssl/intermediate.pem
...results in error 80:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f ./ssl.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Other (e.g., implementation specific) error (80)
All the files are readable for the user slapd is running as. Invoking slapd with debug level 255 shows:
[..] 56e2e677 => slap_access_allowed: add access granted by manage(=mwrscxd) 56e2e677 => access_allowed: add access granted by manage(=mwrscxd) 56e2e677 oc_check_required entry (cn=config), objectClass "olcGlobal" 56e2e677 oc_check_allowed type "objectClass" 56e2e677 oc_check_allowed type "cn" 56e2e677 oc_check_allowed type "olcArgsFile" 56e2e677 oc_check_allowed type "olcLogLevel" 56e2e677 oc_check_allowed type "olcPidFile" 56e2e677 oc_check_allowed type "olcToolThreads" 56e2e677 oc_check_allowed type "structuralObjectClass" 56e2e677 oc_check_allowed type "entryUUID" 56e2e677 oc_check_allowed type "creatorsName" 56e2e677 oc_check_allowed type "createTimestamp" 56e2e677 oc_check_allowed type "olcTLSCertificateKeyFile" 56e2e677 oc_check_allowed type "olcTLSCertificateFile" 56e2e677 oc_check_allowed type "olcTLSCACertificateFile" 56e2e677 oc_check_allowed type "entryCSN" 56e2e677 oc_check_allowed type "modifiersName" 56e2e677 oc_check_allowed type "modifyTimestamp" 56e2e677 send_ldap_result: conn=1002 op=1 p=3 56e2e677 send_ldap_result: err=80 matched="" text="" 56e2e677 send_ldap_response: msgid=2 tag=103 err=80 <---- Error 80 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 02 67 07 0a 01 50 04 00 04 00 0....g...P.... ldap_write: want=14, written=14 0000: 30 0c 02 01 02 67 07 0a 01 50 04 00 04 00 0....g...P.... 56e2e677 conn=1002 op=1 RESULT tag=103 err=80 text= [..]
What's wrong there? I couldn't find anything useful to feed $SEARCHENGINE with.
Thanks & Regards, Christian
Hello Howard,
On 15.03.2016 12:51, Howard Chu wrote:
This error isn't tripping anything familiar for me. Try again with debug -1; if that doesn't show more info then we would need to use gdb to see what actually failed.
OK, here we go:
# ldapmodify -d -1 -Y EXTERNAL -H ldapi:/// -f ./ssl.ldif ldap_url_parse_ext(ldapi:///) ldap_create ldap_url_parse_ext(ldapi:///??base) ldap_sasl_interactive_bind: user selected: EXTERNAL ldap_int_sasl_bind: EXTERNAL ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_path ldap_new_socket: 5 ldap_connect_to_path: Trying /var/run/slapd/ldapi ldap_connect_timeout: fd: 5 tm: -1 async: 0 ldap_ndelay_on: 5 ldap_ndelay_off: 5 ldap_int_sasl_open: host=chemserv2.chemie.uni-hamburg.de SASL/EXTERNAL authentication started ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7fc3d4aa5400 ptr=0x7fc3d4aa5400 end=0x7fc3d4aa541a len=26 0000: 30 18 02 01 01 60 13 02 01 03 04 00 a3 0c 04 08 0....`.......... 0010: 45 58 54 45 52 4e 41 4c 04 00 EXTERNAL..
ber_scanf fmt ({i) ber: ber_dump: buf=0x7fc3d4aa5400 ptr=0x7fc3d4aa5405 end=0x7fc3d4aa541a len=21 0000: 60 13 02 01 03 04 00 a3 0c 04 08 45 58 54 45 52 `..........EXTER 0010: 4e 41 4c 04 00 NAL..
ber_flush2: 26 bytes to sd 5 0000: 30 18 02 01 01 60 13 02 01 03 04 00 a3 0c 04 08 0....`.......... 0010: 45 58 54 45 52 4e 41 4c 04 00 EXTERNAL..
ldap_write: want=26, written=26 0000: 30 18 02 01 01 60 13 02 01 03 04 00 a3 0c 04 08 0....`.......... 0010: 45 58 54 45 52 4e 41 4c 04 00 EXTERNAL..
ldap_msgfree ldap_result ld 0x7fc3d4a99ab0 msgid 1 wait4msg ld 0x7fc3d4a99ab0 msgid 1 (infinite timeout) wait4msg continue ld 0x7fc3d4a99ab0 msgid 1 all 1 ** ld 0x7fc3d4a99ab0 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Tue Mar 15 13:00:39 2016
** ld 0x7fc3d4a99ab0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7fc3d4a99ab0 request count 1 (abandoned 0) ** ld 0x7fc3d4a99ab0 Response Queue: Empty ld 0x7fc3d4a99ab0 response count 0 ldap_chkResponseList ld 0x7fc3d4a99ab0 msgid 1 all 1 ldap_chkResponseList returns ld 0x7fc3d4a99ab0 NULL ldap_int_select read1msg: ld 0x7fc3d4a99ab0 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 61 07 0a 0....a..
ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7fc3d4a7fd30 ptr=0x7fc3d4a7fd30 end=0x7fc3d4a7fd3c len=12 0000: 02 01 01 61 07 0a 01 00 04 00 04 00 ...a........
read1msg: ld 0x7fc3d4a99ab0 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7fc3d4a7fd30 ptr=0x7fc3d4a7fd33 end=0x7fc3d4a7fd3c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........
read1msg: ld 0x7fc3d4a99ab0 0 new referrals read1msg: mark request completed, ld 0x7fc3d4a99ab0 msgid 1 request done: ld 0x7fc3d4a99ab0 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_int_sasl_bind: EXTERNAL ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7fc3d4a7fd30 ptr=0x7fc3d4a7fd33 end=0x7fc3d4a7fd3c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........
ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x7fc3d4a7fd30 ptr=0x7fc3d4a7fd33 end=0x7fc3d4a7fd3c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........
ber_scanf fmt (}) ber: ber_dump: buf=0x7fc3d4a7fd30 ptr=0x7fc3d4a7fd3c end=0x7fc3d4a7fd3c len=0
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldap_msgfree modifying entry "cn=config" ldap_modify_ext ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7fc3d4aa6cb0 ptr=0x7fc3d4aa6cb0 end=0x7fc3d4aa6d8a len=218 0000: 30 81 d7 02 01 02 66 81 d1 04 09 63 6e 3d 63 6f 0.....f....cn=co 0010: 6e 66 69 67 30 81 c3 30 40 0a 01 02 30 3b 04 18 nfig0..0@...0;.. 0020: 6f 6c 63 54 4c 53 43 65 72 74 69 66 69 63 61 74 olcTLSCertificat 0030: 65 4b 65 79 46 69 6c 65 31 1f 04 1d 2f 65 74 63 eKeyFile1.../etc 0040: 2f 6c 64 61 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 /ldap/ssl/ldap.g 0050: 6e 75 74 6c 73 2e 6b 65 79 30 3d 0a 01 02 30 38 nutls.key0=...08 0060: 04 15 6f 6c 63 54 4c 53 43 65 72 74 69 66 69 63 ..olcTLSCertific 0070: 61 74 65 46 69 6c 65 31 1f 04 1d 2f 65 74 63 2f ateFile1.../etc/ 0080: 6c 64 61 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 6e ldap/ssl/ldap.gn 0090: 75 74 6c 73 2e 63 72 74 30 40 0a 01 02 30 3b 04 utls.crt0@...0;. 00a0: 17 6f 6c 63 54 4c 53 43 41 43 65 72 74 69 66 69 .olcTLSCACertifi 00b0: 63 61 74 65 46 69 6c 65 31 20 04 1e 2f 65 74 63 cateFile1 ../etc 00c0: 2f 6c 64 61 70 2f 73 73 6c 2f 69 6e 74 65 72 6d /ldap/ssl/interm 00d0: 65 64 69 61 74 65 2e 70 65 6d ediate.pem
ber_scanf fmt ({) ber: ber_dump: buf=0x7fc3d4aa6cb0 ptr=0x7fc3d4aa6cb6 end=0x7fc3d4aa6d8a len=212 0000: 66 81 d1 04 09 63 6e 3d 63 6f 6e 66 69 67 30 81 f....cn=config0. 0010: c3 30 40 0a 01 02 30 3b 04 18 6f 6c 63 54 4c 53 .0@...0;..olcTLS 0020: 43 65 72 74 69 66 69 63 61 74 65 4b 65 79 46 69 CertificateKeyFi 0030: 6c 65 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f le1.../etc/ldap/ 0040: 73 73 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e ssl/ldap.gnutls. 0050: 6b 65 79 30 3d 0a 01 02 30 38 04 15 6f 6c 63 54 key0=...08..olcT 0060: 4c 53 43 65 72 74 69 66 69 63 61 74 65 46 69 6c LSCertificateFil 0070: 65 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f 73 e1.../etc/ldap/s 0080: 73 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e 63 sl/ldap.gnutls.c 0090: 72 74 30 40 0a 01 02 30 3b 04 17 6f 6c 63 54 4c rt0@...0;..olcTL 00a0: 53 43 41 43 65 72 74 69 66 69 63 61 74 65 46 69 SCACertificateFi 00b0: 6c 65 31 20 04 1e 2f 65 74 63 2f 6c 64 61 70 2f le1 ../etc/ldap/ 00c0: 73 73 6c 2f 69 6e 74 65 72 6d 65 64 69 61 74 65 ssl/intermediate 00d0: 2e 70 65 6d .pem
ber_flush2: 218 bytes to sd 5 0000: 30 81 d7 02 01 02 66 81 d1 04 09 63 6e 3d 63 6f 0.....f....cn=co 0010: 6e 66 69 67 30 81 c3 30 40 0a 01 02 30 3b 04 18 nfig0..0@...0;.. 0020: 6f 6c 63 54 4c 53 43 65 72 74 69 66 69 63 61 74 olcTLSCertificat 0030: 65 4b 65 79 46 69 6c 65 31 1f 04 1d 2f 65 74 63 eKeyFile1.../etc 0040: 2f 6c 64 61 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 /ldap/ssl/ldap.g 0050: 6e 75 74 6c 73 2e 6b 65 79 30 3d 0a 01 02 30 38 nutls.key0=...08 0060: 04 15 6f 6c 63 54 4c 53 43 65 72 74 69 66 69 63 ..olcTLSCertific 0070: 61 74 65 46 69 6c 65 31 1f 04 1d 2f 65 74 63 2f ateFile1.../etc/ 0080: 6c 64 61 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 6e ldap/ssl/ldap.gn 0090: 75 74 6c 73 2e 63 72 74 30 40 0a 01 02 30 3b 04 utls.crt0@...0;. 00a0: 17 6f 6c 63 54 4c 53 43 41 43 65 72 74 69 66 69 .olcTLSCACertifi 00b0: 63 61 74 65 46 69 6c 65 31 20 04 1e 2f 65 74 63 cateFile1 ../etc 00c0: 2f 6c 64 61 70 2f 73 73 6c 2f 69 6e 74 65 72 6d /ldap/ssl/interm 00d0: 65 64 69 61 74 65 2e 70 65 6d ediate.pem
ldap_write: want=218, written=218 0000: 30 81 d7 02 01 02 66 81 d1 04 09 63 6e 3d 63 6f 0.....f....cn=co 0010: 6e 66 69 67 30 81 c3 30 40 0a 01 02 30 3b 04 18 nfig0..0@...0;.. 0020: 6f 6c 63 54 4c 53 43 65 72 74 69 66 69 63 61 74 olcTLSCertificat 0030: 65 4b 65 79 46 69 6c 65 31 1f 04 1d 2f 65 74 63 eKeyFile1.../etc 0040: 2f 6c 64 61 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 /ldap/ssl/ldap.g 0050: 6e 75 74 6c 73 2e 6b 65 79 30 3d 0a 01 02 30 38 nutls.key0=...08 0060: 04 15 6f 6c 63 54 4c 53 43 65 72 74 69 66 69 63 ..olcTLSCertific 0070: 61 74 65 46 69 6c 65 31 1f 04 1d 2f 65 74 63 2f ateFile1.../etc/ 0080: 6c 64 61 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 6e ldap/ssl/ldap.gn 0090: 75 74 6c 73 2e 63 72 74 30 40 0a 01 02 30 3b 04 utls.crt0@...0;. 00a0: 17 6f 6c 63 54 4c 53 43 41 43 65 72 74 69 66 69 .olcTLSCACertifi 00b0: 63 61 74 65 46 69 6c 65 31 20 04 1e 2f 65 74 63 cateFile1 ../etc 00c0: 2f 6c 64 61 70 2f 73 73 6c 2f 69 6e 74 65 72 6d /ldap/ssl/interm 00d0: 65 64 69 61 74 65 2e 70 65 6d ediate.pem
ldap_result ld 0x7fc3d4a99ab0 msgid 2 wait4msg ld 0x7fc3d4a99ab0 msgid 2 (timeout 100000 usec) wait4msg continue ld 0x7fc3d4a99ab0 msgid 2 all 1 ** ld 0x7fc3d4a99ab0 Connections: * host: (null) port: 0 (default) refcnt: 2 status: Connected last used: Tue Mar 15 13:00:39 2016
** ld 0x7fc3d4a99ab0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x7fc3d4a99ab0 request count 1 (abandoned 0) ** ld 0x7fc3d4a99ab0 Response Queue: Empty ld 0x7fc3d4a99ab0 response count 0 ldap_chkResponseList ld 0x7fc3d4a99ab0 msgid 2 all 1 ldap_chkResponseList returns ld 0x7fc3d4a99ab0 NULL ldap_int_select read1msg: ld 0x7fc3d4a99ab0 msgid 2 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 02 67 07 0a 0....g..
ldap_read: want=6, got=6 0000: 01 50 04 00 04 00 .P....
ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7fc3d4a7fef0 ptr=0x7fc3d4a7fef0 end=0x7fc3d4a7fefc len=12 0000: 02 01 02 67 07 0a 01 50 04 00 04 00 ...g...P....
read1msg: ld 0x7fc3d4a99ab0 msgid 2 message type modify ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7fc3d4a7fef0 ptr=0x7fc3d4a7fef3 end=0x7fc3d4a7fefc len=9 0000: 67 07 0a 01 50 04 00 04 00 g...P....
read1msg: ld 0x7fc3d4a99ab0 0 new referrals read1msg: mark request completed, ld 0x7fc3d4a99ab0 msgid 2 request done: ld 0x7fc3d4a99ab0 msgid 2 res_errno: 80, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x7fc3d4a7fef0 ptr=0x7fc3d4a7fef3 end=0x7fc3d4a7fefc len=9 0000: 67 07 0a 01 50 04 00 04 00 g...P....
ber_scanf fmt (}) ber: ber_dump: buf=0x7fc3d4a7fef0 ptr=0x7fc3d4a7fefc end=0x7fc3d4a7fefc len=0
ldap_msgfree ldap_err2string ldap_modify: Other (e.g., implementation specific) error (80)
ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 5 0000: 30 05 02 01 03 42 00 0....B.
ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B.
ldap_free_connection: actually freed
Regards, Christian
Christian Schmidt wrote:
Hello Howard,
On 15.03.2016 12:51, Howard Chu wrote:
This error isn't tripping anything familiar for me. Try again with debug -1; if that doesn't show more info then we would need to use gdb to see what actually failed.
OK, here we go:
I meant -d -1 on the server, not on the client.
On 15.03.2016 13:18, Howard Chu wrote:
I meant -d -1 on the server, not on the client.
Ah, sorry.
This is what the server shows when trying the ldapmodify:
56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 slap_listener_activate(8): 56e80e82 daemon: epoll: listen=8 busy 56e80e82 >>> slap_listener(ldapi:///) 56e80e82 daemon: listen=8, new connection on 12 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 daemon: added 12r (active) listener=(nil) 56e80e82 conn=1001 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 12r56e80e82 56e80e82 daemon: read active on 12 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 connection_get(12) 56e80e82 connection_get(12): got connid=1001 56e80e82 connection_read(12): checking for input on id=1001 ber_get_next ldap_read: want=8, got=8 0000: 30 18 02 01 01 60 13 02 0....`..
ldap_read: want=18, got=18 0000: 01 03 04 00 a3 0c 04 08 45 58 54 45 52 4e 41 4c ........EXTERNAL 0010: 04 00 ..
ber_get_next: tag 0x30 len 24 contents: ber_dump: buf=0x7f36dc1092d0 ptr=0x7f36dc1092d0 end=0x7f36dc1092e8 len=24 0000: 02 01 01 60 13 02 01 03 04 00 a3 0c 04 08 45 58 ...`..........EX 0010: 54 45 52 4e 41 4c 04 00 TERNAL..
56e80e82 op tag 0x60, time 1458048642 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 56e80e82 conn=1001 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x7f36dc1092d0 ptr=0x7f36dc1092d3 end=0x7f36dc1092e8 len=21 0000: 60 13 02 01 03 04 00 a3 0c 04 08 45 58 54 45 52 `..........EXTER 0010: 4e 41 4c 04 00 NAL..
ber_scanf fmt ({m) ber: ber_dump: buf=0x7f36dc1092d0 ptr=0x7f36dc1092da end=0x7f36dc1092e8 len=14 0000: 00 0c 04 08 45 58 54 45 52 4e 41 4c 04 00 ....EXTERNAL.. ber_scanf fmt (m) ber: ber_dump: buf=0x7f36dc1092d0 ptr=0x7f36dc1092e6 end=0x7f36dc1092e8 len=2 0000: 00 00 ..
ber_scanf fmt (}}) ber: ber_dump: buf=0x7f36dc1092d0 ptr=0x7f36dc1092e8 end=0x7f36dc1092e8 len=0
56e80e82 >>> dnPrettyNormal: <> 56e80e82 <<< dnPrettyNormal: <>, <> 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 conn=1001 op=0 BIND dn="" method=163 56e80e82 do_bind: dn () SASL mech EXTERNAL 56e80e82 ==> sasl_bind: dn="" mech=EXTERNAL datalen=0 56e80e82 SASL Canonicalize [conn=1001]: authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 56e80e82 slap_sasl_getdn: conn 1001 id=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth [len=55] 56e80e82 ==>slap_sasl2dn: converting SASL name gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN 56e80e82 <==slap_sasl2dn: Converted SASL name to <nothing> 56e80e82 SASL Canonicalize [conn=1001]: slapAuthcDN="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 56e80e82 SASL proxy authorize [conn=1001]: authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 56e80e82 conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 56e80e82 SASL Authorize [conn=1001]: proxy authorization allowed authzDN="" 56e80e82 send_ldap_sasl: err=0 len=-1 56e80e82 conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 56e80e82 do_bind: SASL/EXTERNAL bind: dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" sasl_ssf=0 56e80e82 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ 56e80e82 conn=1001 op=0 RESULT tag=97 err=0 text= 56e80e82 <== slap_sasl_bind: rc=0 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 12r56e80e82 56e80e82 daemon: read active on 12 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 connection_get(12) 56e80e82 connection_get(12): got connid=1001 56e80e82 connection_read(12): checking for input on id=1001 ber_get_next ldap_read: want=8, got=8 0000: 30 81 d7 02 01 02 66 81 0.....f.
ldap_read: want=210, got=210 0000: d1 04 09 63 6e 3d 63 6f 6e 66 69 67 30 81 c3 30 ...cn=config0..0 0010: 40 0a 01 02 30 3b 04 18 6f 6c 63 54 4c 53 43 65 @...0;..olcTLSCe 0020: 72 74 69 66 69 63 61 74 65 4b 65 79 46 69 6c 65 rtificateKeyFile 0030: 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f 73 73 1.../etc/ldap/ss 0040: 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e 6b 65 l/ldap.gnutls.ke 0050: 79 30 3d 0a 01 02 30 38 04 15 6f 6c 63 54 4c 53 y0=...08..olcTLS 0060: 43 65 72 74 69 66 69 63 61 74 65 46 69 6c 65 31 CertificateFile1 0070: 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f 73 73 6c .../etc/ldap/ssl 0080: 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e 63 72 74 /ldap.gnutls.crt 0090: 30 40 0a 01 02 30 3b 04 17 6f 6c 63 54 4c 53 43 0@...0;..olcTLSC 00a0: 41 43 65 72 74 69 66 69 63 61 74 65 46 69 6c 65 ACertificateFile 00b0: 31 20 04 1e 2f 65 74 63 2f 6c 64 61 70 2f 73 73 1 ../etc/ldap/ss 00c0: 6c 2f 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 70 l/intermediate.p 00d0: 65 6d em
ber_get_next: tag 0x30 len 215 contents: ber_dump: buf=0x7f36dc0021e0 ptr=0x7f36dc0021e0 end=0x7f36dc0022b7 len=215 0000: 02 01 02 66 81 d1 04 09 63 6e 3d 63 6f 6e 66 69 ...f....cn=confi 0010: 67 30 81 c3 30 40 0a 01 02 30 3b 04 18 6f 6c 63 g0..0@...0;..olc 0020: 54 4c 53 43 65 72 74 69 66 69 63 61 74 65 4b 65 TLSCertificateKe 0030: 79 46 69 6c 65 31 1f 04 1d 2f 65 74 63 2f 6c 64 yFile1.../etc/ld 0040: 61 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 6e 75 74 ap/ssl/ldap.gnut 0050: 6c 73 2e 6b 65 79 30 3d 0a 01 02 30 38 04 15 6f ls.key0=...08..o 0060: 6c 63 54 4c 53 43 65 72 74 69 66 69 63 61 74 65 lcTLSCertificate 0070: 46 69 6c 65 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 File1.../etc/lda 0080: 70 2f 73 73 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c p/ssl/ldap.gnutl 0090: 73 2e 63 72 74 30 40 0a 01 02 30 3b 04 17 6f 6c s.crt0@...0;..ol 00a0: 63 54 4c 53 43 41 43 65 72 74 69 66 69 63 61 74 cTLSCACertificat 00b0: 65 46 69 6c 65 31 20 04 1e 2f 65 74 63 2f 6c 64 eFile1 ../etc/ld 00c0: 61 70 2f 73 73 6c 2f 69 6e 74 65 72 6d 65 64 69 ap/ssl/intermedi 00d0: 61 74 65 2e 70 65 6d ate.pem
56e80e82 op tag 0x66, time 1458048642 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable <--- ???? 56e80e82 conn=1001 op=1 do_modify ber_scanf fmt ({m) ber: ber_dump: buf=0x7f36dc0021e0 ptr=0x7f36dc0021e3 end=0x7f36dc0022b7 len=212 0000: 66 81 d1 04 09 63 6e 3d 63 6f 6e 66 69 67 30 81 f....cn=config0. 0010: c3 30 40 0a 01 02 30 3b 04 18 6f 6c 63 54 4c 53 .0@...0;..olcTLS 0020: 43 65 72 74 69 66 69 63 61 74 65 4b 65 79 46 69 CertificateKeyFi 0030: 6c 65 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f le1.../etc/ldap/ 0040: 73 73 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e ssl/ldap.gnutls. 0050: 6b 65 79 30 3d 0a 01 02 30 38 04 15 6f 6c 63 54 key0=...08..olcT 0060: 4c 53 43 65 72 74 69 66 69 63 61 74 65 46 69 6c LSCertificateFil 0070: 65 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f 73 e1.../etc/ldap/s 0080: 73 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e 63 sl/ldap.gnutls.c 0090: 72 74 30 40 0a 01 02 30 3b 04 17 6f 6c 63 54 4c rt0@...0;..olcTL 00a0: 53 43 41 43 65 72 74 69 66 69 63 61 74 65 46 69 SCACertificateFi 00b0: 6c 65 31 20 04 1e 2f 65 74 63 2f 6c 64 61 70 2f le1 ../etc/ldap/ 00c0: 73 73 6c 2f 69 6e 74 65 72 6d 65 64 69 61 74 65 ssl/intermediate 00d0: 2e 70 65 6d .pem
56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 conn=1001 op=1 do_modify: dn (cn=config) ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x7f36dc0021e0 ptr=0x7f36dc0021f4 end=0x7f36dc0022b7 len=195 0000: 30 40 0a 01 02 30 3b 04 18 6f 6c 63 54 4c 53 43 0@...0;..olcTLSC 0010: 65 72 74 69 66 69 63 61 74 65 4b 65 79 46 69 6c ertificateKeyFil 0020: 65 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f 73 e1.../etc/ldap/s 0030: 73 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e 6b sl/ldap.gnutls.k 0040: 65 79 30 3d 0a 01 02 30 38 04 15 6f 6c 63 54 4c ey0=...08..olcTL 0050: 53 43 65 72 74 69 66 69 63 61 74 65 46 69 6c 65 SCertificateFile 0060: 31 1f 04 1d 2f 65 74 63 2f 6c 64 61 70 2f 73 73 1.../etc/ldap/ss 0070: 6c 2f 6c 64 61 70 2e 67 6e 75 74 6c 73 2e 63 72 l/ldap.gnutls.cr 0080: 74 30 40 0a 01 02 30 3b 04 17 6f 6c 63 54 4c 53 t0@...0;..olcTLS 0090: 43 41 43 65 72 74 69 66 69 63 61 74 65 46 69 6c CACertificateFil 00a0: 65 31 20 04 1e 2f 65 74 63 2f 6c 64 61 70 2f 73 e1 ../etc/ldap/s 00b0: 73 6c 2f 69 6e 74 65 72 6d 65 64 69 61 74 65 2e sl/intermediate. 00c0: 70 65 6d pem
ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x7f36dc0021e0 ptr=0x7f36dc002236 end=0x7f36dc0022b7 len=129 0000: 30 3d 0a 01 02 30 38 04 15 6f 6c 63 54 4c 53 43 0=...08..olcTLSC 0010: 65 72 74 69 66 69 63 61 74 65 46 69 6c 65 31 1f ertificateFile1. 0020: 04 1d 2f 65 74 63 2f 6c 64 61 70 2f 73 73 6c 2f ../etc/ldap/ssl/ 0030: 6c 64 61 70 2e 67 6e 75 74 6c 73 2e 63 72 74 30 ldap.gnutls.crt0 0040: 40 0a 01 02 30 3b 04 17 6f 6c 63 54 4c 53 43 41 @...0;..olcTLSCA 0050: 43 65 72 74 69 66 69 63 61 74 65 46 69 6c 65 31 CertificateFile1 0060: 20 04 1e 2f 65 74 63 2f 6c 64 61 70 2f 73 73 6c ../etc/ldap/ssl 0070: 2f 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 70 65 /intermediate.pe 0080: 6d m
ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x7f36dc0021e0 ptr=0x7f36dc002275 end=0x7f36dc0022b7 len=66 0000: 30 40 0a 01 02 30 3b 04 17 6f 6c 63 54 4c 53 43 0@...0;..olcTLSC 0010: 41 43 65 72 74 69 66 69 63 61 74 65 46 69 6c 65 ACertificateFile 0020: 31 20 04 1e 2f 65 74 63 2f 6c 64 61 70 2f 73 73 1 ../etc/ldap/ss 0030: 6c 2f 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 70 l/intermediate.p 0040: 65 6d em
56e80e82 >>> dnPrettyNormal: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 56e80e82 <<< dnPrettyNormal: <cn=config>, <cn=config> 56e80e82 conn=1001 op=1 modifications: 56e80e82 replace: olcTLSCertificateKeyFile 56e80e82 one value, length 29 56e80e82 replace: olcTLSCertificateFile 56e80e82 one value, length 29 56e80e82 replace: olcTLSCACertificateFile 56e80e82 one value, length 30 56e80e82 conn=1001 op=1 MOD dn="cn=config" 56e80e82 conn=1001 op=1 MOD attr=olcTLSCertificateKeyFile olcTLSCertificateFile olcTLSCACertificateFile 56e80e82 => access_allowed: result not in cache (olcTLSCertificateKeyFile) 56e80e82 => access_allowed: delete access to "cn=config" "olcTLSCertificateKeyFile" requested 56e80e82 => acl_get: [1] attr olcTLSCertificateKeyFile 56e80e82 => acl_mask: access to entry "cn=config", attr "olcTLSCertificateKeyFile" requested 56e80e82 => acl_mask: to all values by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) 56e80e82 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 56e80e82 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 56e80e82 <= acl_mask: [1] mask: manage(=mwrscxd) 56e80e82 => slap_access_allowed: delete access granted by manage(=mwrscxd) 56e80e82 => access_allowed: delete access granted by manage(=mwrscxd) 56e80e82 => access_allowed: result not in cache (olcTLSCertificateKeyFile) 56e80e82 => access_allowed: add access to "cn=config" "olcTLSCertificateKeyFile" requested 56e80e82 => acl_get: [1] attr olcTLSCertificateKeyFile 56e80e82 => acl_mask: access to entry "cn=config", attr "olcTLSCertificateKeyFile" requested 56e80e82 => acl_mask: to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) 56e80e82 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 56e80e82 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 56e80e82 <= acl_mask: [1] mask: manage(=mwrscxd) 56e80e82 => slap_access_allowed: add access granted by manage(=mwrscxd) 56e80e82 => access_allowed: add access granted by manage(=mwrscxd) 56e80e82 => access_allowed: result not in cache (olcTLSCertificateFile) 56e80e82 => access_allowed: delete access to "cn=config" "olcTLSCertificateFile" requested 56e80e82 => acl_get: [1] attr olcTLSCertificateFile 56e80e82 => acl_mask: access to entry "cn=config", attr "olcTLSCertificateFile" requested 56e80e82 => acl_mask: to all values by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) 56e80e82 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 56e80e82 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 56e80e82 <= acl_mask: [1] mask: manage(=mwrscxd) 56e80e82 => slap_access_allowed: delete access granted by manage(=mwrscxd) 56e80e82 => access_allowed: delete access granted by manage(=mwrscxd) 56e80e82 => access_allowed: result not in cache (olcTLSCertificateFile) 56e80e82 => access_allowed: add access to "cn=config" "olcTLSCertificateFile" requested 56e80e82 => acl_get: [1] attr olcTLSCertificateFile 56e80e82 => acl_mask: access to entry "cn=config", attr "olcTLSCertificateFile" requested 56e80e82 => acl_mask: to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) 56e80e82 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 56e80e82 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 56e80e82 <= acl_mask: [1] mask: manage(=mwrscxd) 56e80e82 => slap_access_allowed: add access granted by manage(=mwrscxd) 56e80e82 => access_allowed: add access granted by manage(=mwrscxd) 56e80e82 => access_allowed: result not in cache (olcTLSCACertificateFile) 56e80e82 => access_allowed: delete access to "cn=config" "olcTLSCACertificateFile" requested 56e80e82 => acl_get: [1] attr olcTLSCACertificateFile 56e80e82 => acl_mask: access to entry "cn=config", attr "olcTLSCACertificateFile" requested 56e80e82 => acl_mask: to all values by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) 56e80e82 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 56e80e82 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 56e80e82 <= acl_mask: [1] mask: manage(=mwrscxd) 56e80e82 => slap_access_allowed: delete access granted by manage(=mwrscxd) 56e80e82 => access_allowed: delete access granted by manage(=mwrscxd) 56e80e82 => access_allowed: result not in cache (olcTLSCACertificateFile) 56e80e82 => access_allowed: add access to "cn=config" "olcTLSCACertificateFile" requested 56e80e82 => acl_get: [1] attr olcTLSCACertificateFile 56e80e82 => acl_mask: access to entry "cn=config", attr "olcTLSCACertificateFile" requested 56e80e82 => acl_mask: to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) 56e80e82 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 56e80e82 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 56e80e82 <= acl_mask: [1] mask: manage(=mwrscxd) 56e80e82 => slap_access_allowed: add access granted by manage(=mwrscxd) 56e80e82 => access_allowed: add access granted by manage(=mwrscxd) 56e80e82 slap_queue_csn: queueing 0x7f36e8b87430 20160315133042.829248Z#000000#000#000000 56e80e82 oc_check_required entry (cn=config), objectClass "olcGlobal" 56e80e82 oc_check_allowed type "objectClass" 56e80e82 oc_check_allowed type "cn" 56e80e82 oc_check_allowed type "olcArgsFile" 56e80e82 oc_check_allowed type "olcLogLevel" 56e80e82 oc_check_allowed type "olcPidFile" 56e80e82 oc_check_allowed type "olcToolThreads" 56e80e82 oc_check_allowed type "structuralObjectClass" 56e80e82 oc_check_allowed type "entryUUID" 56e80e82 oc_check_allowed type "creatorsName" 56e80e82 oc_check_allowed type "createTimestamp" 56e80e82 oc_check_allowed type "olcTLSCertificateKeyFile" 56e80e82 oc_check_allowed type "olcTLSCertificateFile" 56e80e82 oc_check_allowed type "olcTLSCACertificateFile" 56e80e82 oc_check_allowed type "entryCSN" 56e80e82 oc_check_allowed type "modifiersName" 56e80e82 oc_check_allowed type "modifyTimestamp" 56e80e82 send_ldap_result: conn=1001 op=1 p=3 56e80e82 send_ldap_result: err=80 matched="" text="" 56e80e82 send_ldap_response: msgid=2 tag=103 err=80 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 02 67 07 0a 01 50 04 00 04 00 0....g...P.... ldap_write: want=14, written=14 0000: 30 0c 02 01 02 67 07 0a 01 50 04 00 04 00 0....g...P.... 56e80e82 conn=1001 op=1 RESULT tag=103 err=80 text= 56e80e82 slap_graduate_commit_csn: removing 0x7f36dc002490 20160315133042.829248Z#000000#000#000000 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 12r56e80e82 56e80e82 daemon: read active on 12 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero 56e80e82 connection_get(12) 56e80e82 connection_get(12): got connid=1001 56e80e82 connection_read(12): checking for input on id=1001 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x7f36dc001ed0 ptr=0x7f36dc001ed0 end=0x7f36dc001ed5 len=5 0000: 02 01 03 42 00 ...B.
56e80e82 op tag 0x42, time 1458048642 ber_get_next ldap_read: want=8, got=0
56e80e82 ber_get_next on fd 12 failed errno=0 (Success) 56e80e82 connection_read(12): input error=-2 id=1001, closing. 56e80e82 connection_closing: readying conn=1001 sd=12 for close 56e80e82 connection_close: deferring conn=1001 sd=12 56e80e82 conn=1001 op=2 do_unbind 56e80e82 conn=1001 op=2 UNBIND 56e80e82 connection_resched: attempting closing conn=1001 sd=12 56e80e82 connection_close: conn=1001 sd=12 56e80e82 daemon: removing 12 56e80e82 daemon: activity on 1 descriptor 56e80e82 daemon: activity on:56e80e82 56e80e82 conn=1001 fd=12 closed 56e80e82 daemon: epoll: listen=8 active_threads=0 tvp=zero
Regards, Christian
On Tue, Mar 15, 2016 at 12:05:13PM +0100, Christian Schmidt wrote:
add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldap.gnutls.crt
Is this certificate in PEM format? I see the same error code if I try to load a certificate in DER format.
All the files are readable for the user slapd is running as.
I am taking your word for this - nonexistent or unreadable files (don't forget about permissions on containing directories, either) - result in the same error code.
Hi,
On 15.03.2016 16:19, Ryan Tandy wrote:
On Tue, Mar 15, 2016 at 12:05:13PM +0100, Christian Schmidt wrote:
add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldap.gnutls.crt
Is this certificate in PEM format? I see the same error code if I try to load a certificate in DER format.
Njarrgg!!
Hell, I checked everything but the files itself. :-/
All the files are readable for the user slapd is running as.
I am taking your word for this - nonexistent or unreadable files (don't forget about permissions on containing directories, either) - result in the same error code.
Thanks to Howard and especially Ryan (for reopening my eyes)!!
Regards, Christian
openldap-technical@openldap.org
-
Christian Schmidt -
Howard Chu -
Ryan Tandy