I'm trying to find leads on what else to look for with this problem. Locally, I can create users, etc. From remote centos servers, I can create and read account info from command line. However, from remotes using php-ldap, I cannot create users, only read.
I'm not sure what to provide for info just yet as there are too many variables but on the other hand, someone might immediately know what the answer is.
I suspect something to do with php-ldap, perhaps a config or something that's not allowing writes?
On 23 janv. 2011, at 00:30, "mike@grounded.net" mike@grounded.net wrote:
I'm trying to find leads on what else to look for with this problem. Locally, I can create users, etc. From remote centos servers, I can create and read account info from command line. However, from remotes using php-ldap, I cannot create users, only read.
I'm not sure what to provide for info just yet as there are too many variables but on the other hand, someone might immediately know what the answer is.
I suspect something to do with php-ldap, perhaps a config or something that's not allowing writes?
Hi,
Just a few ideas off the top of my head: - make sure your PHP sets ldap version to 3 - make sure you perform a bind operation with an account that has sufficient authorizations to create entries
For further investigation, I suggest studying the slapd logs, with loglevel stats enabled. The error code of your failed ADD operation should point you to the problem.
Jonathan
�Just a few ideas off the top of my head:
I appreciate the input and ideas as I've been struggling with this for weeks now. What ever the problem is, it's not obvious and isn't in the logs either.
�- make sure your PHP sets ldap version to 3
It is connecting using v3.
�- make sure you perform a bind operation with an account that has �sufficient authorizations to create entries
Seems to be fine.
Jan 23 06:22:20 ldap slapd[16261]: access_allowed: no res from state (userPassword) Jan 23 06:22:20 ldap slapd[16261]: => acl_mask: access to entry "uid=doopy,ou=users,dc=mydomain,dc=net", attr "userPassword" requested Jan 23 06:22:20 ldap slapd[16261]: => acl_mask: to value by "", (=0) Jan 23 06:22:20 ldap slapd[16261]: <= check a_dn_pat: * Jan 23 06:22:20 ldap slapd[16261]: <= acl_mask: [1] applying write(=wrscxd) (stop) Jan 23 06:22:20 ldap slapd[16261]: <= acl_mask: [1] mask: write(=wrscxd) Jan 23 06:22:20 ldap slapd[16261]: => access_allowed: auth access granted by write(=wrscxd)
�For further investigation, I suggest studying the slapd logs, with �loglevel stats enabled. The error code of your failed ADD operation �should point you to the problem.
I have my loglevel set to 128 right now.
What I don't understand so that I can move forward trying to find the problem is as follows. When I use a diagnostic tool on the web server to test, if I enter a non existing user in ldap, then no connection is made to openldap. When I enter a user which does exist in ldap but not on the web server, a connection is made and the user is found without errors.
I know part of the problem is on the web side but part of the second problem, that of creating accounts is on the ldap side. I need to resolve part one first but have been stumped.
Anyhow, thanks again for the input, I'll keep looking until I have more to post.
Sent my reply too quickly, the web server IS making a connection to openldap, it wasn't showing up at log level 128. Raising it to 254 now shows it in the slapd logging. Raising it has also given me information I wasn't seeing before, such as the missing connection which is there after all.
This is when the user should be created into the ou=users,dc=mydomain,dc=com but doesn't. I only see one error but am not sure if this is enough to know what is preventing the user from being created.
Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=8 busy Jan 23 06:35:46 ldap slapd[16330]: daemon: listen=8, new connection on 12 Jan 23 06:35:46 ldap slapd[16330]: daemon: added 12r (active) listener=(nil) Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 2 descriptors Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: 12r Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: read active on 12 Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: connection_get(12) Jan 23 06:35:46 ldap slapd[16330]: send_ldap_result: err=0 matched="" text="" Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: 12r Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: read active on 12 Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: connection_get(12) Jan 23 06:35:47 ldap slapd[16330]: SRCH "dc=mydomain,dc=com" 2 0 Jan 23 06:35:47 ldap slapd[16330]: 0 0 0 Jan 23 06:35:47 ldap slapd[16330]: begin get_filter Jan 23 06:35:47 ldap slapd[16330]: EQUALITY Jan 23 06:35:47 ldap slapd[16330]: end get_filter 0 Jan 23 06:35:47 ldap slapd[16330]: filter: (uid=projects) Jan 23 06:35:47 ldap slapd[16330]: attrs: Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: AND Jan 23 06:35:47 ldap slapd[16330]: => bdb_list_candidates 0xa0 Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: OR Jan 23 06:35:47 ldap slapd[16330]: => bdb_list_candidates 0xa1 Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: EQUALITY Jan 23 06:35:47 ldap slapd[16330]: bdb_idl_fetch_key: [b49d1940] Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: EQUALITY Jan 23 06:35:47 ldap slapd[16330]: bdb_idl_fetch_key: [63fc7386] Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_list_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_list_candidates: id=0 first=1 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=1 last=0 Jan 23 06:35:47 ldap slapd[16330]: send_ldap_result: err=0 matched="" text="" Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:47 ldap slapd[16330]: 12r Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: daemon: read active on 12 Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: connection_get(12) Jan 23 06:35:47 ldap slapd[16330]: connection_read(12): input error=-2 id=2, closing. <<<ERROR<<< Jan 23 06:35:47 ldap slapd[16330]: daemon: removing 12 Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
I suggest you try stats logging (256) as was previously suggested.
--Quanah
On Jan 23, 2011, at 7:55 AM, "mike@grounded.net" mike@grounded.net wrote:
Sent my reply too quickly, the web server IS making a connection to openldap, it wasn't showing up at log level 128. Raising it to 254 now shows it in the slapd logging. Raising it has also given me information I wasn't seeing before, such as the missing connection which is there after all.
This is when the user should be created into the ou=users,dc=mydomain,dc=com but doesn't. I only see one error but am not sure if this is enough to know what is preventing the user from being created.
Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=8 busy Jan 23 06:35:46 ldap slapd[16330]: daemon: listen=8, new connection on 12 Jan 23 06:35:46 ldap slapd[16330]: daemon: added 12r (active) listener=(nil) Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 2 descriptors Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: 12r Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: read active on 12 Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: connection_get(12) Jan 23 06:35:46 ldap slapd[16330]: send_ldap_result: err=0 matched="" text="" Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:46 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:46 ldap slapd[16330]: 12r Jan 23 06:35:46 ldap slapd[16330]: Jan 23 06:35:46 ldap slapd[16330]: daemon: read active on 12 Jan 23 06:35:46 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:46 ldap slapd[16330]: connection_get(12) Jan 23 06:35:47 ldap slapd[16330]: SRCH "dc=mydomain,dc=com" 2 0 Jan 23 06:35:47 ldap slapd[16330]: 0 0 0 Jan 23 06:35:47 ldap slapd[16330]: begin get_filter Jan 23 06:35:47 ldap slapd[16330]: EQUALITY Jan 23 06:35:47 ldap slapd[16330]: end get_filter 0 Jan 23 06:35:47 ldap slapd[16330]: filter: (uid=projects) Jan 23 06:35:47 ldap slapd[16330]: attrs: Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: AND Jan 23 06:35:47 ldap slapd[16330]: => bdb_list_candidates 0xa0 Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: OR Jan 23 06:35:47 ldap slapd[16330]: => bdb_list_candidates 0xa1 Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: EQUALITY Jan 23 06:35:47 ldap slapd[16330]: bdb_idl_fetch_key: [b49d1940] Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: => bdb_filter_candidates Jan 23 06:35:47 ldap slapd[16330]: EQUALITY Jan 23 06:35:47 ldap slapd[16330]: bdb_idl_fetch_key: [63fc7386] Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_list_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=0 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_list_candidates: id=0 first=1 last=0 Jan 23 06:35:47 ldap slapd[16330]: <= bdb_filter_candidates: id=0 first=1 last=0 Jan 23 06:35:47 ldap slapd[16330]: send_ldap_result: err=0 matched="" text="" Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:47 ldap slapd[16330]: 12r Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: daemon: read active on 12 Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: connection_get(12) Jan 23 06:35:47 ldap slapd[16330]: connection_read(12): input error=-2 id=2, closing. <<<ERROR<<< Jan 23 06:35:47 ldap slapd[16330]: daemon: removing 12 Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on 1 descriptor Jan 23 06:35:47 ldap slapd[16330]: daemon: activity on: Jan 23 06:35:47 ldap slapd[16330]: Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 23 06:35:47 ldap slapd[16330]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
On Sun, 23 Jan 2011 10:55:05 -0800, Quanah Gibson-Mount wrote:
I suggest you try stats logging (256) as was previously suggested.
Oh, I guess that's different than using log level then. I have logging set to 256.
What about reading the man page? Logging does not work per levels (256 is not more than 128, it's just something else. Moreover, since many years ago, user-friendly names have been introduced and documented. Use ""stats,acl"if you want both levels.
p.
What about reading the man page?
<sigh>
My reply was what I have done, not what I'll now do since I was given some direction so will add the additional logging :).
Logging does not work per levels (256 is not more than 128, it's just something else. Moreover, since many years ago, user-friendly names have been introduced and documented. Use ""stats,acl"if you want both levels.
Took a while to find information on how to enter that into the conf file. Anyhow, I'll test again and see what I get.
Got it to write, seems the documentation for joomla isn't very updated or it's convoluted, not sure which. Seems the ldap side is fine so again, thanks for the leads while I was looking.
openldap-technical@openldap.org