Re: Openldap Configuration issues - openldap-technical

8 Aug 2017


      Please keep the discussion on-list so that others can find it
if they have similar problems.
On Tue, Aug 08, 2017 at 12:44:25PM +0200, R H wrote:
...
Subject: Re: Openldap Configuration issues
...
...
No point in changing stuff without knowing what is going on.
Add this to your config and restart slapd:
        loglevel stats,stats2
...
after setting loglevel to stats, stats2
Aug  8 05:40:18 docker slapd[2990]: daemon: read active on 14
Aug  8 05:40:18 docker slapd[2990]: daemon: epoll: listen=9 active_threads=0
tvp=zero
Aug  8 05:40:18 docker slapd[2990]: daemon: epoll: listen=10 active_threads=0
tvp=zero
No - something has set a different log level. You are seeing a lot of
connection-management and debug stuff rather than the query and
response summaries that you need.
You might do better to stop the server and run it manually. Something
like this:
/usr/sbin/slapd -d stats,stats2 -h ldap:/// -g openldap -u openldap
What I am expecting to see looks more like this (from a Cyrus mailbox
server using LDAP via saslauthd):
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND anonymous mech=implicit ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND dn="cn=saslauthd,dc=ldap,dc=example,dc=com" method=128
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND dn="cn=saslauthd,dc=ldap,dc=example,dc=com" mech=SIMPLE ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 RESULT tag=97 err=0 text=
That shows saslauthd connecting to LDAP and authenticating correctly.
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=myusername)"
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH attr=dn
That is the search to find the user account.
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 ENTRY dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SEARCH RESULT tag=101 err=0 nentries=1 text=
That shows the search result: the user entry is "uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND anonymous mech=implicit ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com" method=128
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com" mech=SIMPLE ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 RESULT tag=97 err=0 text=
Finally the password is checked by binding to LDAP using the account DN and password as credentials.
Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------