I've finished moving my existing LDAP user data into MySQL for use with back-sql on my testing machine and everything is working perfectly. Trying to switch production over to it is giving me some headaches though. The two environments are configured the same way as far as I can tell and I can startup the service without issue. However when I try to authenticate on the production environment after swapping the backend out it fails. Here are the logs when I tried to authenticate from IRC:
Jan 5 17:37:21 new-ldap slapd[14406]: <==backsql_search() Jan 5 17:37:21 new-ldap slapd[14406]: connection_get(14): got connid=1001 Jan 5 17:37:21 new-ldap slapd[14406]: connection_read(14): checking for input on id=1001 Jan 5 17:37:21 new-ldap slapd[14406]: op tag 0x60, time 1420497441 Jan 5 17:37:21 new-ldap slapd[14406]: conn=1001 op=2 do_bind Jan 5 17:37:21 new-ldap slapd[14406]: >>> dnPrettyNormal: <cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local> Jan 5 17:37:21 new-ldap slapd[14406]: <<< dnPrettyNormal: <cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local>, <cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local> Jan 5 17:37:21 new-ldap slapd[14406]: do_bind: version=3 dn="cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local" method=128 Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_bind() Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_get_db_conn() Jan 5 17:37:21 new-ldap slapd[14406]: <==backsql_get_db_conn() Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_attrlist_add(): adding "userPassword" to list Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_attrlist_add(): attribute "userPassword" is in list Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_attrlist_add(): adding "objectClass" to list Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_dn2id("cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local") Jan 5 17:37:21 new-ldap slapd[14406]: backsql_dn2id("cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE dn=?" Jan 5 17:37:21 new-ldap slapd[14406]: backsql_dn2id("cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local"): id=13 keyval=1 oc_id=8 dn=cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local Jan 5 17:37:21 new-ldap slapd[14406]: >>> dnPrettyNormal: <cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local> Jan 5 17:37:21 new-ldap slapd[14406]: <<< dnPrettyNormal: <cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local>, <cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local> Jan 5 17:37:21 new-ldap slapd[14406]: <==backsql_dn2id("cn=irc,ou=accounts,cn=USERNAME,ou=people,dc=ls,dc=local"): err=0 Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_attrlist_add(): attribute "userPassword" is in list Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_attrlist_add(): attribute "objectClass" is in list Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_attrlist_add(): adding "ref" to list Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_id2entry() Jan 5 17:37:21 new-ldap slapd[14406]: backsql_id2entry(): custom attribute list Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_get_attr_vals(): oc="ircAccount" attr="userPassword" keyval=1 Jan 5 17:37:21 new-ldap slapd[14406]: backsql_get_attr_vals(): number of values in query: 1 Jan 5 17:37:21 new-ldap slapd[14406]: <==backsql_get_attr_vals() Jan 5 17:37:21 new-ldap slapd[14406]: ==>backsql_get_attr_vals(): oc="ircAccount" attr="objectClass" keyval=1 Jan 5 17:37:21 new-ldap slapd[14406]: backsql_get_attr_vals(): number of values in query: 0 Jan 5 17:37:21 new-ldap slapd[14406]: backsql_id2entry(): attribute "ref" is not defined for objectlass "ircAccount" Jan 5 17:37:21 new-ldap slapd[14406]: <==backsql_id2entry()
The attribute the IRC server is looking for is "ircuid" but I'm not seeing that in the log. Could it be that, because this is a custom attribute, it isn't being passed along and/or searched for? It works with that attribute in the old configuration.
--On Monday, January 05, 2015 7:27 PM -0500 thelastknowngod tlkg.me@gmail.com wrote:
I've finished moving my existing LDAP user data into MySQL
Why would you move to SQL for an LDAP server?
for use with back-sql on my testing machine and everything is working perfectly.
back-sql is entirely experimental and generally unsupported.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org