Fwd: CSN too old, ignoring - and therefore not syncing
by Gavin Henry
---------- Forwarded message ----------
From: Pat Riehecky <prieheck(a)iwu.edu>
Date: Tue, 23 Dec 2008 12:34:33 -0600
Subject: Re: CSN too old, ignoring - and therefore not syncing
To: Gavin Henry <gavin.henry(a)gmail.com>
On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote:
> Where did you read that those were needed anyway? If it was the admin
> guide then I need to fix it ;-)
>
> Gavin.
I have no idea where I found those at... I know it wasn't the (recent)
admin guide. It may have been from around the 2.4.8 release, but that
is long gone...
Pat
>
> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
> > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote:
> >> Try dropping nopresent and reloadhint relating to ITS5669. You only
> >> need these two syncprov settings on an accesslog db.
> >>
> >> Gavin.
> >
> > Thanks, that did the job!
> >
> > Pat
> >
> >>
> >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
> >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote:
> >> >> Can you post your config somewhere?
> >> >
> >> >
> >> > allow bind_v2
> >> >
> >> > include /etc/ldap/schema/core.schema
> >> > include /etc/ldap/schema/cosine.schema
> >> > include /etc/ldap/schema/nis.schema
> >> > include /etc/ldap/schema/inetorgperson.schema
> >> > include /etc/ldap/schema/samba.schema
> >> > include /etc/ldap/schema/eduperson-200412.schema
> >> > include /etc/ldap/schema/hdb.schema
> >> > include /etc/ldap/schema/IWU.schema
> >> >
> >> > pidfile /var/run/slapd/slapd.pid
> >> > argsfile /var/run/slapd/slapd.args
> >> >
> >> > modulepath /usr/lib/ldap
> >> > moduleload back_hdb
> >> > moduleload back_monitor
> >> > moduleload memberof
> >> > moduleload syncprov
> >> > moduleload smbk5pwd
> >> >
> >> > tool-threads 2
> >> > sizelimit 500
> >> > idletimeout 7200
> >> >
> >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt
> >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt
> >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key
> >> > TLSVerifyClient allow
> >> >
> >> > localSSF 160
> >> > security ssf=1 update_ssf=128 simple_bind=112
> >> > sasl-secprops noanonymous
> >> >
> >> > access to dn.base="" by * read
> >> > access to dn.base="cn=Subschema" by * read
> >> >
> >> > backend hdb
> >> > database hdb
> >> >
> >> > overlay memberof
> >> > overlay smbk5pwd
> >> > overlay syncprov
> >> >
> >> > smbk5pwd-enable samba
> >> > smbk5pwd-enable krb5
> >> > smbk5pwd-must-change 0
> >> >
> >> > syncprov-checkpoint 100 10
> >> > syncprov-sessionlog 200
> >> > syncprov-nopresent TRUE
> >> > syncprov-reloadhint TRUE
> >> >
> >> > suffix "dc=iwu,dc=edu"
> >> >
> >> > rootdn "cn=admin,dc=iwu,dc=edu"
> >> > rootpw {redacted}
> >> >
> >> > authz-regexp "uidNumber=0\\\
> >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth"
> >> > "cn=ldapi,dc=iwu,dc=edu"
> >> > authz-regexp "gidNumber=.*\\\
> >> > +uidNumber=0,cn=peercred,cn=external,cn=auth"
> >> > "cn=ldapi,dc=iwu,dc=edu"
> >> >
> >> > authz-regexp "uid=(.+),cn=.+,cn=auth" "uid=$1,ou=People,dc=iwu,dc=edu"
> >> >
> >> > directory "/var/lib/ldap/"
> >> >
> >> > dbconfig set_cachesize 0 62914560 0
> >> > dbconfig set_lk_max_objects 1500
> >> > dbconfig set_lk_max_locks 1500
> >> > dbconfig set_lk_max_lockers 1500
> >> >
> >> > # Make sure to do a nightly slapcat
> >> > dbconfig set_flags DB_LOG_AUTOREMOVE
> >> >
> >> > index objectClass eq,pres
> >> > index default eq,sub,pres
> >> > index mail eq,sub,pres
> >> > index sn eq,sub,pres
> >> > index cn eq,sub,pres
> >> > index displayName eq,sub,pres
> >> > index gecos eq,sub,pres
> >> > index uid eq,sub,pres
> >> > index memberUid eq,sub,pres
> >> > index uidNumber eq,pres
> >> > index gidNumber eq,pres
> >> > index entryCSN eq,pres
> >> > index entryUUID eq,pres
> >> > index uniqueMember eq,pres
> >> > index userPassword eq,pres
> >> > index krb5PrincipalName eq,pres
> >> > index krb5PrincipalRealm eq,pres
> >> > index sambaDomainName eq,pres
> >> > index sambaSID eq,pres
> >> > index sambaPrimaryGroupSID eq,pres
> >> > index sambaSIDList eq,pres
> >> >
> >> > lastmod on
> >> >
> >> > checkpoint 256 15
> >> >
> >> > password-hash {SSHA}
> >> >
> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write
> >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write
> >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read
> >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key
> >> > by anonymous auth
> >> > by self write
> >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write
> >> > by users auth
> >> > by * break
> >> >
> >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none
> >> >
> >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by *
> >> > none
> >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none
> >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none
> >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self read
> >> > by * none
> >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by self
> >> > read by * none
> >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by *
> >> > none
> >> >
> >> > access to
> >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by self
> >> > read by * none
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName
> >> > by self write
> >> > by users read
> >> > by anonymous none
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber
> >> > by self read
> >> > by anonymous none
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid
> >> > by * none
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength
> >> > by self read
> >> > by anonymous none
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu" by * read
> >> >
> >> > serverID 1
> >> >
> >> > syncrepl rid=2
> >> > provider=ldap://ldap2.iwu.edu/
> >> > schemachecking=off
> >> > searchbase="dc=iwu,dc=edu"
> >> > scope=sub
> >> > type=refreshAndPersist
> >> > binddn="cn=mirror,dc=iwu,dc=edu"
> >> > credentials={redacted}
> >> > bindmethod=simple
> >> > starttls=yes
> >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt
> >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key
> >> > tls_cacert=/etc/ldap/ssl/IWU.crt
> >> > tls_reqcert=try
> >> > interval=00:00:00:30
> >> > retry="15 +"
> >> > timeout=1
> >> > timelimit=unlimited
> >> > sizelimit=unlimited
> >> >
> >> > mirrormode on
> >> >
> >> > ###############################
> >> > database monitor
> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> >
> >> > access to dn.exact="cn=Monitor"
> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read
> >> > by * none
> >> >
> >> > access to dn.subtree="cn=Monitor"
> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read
> >> > by * none
> >> >
> >> >
> >> >>
> >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
> >> >> > Here is the quick and dirty what I am trying to do:
> >> >> >
> >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time
> >> >> > synced
> >> >> > to pool.ntp.org and each other (if they drift I would rather they
> >> >> > sorta
> >> >> > drift together, but pool should be keeping that in check).
> >> >> >
> >> >> > Right now I am just beating them up to see how 2.4.13 performs. (So
> >> >> > far
> >> >> > VERY well, minus this little problem)
> >> >> >
> >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm
> >> >> > starting small). Debug gives me
> >> >> >
> >> >> > ber_scanf fmt (m}) ber:
> >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62
> >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30
> >> >> > 30 .<rid=001,sid=00
> >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37
> >> >> > 2,csn=2008122217
> >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30
> >> >> > 4721.855904Z#000
> >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30
> >> >> > 000#001#000000
> >> >> > do_syncrep2:
> >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000
> >> >> > do_syncrep2: rid=001 CSN too old, ignoring
> >> >> > 20081222174721.855904Z#000000#001#000000
> >> >> > ldap_msgfree
> >> >> >
> >> >> > I am not exactly sure how it gotten to be "too old." The ldif I am
> >> >> > importing is not the result of a slapcat or anything that would
> >> >> > preserve
> >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am
> >> >> > loading
> >> >> > one single file with ldapadd which, in my understanding, sets up the
> >> >> > CSN
> >> >> > and wouldn't let me import one anyway.
> >> >> >
> >> >> > Each server has no entries until I load the one, so there shouldn't
> >> >> > be
> >> >> > any weird stale CSNs causing this. They are "sync'ed" almost
> >> >> > instantly
> >> >> > after the one system is loaded - I just don't have everything.
> >> >> >
> >> >> > After a sync:
> >> >> > ldap1 - slapcat |grep dn: |wc -l = 41
> >> >> > ldap2 - slapcat |grep dn: |wc -l = 18
> >> >> >
> >> >> > Right now I can get them in sync with a slapcat/slapadd, but when the
> >> >> > go
> >> >> > into production I wont be able to say for certain which one is
> >> >> > authoritative. That is the purpose of multi-master....
> >> >> >
> >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32
> >> >> > bit
> >> >> >
> >> >> > Any ideas as to what I can do to stop this from happening?
> >> >> >
> >> >> > Pat
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >
> >> >
> >>
> >
> >
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
15 years, 10 months
[Re: ldap proxy acl filter problem]
by Ron Peterson
Had to turn away from this problem to deal w/ other stuff, but it's
still an issue for me.
Does anyone have a working example of a working proxy configuration they
would be willing to share that:
* includes a filter expression restricting the result set
* allows you to query for the value of an individual attribute
I would be very grateful.
Right now I'm thinking I may try a different tack: put the filter
expression on the master directory in an acl specific to the proxy base
dn I'm dealing with.
-Ron-
----- Forwarded message from Ron Peterson <rpeterso(a)mtholyoke.edu> -----
Date: Fri, 16 Sep 2011 09:25:41 -0400
From: Ron Peterson <rpeterso(a)mtholyoke.edu>
To: Howard Chu <hyc(a)symas.com>
Subject: Re: ldap proxy acl filter problem
Organization: Mount Holyoke College
X-Spam-Score: -0.504 () RP_MATCHES_RCVD
Cc: openldap-technical(a)openldap.org
2011-09-15_08:22:54-0400 Ron Peterson <rpeterso(a)mtholyoke.edu>:
> 2011-09-14_16:54:56-0400 Howard Chu <hyc(a)symas.com>:
> > >I've turned my logging way up, and the hiccup seems to be that the DN
> > >I've authenticated as
> > >(uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu) needs read
> > >access to the attributes in the filter expression. But how do I give
> > >that account read access to those attributes, without then exposing the
> > >objects that I'm trying to hide with the filter expression?
> >
> > Give it auth access, not read access.
My previous example had too much going on for any sane person to wade
through, so I've distilled this configuration down to illustrate the
essence of the problem. No fancy rewrite rules, etc. The problem
remains: adding a filter expression makes it impossible to query the
value of particular attributes, although I can retrieve the entire
object.
It must be possible to filter the result set in a back-ldap proxy setup
when querying for particular attributes, but how?
________________________________________________________________________
ldaprc like:
BASE ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
BINDDN uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
URI ldap://dirt.mtholyoke.edu
SIZELIMIT 40000
TLS_CACERT /local/etc/cert/ca/cacert.pem
________________________________________________________________________
proxy config like:
database ldap
suffix "ou=accounts,ou=prod,dc=mtholyoke,dc=edu"
uri "ldapi://%2Fvar%2Frun%2Fslapd%2Fmastertest%2Fldapi"
access to dn.sub="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" attrs="entry"
by dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" read
by * none
# log file (see below) seems to indicate proxy wants search permission on this attribute,
# but this doesn't help
access to dn.sub="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" attrs="yApplicationPermission"
by dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" search
by * none
access to dn.sub="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" filter="(yApplicationPermission=email)"
by dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" read
by * none
________________________________________________________________________
(1) This query works (returns all attributes):
ldapsearch -LLL -Z -x -y ../../private/pwemail '(yUsername=rpeterso)'
(2) This query does not (only returns DN, but not yPrimaryEmail):
ldapsearch -LLL -Z -x -y ../../private/pwemail '(yUsername=rpeterso)' yPrimaryEmail
________________________________________________________________________
Log for both master and proxy database (loglevel 256 128 64 32), for
query (2) above:
pid 32160 = proxy server
pid 24268 = master directory server
Sep 16 09:17:41 mid slapd[32160]: conn=1001 fd=13 ACCEPT from IP=138.110.86.129:51010 (IP=138.110.86.129:389)
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=0 STARTTLS
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=0 RESULT oid= err=0 text=
Sep 16 09:17:41 mid slapd[32160]: conn=1001 fd=13 TLS established tls_ssf=256 ssf=256
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=1 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" method=128
Sep 16 09:17:41 mid slapd[24268]: conn=1025 fd=13 ACCEPT from PATH=/var/run/slapd/mastertest/ldapi (PATH=/var/run/slapd/mastertest/ldapi)
Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=0 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" method=128
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: result not in cache (userPassword)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: auth access to "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "userPassword" requested
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [1] attr userPassword
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "userPassword" requested
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to value by "", (=0)
Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: self
Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: anonymous
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [2] applying auth(=xd) (stop)
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [2] mask: auth(=xd)
Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: auth access granted by auth(=xd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: auth access granted by auth(=xd)
Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=0 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" mech=SIMPLE ssf=0
Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=0 RESULT tag=97 err=0 text=
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=1 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" mech=SIMPLE ssf=0
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=1 RESULT tag=97 err=0 text=
Sep 16 09:17:41 mid slapd[32160]: begin get_filter
Sep 16 09:17:41 mid slapd[32160]: EQUALITY
Sep 16 09:17:41 mid slapd[32160]: end get_filter 0
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=2 SRCH base="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" scope=2 deref=0 filter="(yUsername=rpeterso)"
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=2 SRCH attr=yPrimaryEmail
Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=1 SRCH base="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" scope=2 deref=0 filter="(yUsername=rpeterso)"
Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=1 SRCH attr=yPrimaryEmail
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access to "ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "entry" requested
Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] attr entry
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "entry" requested
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to all values by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0)
Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop)
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: search access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yUsername" requested
Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched
Sep 16 09:17:41 mid slapd[24268]: => dn: [4] dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] matched
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] attr yUsername
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "yUsername" requested
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to value by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0)
Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop)
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: search access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "entry" requested
Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] attr entry
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "entry" requested
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to all values by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0)
Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop)
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: read access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: result not in cache (yPrimaryEmail)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yPrimaryEmail" requested
Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched
Sep 16 09:17:41 mid slapd[24268]: => dn: [4] dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] matched
Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] attr yPrimaryEmail
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "yPrimaryEmail" requested
Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to value by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0)
Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop)
Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: read access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 16 09:17:41 mid slapd[32160]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "entry" requested
Sep 16 09:17:41 mid slapd[32160]: => dn: [1] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[32160]: => acl_get: [1] matched
Sep 16 09:17:41 mid slapd[32160]: => acl_get: [1] attr entry
Sep 16 09:17:41 mid slapd[32160]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "entry" requested
Sep 16 09:17:41 mid slapd[32160]: => acl_mask: to all values by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0)
Sep 16 09:17:41 mid slapd[32160]: <= check a_dn_pat: uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[32160]: <= acl_mask: [1] applying read(=rscxd) (stop)
Sep 16 09:17:41 mid slapd[32160]: <= acl_mask: [1] mask: read(=rscxd)
Sep 16 09:17:41 mid slapd[32160]: => slap_access_allowed: read access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[32160]: => access_allowed: read access granted by read(=rscxd)
Sep 16 09:17:41 mid slapd[32160]: => access_allowed: result not in cache (yPrimaryEmail)
Sep 16 09:17:41 mid slapd[32160]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yPrimaryEmail" requested
Sep 16 09:17:41 mid slapd[32160]: => dn: [1] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[32160]: => acl_get: [1] matched
Sep 16 09:17:41 mid slapd[32160]: => dn: [2] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[32160]: => acl_get: [2] matched
Sep 16 09:17:41 mid slapd[32160]: => dn: [3] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu
Sep 16 09:17:41 mid slapd[32160]: => acl_get: [3] matched
Sep 16 09:17:41 mid slapd[32160]: => test_filter
Sep 16 09:17:41 mid slapd[32160]: EQUALITY
Sep 16 09:17:41 mid slapd[32160]: => access_allowed: search access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yApplicationPermission" requested
Sep 16 09:17:41 mid slapd[32160]: <= test_filter 5
Sep 16 09:17:41 mid slapd[32160]: <= acl_get: done.
Sep 16 09:17:41 mid slapd[32160]: => slap_access_allowed: no more rules
Sep 16 09:17:41 mid slapd[32160]: => access_allowed: no more rules
Sep 16 09:17:41 mid slapd[32160]: send_search_entry: conn 1001 access to attribute yPrimaryEmail, value #0 not allowed
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=3 UNBIND
Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=2 UNBIND
Sep 16 09:17:41 mid slapd[32160]: conn=1001 fd=13 closed
Sep 16 09:17:41 mid slapd[24268]: conn=1025 fd=13 closed
Sep 16 09:17:41 mid slapd[24268]: connection_read(13): no connection!
Sep 16 09:17:41 mid slapd[24268]: connection_read(13): no connection!
--
Ron Peterson
Network & Systems Administrator
Mount Holyoke College
http://www.mtholyoke.edu/~rpeterso
----- End forwarded message -----
13 years, 1 month
Re: TLS Configuration - "unable to get TLS client DN, error=49"
by Sambuddho Chakravarty
I might be wrong but I think there is a certain problem with
Debian/*buntu for LDAPS clients...
Sambuddho
On Fri, 2008-08-01 at 16:14 -0400, Brad T Waldorf wrote:
> Hi. We're trying to configure a basic SSL (TLS) connection through
> OpenLDAP version 2.4.6. We're using Linux, Debian Version 4.0 ('etch')
> INTEL.
>
>
> The pertinent info...
>
>
> slapd.conf
>
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
>
> pidfile /usr/local/var/run/slapd.pid
> argsfile /usr/local/var/run/slapd.args
>
> loglevel -1
> logfile /usr/local/var/openldap-data/logb
>
>
> TLSCACertificateFile /home/bwaldorf/certs/1024pcert.pem
> TLSCertificateFile /home/bwaldorf/certs/1024pcert.pem
> TLSCertificateKeyFile /home/bwaldorf/certs/1024pkey.pem
> TLSCipherSuite DES-CBC-SHA
> TLSVerifyClient never
>
>
> #TLSRandFile
> #TLSEphemeralDHParamFile
>
>
>
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> database bdb
> suffix "o=replDB"
> rootdn "cn=replman,o=replDB"
> rootpw password
> timelimit 1
> idletimeout 4
>
> access to attrs=userPassword
> by self write
> by anonymous auth
> by * none
>
> access to *
> by self write
> by * read
>
> directory /usr/local/var/openldap-data
>
> index sn,mail,uid,title eq
>
>
>
>
>
>
>
> ldap.conf
>
> TLS_CACERT /home/bwaldorf/certs/1024pcert.pem
> TLS_CERT /home/bwaldorf/certs/1024pcert.pem
> TLS_KEY /home/bwaldorf/certs/1024pkey.pem
>
>
>
>
>
>
>
>
> So we try the following search (-ZZ to force the command to be
> successful)...
>
> ldapsearch -x -D "cn=replman,o=replDB" -w password -b "o=replDB1" -ZZ
>
>
>
>
>
>
> And we get the following output (below) with -d -1... (sorry for the
> excessive messages).
>
> Looks like the problem is...
> "connection_read(13): unable to get TLS client DN, error=49 id=5"
>
> I did some googling for this error, but never found a thread with a
> cause/solution.
>
> Thanks in advance for your time and help!
>
>
>
>
>
> daemon: activity on 1 descriptor
> daemon: activity on:
> slap_listener_activate(8):
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 busy
> >>> slap_listener(ldap:///)
> daemon: activity on 1 descriptor
> daemon: listen=8, new connection on 13
> daemon: activity on:daemon: added 13r (active) listener=(nil)
>
> conn=5 fd=13 ACCEPT from IP=127.0.0.1:32933 (IP=0.0.0.0:389))
> daemon: epoll: listen=7 active_threads=1 tvp=zero.
> daemon: epoll: listen=8 active_threads=1 tvp=zero.
> daemon: activity on 1 descriptor
> daemon: activity on: 13r
> daemon: read active on 13
> daemon: epoll: listen=7 active_threads=1 tvp=zero.
> connection_get(13)
> daemon: epoll: listen=8 active_threads=1 tvp=zero.
> connection_get(13): got connid=5
> connection_read(13): checking for input on id=5
> ber_get_next
> ldap_read: want=8, got=8
> 0000: 30 1d 02 01 01 77 18 80 0....w..
> ldap_read: want=23, got=23
> 0000: 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34
> 36 .1.3.6.1.4.1.146
> 0010: 36 2e 32 30 30 33 37 6.20037
> ber_get_next: tag 0x30 len 29 contents:
> ber_dump: buf=0xa0c11fc8 ptr=0xa0c11fc8 end=0xa0c11fe5 len=29.
> 0000: 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 2e
> 34 ...w...1.3.6.1.4
> 0010: 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .1.1466.20037
> ber_get_next
> ldap_read: want=8 error=Resource temporarily unavailable
> conn=5 op=0 do_extended
> ber_scanf fmt ({m) ber:
> ber_dump: buf=0xa0c11fc8 ptr=0xa0c11fcb end=0xa0c11fe5 len=26
> 0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e
> w...1.3.6.1.4.1.
> 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037
> conn=5 op=0 EXT oid=1.3.6.1.4.1.1466.20037
> do_extended: oid=1.3.6.1.4.1.1466.20037
> daemon: activity on 1 descriptor
> conn=5 op=0 STARTTLS
> daemon: activity on:send_ldap_extended: err=0 oid= len=0
>
> send_ldap_response: msgid=1 tag=120 err=0
> daemon: epoll: listen=7 active_threads=1 tvp=zero
> ber_flush2: 14 bytes to sd 13
> 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........
> ldap_write: want=14, written=14
> 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........
> conn=5 op=0 RESULT oid= err=0 text=
> daemon: epoll: listen=8 active_threads=1 tvp=zero
> daemon: activity on 1 descriptor
> daemon: activity on: 13r
> daemon: read active on 13
> daemon: epoll: listen=7 active_threads=1 tvp=zero
> connection_get(13)
> daemon: epoll: listen=8 active_threads=1 tvp=zero
> connection_get(13): got connid=5
> connection_read(13): checking for input on id=5
> TLS trace: SSL_accept:before/accept initialization
> tls_read: want=11, got=11
> 0000: 80 74 01 03 01 00 4b 00 00 00 20 .t....K.......
> tls_read: want=107, got=107
> 0000: 00 00 39 00 00 38 00 00 35 00 00 16 00 00 13
> 00 ..9..8..5.......
> 0010: 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f 03
> 00 .......3..2../..
> 0020: 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00
> 12 ................
> 0030: 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08
> 00 .....@..........
> 0040: 00 06 04 00 80 00 00 03 02 00 80 15 2d dd 5d
> 9a ............-.].
> 0050: f5 29 55 3b 15 f2 e5 47 18 9c 22 f2 7d 07 51
> 72 .)U;...G..".}.Qr
> 0060: 60 1f 38 61 8d 9a e7 67 2a 5e 9e `.8a...g*^..}.
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> tls_write: want=985, written=985
> 0000: 16 03 01 00 4a 02 00 00 46 03 01 48 92 1d e7
> 69 ....J...F..H...i
> 0010: f3 a0 ea 95 0f 3b 21 71 a5 b0 11 34 27 91 b8
> 0b .....;!q...4'...
> 0020: d1 25 4f ca d5 56 fd 55 d2 0f 33 20 a7 fe 44
> 07 .%O..V.U..3 ..D.
> 0030: 8a 33 a1 ec 46 61 01 94 2a 05 9a 59 9e 95 02
> ec .3..Fa..*..Y....
> 0040: 99 82 42 77 1d f6 bf 6e b4 0f 05 23 00 09 00
> 16 ..Bw...n...#....
> 0050: 03 01 03 7c 0b 00 03 78 00 03 75 00 03 72 30
> 82 ...|...x..u..r0.
> 0060: 03 6e 30 82 02 d7 a0 03 02 01 02 02 01 00 30
> 0d .n0...........0.
> 0070: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81
> 87 ..*.H........0..
> 0080: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30
> 1.0...U....US1.0
> 0090: 0f 06 03 55 04 08 13 08 4e 65 77 20 59 6f 72 6b ...U....New
> York
> 00a0: 31 15 30 13 06 03 55 04 07 13 0c 50 6f 75 67 68
> 1.0...U....Pough
> 00b0: 6b 65 65 70 73 69 65 31 0c 30 0a 06 03 55 04 0a
> keepsie1.0...U..
> 00c0: 13 03 49 42 4d 31 0c 30 0a 06 03 55 04 0b 13
> 03 ..IBM1.0...U....
> 00d0: 54 50 46 31 0e 30 0c 06 03 55 04 03 13 05 44 61
> TPF1.0...U....Da
> 00e0: 76 69 64 31 22 30 20 06 09 2a 86 48 86 f7 0d 01
> vid1"0 ..*.H....
> 00f0: 09 01 16 13 6d 6f 7a 65 73 68 74 61 40 75 73
> 2e ....mozeshta@us.
> 0100: 69 62 6d 2e 63 6f 6d 30 1e 17 0d 30 38 30 33 31
> ibm.com0...08031
> 0110: 31 30 31 31 36 31 31 5a 17 0d 31 30 31 32 30 37
> 1011611Z..101207
> 0120: 30 31 31 36 31 31 5a 30 81 87 31 0b 30 09 06 03
> 011611Z0..1.0...
> 0130: 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08
> U....US1.0...U..
> 0140: 13 08 4e 65 77 20 59 6f 72 6b 31 15 30 13 06 03 ..New
> York1.0...
> 0150: 55 04 07 13 0c 50 6f 75 67 68 6b 65 65 70 73 69
> U....Poughkeepsi
> 0160: 65 31 0c 30 0a 06 03 55 04 0a 13 03 49 42 4d 31
> e1.0...U....IBM1
> 0170: 0c 30 0a 06 03 55 04 0b 13 03 54 50 46 31 0e
> 30 .0...U....TPF1.0
> 0180: 0c 06 03 55 04 03 13 05 44 61 76 69 64 31 22
> 30 ...U....David1"0
> 0190: 20 06 09 2a 86 48 86 f7 0d 01 09 01 16 13 6d
> 6f ..*.H........mo
> 01a0: 7a 65 73 68 74 61 40 75 73 2e 69 62 6d 2e 63 6f
> zeshta(a)us.ibm.co
> 01b0: 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01
> m0..0...*.H.....
> 01c0: 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 ac
> ee .......0........
> 01d0: f9 a7 40 cc 73 af 67 a0 ea 46 08 45 a5 fd 44
> 71 ..@.s.g..F.E..Dq
> 01e0: a4 04 3e 51 f7 39 51 82 3d 7e 9b 99 ae 1d c1
> 22 ..>Q.9Q.=~....."
> 01f0: 67 10 e7 15 d1 a9 65 75 e9 3e 0f 77 64 d1 14 4d
> g.....eu.>.wd..M
> 0200: 28 f0 8c ba d3 ed 87 e9 b1 5b 11 c1 3f 11 ed 1a
> (........[..?...
> 0210: 96 9a 3f b3 4b f3 db bd 84 41 11 aa ea 37 6d
> ab ..?.K....A...7m.
> 0220: c5 fb a9 bb ab 9d 87 66 b2 31 7a c8 35 06 06
> ec .......f.1z.5...
> 0230: fb 07 f1 29 f5 f3 fd 29 f4 df 33 bf 40 de 84
> 6f ...)...)..3.@..o
> 0240: 9d 66 ea 57 42 ab 0f 13 a0 07 71 d5 e0 6d 02
> 03 .f.WB.....q..m..
> 0250: 01 00 01 a3 81 e7 30 81 e4 30 1d 06 03 55 1d
> 0e ......0..0...U..
> 0260: 04 16 04 14 11 76 af b1 5a bd 99 53 a5 de 02
> 35 .....v..Z..S...5
> 0270: 06 51 c4 01 74 71 2c c6 30 81 b4 06 03 55 1d
> 23 .Q..tq,.0....U.#
> 0280: 04 81 ac 30 81 a9 80 14 11 76 af b1 5a bd 99
> 53 ...0.....v..Z..S
> 0290: a5 de 02 35 06 51 c4 01 74 71 2c c6 a1 81 8d
> a4 ...5.Q..tq,.....
> 02a0: 81 8a 30 81 87 31 0b 30 09 06 03 55 04 06 13
> 02 ..0..1.0...U....
> 02b0: 55 53 31 11 30 0f 06 03 55 04 08 13 08 4e 65 77
> US1.0...U....New
> 02c0: 20 59 6f 72 6b 31 15 30 13 06 03 55 04 07 13 0c
> York1.0...U....
> 02d0: 50 6f 75 67 68 6b 65 65 70 73 69 65 31 0c 30 0a
> Poughkeepsie1.0.
> 02e0: 06 03 55 04 0a 13 03 49 42 4d 31 0c 30 0a 06
> 03 ..U....IBM1.0...
> 02f0: 55 04 0b 13 03 54 50 46 31 0e 30 0c 06 03 55 04
> U....TPF1.0...U.
> 0300: 03 13 05 44 61 76 69 64 31 22 30 20 06 09 2a
> 86 ...David1"0 ..*.
> 0310: 48 86 f7 0d 01 09 01 16 13 6d 6f 7a 65 73 68 74
> H........mozesht
> 0320: 61 40 75 73 2e 69 62 6d 2e 63 6f 6d 82 01 00 30
> a@us.ibm.com...0
> 0330: 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d
> 06 ...U....0....0..
> 0340: 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81
> 00 .*.H............
> 0350: a8 39 22 f9 88 b2 c1 e6 95 5e af 4d ae f6 89
> e5 .9"......^.M....
> 0360: 64 82 37 42 f6 5b 00 56 22 d0 c6 b9 5f 70 36 2f
> d.7B.[.V"..._p6/
> 0370: 8f 10 bb 5a d1 18 33 2a 37 8a a0 f2 c3 53 21
> 12 ...Z..3*7....S!.
> 0380: 2c 28 8a 62 a9 e0 b5 5a 70 4c 77 f1 5c 33 d2
> a3 ,(.b...ZpLw.\3..
> 0390: 6d 77 e8 6e e8 7e 5b 74 d9 3a 70 24 38 89 ce 11 mw.n.~[t.:p
> $8...
> 03a0: 4c ec 64 51 f2 be 61 4c 18 09 25 13 48 e2 5b 13
> L.dQ..aL..%.H.[.
> 03b0: d9 fa 8c 0c b7 a2 dd 09 dd e8 da 01 c7 29 2b
> 9a .............)+.
> 03c0: 22 51 6f 19 54 e7 02 90 75 0e a9 3a 4b e0 d1 a4
> "Qo.T...u..:K...
> 03d0: 16 03 01 00 04 0e 00 00 00 ...........:
> TLS trace: SSL_accept:SSLv3 flush data
> tls_read: want=5 error=Resource temporarily unavailable
> TLS trace: SSL_accept:error in SSLv3 read client certificate A.........:
> TLS trace: SSL_accept:error in SSLv3 read client certificate A.........:
> daemon: activity on 1 descriptor
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=1 tvp=zero
> daemon: epoll: listen=8 active_threads=1 tvp=zero
> daemon: activity on 1 descriptor
> daemon: activity on: 13r
> daemon: read active on 13
> daemon: epoll: listen=7 active_threads=1 tvp=zero
> connection_get(13)
> daemon: epoll: listen=8 active_threads=1 tvp=zero
> connection_get(13): got connid=5
> connection_read(13): checking for input on id=5
> tls_read: want=5, got=5
> 0000: 16 03 01 00 86 ...........:
> tls_read: want=134, got=134
> 0000: 10 00 00 82 00 80 91 6b 72 70 d5 4e 89 66 4e
> 5f .......krp.N.fN_
> 0010: f2 d6 d6 41 e7 3a 85 1e 8e ce 85 4d 90 ac 4a
> ec ...A.:.....M..J.
> 0020: 81 f6 4d 2c 1d 94 85 e8 78 cf c9 68 11 77 b3
> 4e ..M,....x..h.w.N
> 0030: 13 97 62 43 e2 e8 12 44 42 46 c6 bc c3 74 c7
> ad ..bC...DBF...t..
> 0040: f7 46 22 2b ac 8c 8e 59 5d de f4 fd f9 73 3f
> 76 .F"+...Y]....s?v
> 0050: 1b 58 1f da 5c 95 49 a6 73 ec 75 37 fc 38 fa
> 53 .X..\.I.s.u7.8.S
> 0060: 6d 3c a9 fd 2a 7d c3 f7 b9 79 e7 3f 8f da df 04
> m<..*}...y.?....
> 0070: cb 06 e2 67 75 3c 57 cf 8e 60 6e e4 27 fa 23
> a3 ...gu<W..`n.'.#.
> 0080: b8 fb c6 5b 14 7e ...[.~
> TLS trace: SSL_accept:SSLv3 read client key exchange A
> tls_read: want=5, got=5
> 0000: 14 03 01 00 01 .....
> tls_read: want=1, got=1
> 0000: 01 .....
> tls_read: want=5, got=5
> 0000: 16 03 01 00 28 ....(
> tls_read: want=40, got=40
> 0000: 77 34 09 6c 45 e9 f1 f0 a2 e6 cb 2d e4 49 27 42
> w4.lE......-.I'B
> 0010: 45 a5 84 74 bb bd 0f 6e 24 70 e1 b0 0f 19 83 4a E..t...n
> $p.....J
> 0020: 7a 41 c3 b3 ca fe 80 68 zA.....h
> TLS trace: SSL_accept:SSLv3 read finished A
> TLS trace: SSL_accept:SSLv3 write change cipher spec A
> TLS trace: SSL_accept:SSLv3 write finished A
> tls_write: want=51, written=51
> 0000: 14 03 01 00 01 01 16 03 01 00 28 97 a6 bb b1
> 8c ..........(.....
> 0010: 50 d4 6f 60 2c fb c7 d1 10 a6 a6 37 ff ea 0b e8
> P.o`,......7....
> 0020: 60 d0 f1 6b 34 d7 26 7b a9 c8 c0 45 72 33 7c 67 `..k4.&{...Er3|
> g
> 0030: b4 07 93 ...
> TLS trace: SSL_accept:SSLv3 flush data
> connection_read(13): unable to get TLS client DN, error=49 id=5
> conn=5 fd=13 TLS established tls_ssf=56 ssf=56
> daemon: activity on 1 descriptor
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=1 tvp=zero
> daemon: epoll: listen=8 active_threads=1 tvp=zero
> daemon: activity on 1 descriptor
> daemon: activity on: 13r
> daemon: read active on 13
> daemon: epoll: listen=7 active_threads=1 tvp=zero
> connection_get(13)
> daemon: epoll: listen=8 active_threads=1 tvp=zero
> connection_get(13): got connid=5
> connection_read(13): checking for input on id=5
> ber_get_next
> tls_read: want=5, got=0
>
> ldap_read: want=8, got=0
>
> ber_get_next on fd 13 failed errno=0 (Success)
> connection_read(13): input error=-2 id=5, closing.
> connection_closing: readying conn=5 sd=13 for close
> connection_close: conn=5 sd=13
> daemon: removing 13
> daemon: activity on 1 descriptor
> tls_write: want=29, written=29
> 0000: 15 03 01 00 18 73 41 45 4f f9 51 03 05 e6 66
> c2 .....sAEO.Q...f.
> 0010: f5 65 d2 a9 ab 03 aa 8d d1 79 ef 18 8c .e.......y....
> TLS trace: SSL3 alert write:warning:close notify
> conn=5 fd=13 closed (connection lost)
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
>
16 years, 3 months
RE: OPENLDAP SYNCREPL
by Borresen, John - 0442 - MITLL
Thanks, Howard;
In hindsight, if my config looks jumbled, it is...that's what I get for
doing little things in a quasi-blind attempt at solving issues.
*******Here is the output of slapcat on the Provider:**********
# slapcat -s olcDatabase=\{1}bdb,cn=config
dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: ***************
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4
2007/1
2/18 11:53:27 ghenry Exp $
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB
databas
es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}#
<http://www.oracle.com/technology/documentation/berkeley-d
b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig::
ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}# <http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon
re
building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}set_cachesize 0 268435456 1
olcDbConfig: {17}
olcDbConfig: {18}# Data Directory
olcDbConfig: {19}#set_data_dir db
olcDbConfig: {20}
olcDbConfig: {21}# Transaction Log settings
olcDbConfig: {22}set_lg_regionmax 262144
olcDbConfig: {23}set_lg_bsize 2097152
olcDbConfig: {24}#set_lg_dir logs
olcDbConfig: {25}
olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for
"qui
ck"
olcDbConfig::
ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: uidNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: ipHostNumber eq
olcDbIndex: gidNumber,memberUID eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8
creatorsName: cn=config
createTimestamp: 20111219143532Z
olcDbSearchStack: 32
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by
anonymo
us auth by * none
olcAccess: {1} to * by * read
olcDatabase: {1}bdb
olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited
time=u
nlimited
entryCSN: 20120313163732.658240Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120313163732Z
dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca
creatorsName: cn=admin,cn=config
createTimestamp: 20120224171809Z
olcSpReloadHint: TRUE
olcSpCheckpoint: 1000 60
entryCSN: 20120312145000.123929Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120312145000Z
dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: eea1e438-6385-4660-807b-bb270eb4843a
creatorsName: cn=admin,cn=config
createTimestamp: 20120229161649Z
entryCSN: 20120229161649.880441Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120229161649Z
# slapcat -s olcDatabase=\{2}bdb,cn=config
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDbDirectory: /var/lib/ldap_db/accesslog
olcSuffix: cn=accesslog
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
structuralObjectClass: olcBdbConfig
entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48
creatorsName: cn=admin,cn=config
createTimestamp: 20120229153826Z
olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" time.soft=unlimited
t
ime.hard=unlimited size.soft=unlimited size.hard=unlimited
olcDatabase: {2}bdb
entryCSN: 20120313143637.046410Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20120313143637Z
################################################
***Here is the output of slapcat from the Consumer***
# slapcat -s olcDatabase=\{2}bdb,cn=config
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: ***************
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4
2007/1
2/18 11:51:46 ghenry Exp $
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB
databas
es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}#
<http://www.oracle.com/technology/documentation/berkeley-d
b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig::
ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}# <http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon
re
building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}set_cachesize 0 268435456 1
olcDbConfig: {17}
olcDbConfig: {18}# Data Directory
olcDbConfig: {19}#set_data_dir db
olcDbConfig: {20}
olcDbConfig: {21}# Transaction Log settings
olcDbConfig: {22}set_lg_regionmax 262144
olcDbConfig: {23}set_lg_bsize 2097152
olcDbConfig: {24}#set_lg_dir logs
olcDbConfig: {25}
olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for
"qui
ck"
olcDbConfig::
ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by
anonymo
us auth by * none
olcAccess: {1} to * by * read
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008
creatorsName: cn=config
createTimestamp: 20120229205835Z
olcDatabase: {2}bdb
olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636
olcMirrorMode: TRUE
olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636
bindmethod
=simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=*********
interva
l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog"
schemach
ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)"
attrs=
"*,+" syncdata=accesslog starttls=no
tls_cacertdir=/usr/local/openldap-2.4.23
/etc/openldap/cacerts
entryCSN: 20120313150609.224840Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120313150609Z
dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {0}memberof
structuralObjectClass: olcMemberOf
entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d
creatorsName: cn=admin,cn=config
createTimestamp: 20120302121345Z
entryCSN: 20120302121345.220702Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120302121345Z
dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {1}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63
creatorsName: cn=admin,cn=config
createTimestamp: 20120302141557Z
entryCSN: 20120302141557.545770Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120302141557Z
I know that the two systems are communicating, at least, at the client level
and attempting to at the slapd level. As stated earlier, the only error I'm
seeing consistently on the Consumer is:
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
The full log up to the above "Sync State Control" messages on the consumer:
request done: ld 0x14043290 msgid 1
ldap_build_search_req ATTRS:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
request done: ld 0x14043290 msgid 2
dborresen on gp42-rohan$ ssh -X root@gp42-admin1
request done: ld 0x2af20fe89d70 msgid 1
ldap_build_search_req ATTRS:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
request done: ld 0x2af20fe89d70 msgid 2
ldap_build_search_req ATTRS:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
request done: ld 0x2af20fe89d70 msgid 3
ldap_build_search_req ATTRS:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
request done: ld 0x2af20fe89d70 msgid 4
ldap_build_search_req ATTRS:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
request done: ld 0x2af20fe89d70 msgid 5
ldap_build_search_req ATTRS:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
request done: ld 0x2af20fe89d70 msgid 6
ldap_build_search_req ATTRS:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
request done: ld 0x2af20fe89d70 msgid 7
Last login: Tue Mar 13 09:06:13 2012 from gp42-rohan.llan.ll.mit.edu
root on gp42-admin1# tail -f /var/log/slapd
0000: 15 03 01 00 20 dd 4d 17 93 a1 ce 3f 55 5f c5 db .... .M....?U_..
0010: ed 5c c1 86 6f 21 09 c9 ec 8e f5 c0 39 8a b7 7a .\..o!......9..z
0020: 1d 4e 66 ed b6 .Nf..
TLS trace: SSL3 alert write:warning:close notify
ldap_free_connection: actually freed
tls_read: want=5 error=Bad file descriptor
do_syncrepl: rid=001 rc -1 retrying
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: shutdown requested and initiated.
daemon: closing 7
connection_closing: readying conn=1000 sd=15 for close
connection_close: conn=1000 sd=15
daemon: removing 15
tls_write: want=37, written=37
0000: 15 03 01 00 20 d7 c9 23 bd 9d c0 16 c6 d4 44 a4 .... ..#......D.
0010: a5 dc c0 98 2b 1e 30 a0 87 21 77 b1 53 cc 48 4a ....+.0..!w.S.HJ
0020: 4b 80 11 e2 c3 K....
TLS trace: SSL3 alert write:warning:close notify
conn=1000 fd=15 closed (slapd shutdown)
connection_closing: readying conn=1001 sd=16 for close
connection_close: conn=1001 sd=16
daemon: removing 16
tls_write: want=37, written=37
0000: 15 03 01 00 20 00 3e 12 4d e4 d0 22 6a c3 8c 7d .... .>.M.."j..}
0010: ab c9 6e 6b 6b bf 45 de 98 03 e4 3d dc 7a f6 3d ..nkk.E....=.z.=
0020: 59 8a ff 95 df Y....
TLS trace: SSL3 alert write:warning:close notify
conn=1001 fd=16 closed (slapd shutdown)
slapd shutdown: waiting for 0 operations/tasks to finish
slapd shutdown: initiated
====> bdb_cache_release_all
====> bdb_cache_release_all
slapd destroy: freeing system resources.
syncinfo_free: rid=001
Just noticed on the Provider, after restarting with DEBUG of "7", the
following:
slapd destroy: freeing system resources
slapd stopped
That is the final two entries in the log. Running a ps for slapd, it shows
as running,
The following is the slapd logs from the Consumer:
ldap_build_search_req ATTRS: reqDN reqType reqMod reqNewRDN reqDeleteOldRDN
reqNewSuperior entryCSN
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 264 bytes to sd 15
tls_write: want=330, written=330
0000: 17 03 01 00 20 72 13 92 07 08 37 c4 7b 38 98 13 .... r....7.{8..
0010: 5a 47 35 08 a5 8e da f7 91 6a 9c ce 57 ba 2e 78 ZG5......j..W..x
0020: 96 ca e7 1c 4b 17 03 01 01 20 61 b0 79 38 e9 ec ....K.... a.y8..
0030: 79 6a 8c 3c a2 55 62 0e 30 f3 86 a5 58 f8 4f 75 yj.<.Ub.0...X.Ou
0040: e4 47 a5 16 de 1a 10 34 3d 2f 61 c0 71 f2 72 8d .G.....4=/a.q.r.
0050: 11 25 24 3d 7c 52 4e 2d 10 75 84 3b 01 a5 ef 7c .%$=|RN-.u.;...|
0060: 2f f1 69 f7 e4 02 89 d6 4e 81 b0 ef f1 43 89 61 /.i.....N....C.a
0070: a8 06 ab e1 b9 c8 de d6 92 de f7 f2 38 7e ed 97 ............8~..
0080: 41 61 f9 13 96 4f d8 a1 72 c7 58 7f d7 52 3e 27 Aa...O..r.X..R>'
0090: 95 e8 6b 2e b1 36 14 87 96 bf 39 54 08 8f b1 df ..k..6....9T....
00a0: 6e 79 3f df b3 0d 14 8d 9a a2 85 8e 6e b5 e7 b6 ny?.........n...
00b0: 6e d0 f5 41 66 98 2d bd c9 22 5a e6 bd 91 a0 ea n..Af.-.."Z.....
00c0: 10 e3 00 84 a6 13 ed ce 56 10 2b 15 92 5b cf 5f ........V.+..[._
00d0: 85 2a 7e 72 57 ad fe 21 a2 09 cf 3a 00 6b 97 a0 .*~rW..!...:.k..
00e0: e4 59 47 a1 39 2f 6d 23 a3 6b ec ce c0 c3 88 59 .YG.9/m#.k.....Y
00f0: 51 15 f7 f0 d0 a4 c9 1d 74 89 34 72 17 f6 ae a5 Q.......t.4r....
0100: fe f5 2b 31 af ba ff 2c 11 c8 70 35 26 1e a8 12 ..+1...,..p5&...
0110: cd b7 26 ee ff 5e 5e 44 6c fd bb e3 33 5d 8c 6b ..&..^^Dl...3].k
0120: 5a f7 81 c9 43 fa 76 88 90 1f 62 39 fd 50 2d 68 Z...C.v...b9.P-h
0130: c2 e2 0a f8 32 59 84 5d 97 ca fd ed ab be 76 b5 ....2Y.]......v.
0140: bd c2 ef be 08 b4 2a d0 0a 58 ......*..X
ldap_write: want=264, written=264
0000: 30 82 01 04 02 01 02 63 7a 04 0c 63 6e 3d 61 63 0......cz..cn=ac
0010: 63 65 73 73 6c 6f 67 0a 01 02 0a 01 00 02 01 00 cesslog.........
0020: 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c ........objectcl
0030: 61 73 73 30 4e 04 05 72 65 71 44 4e 04 07 72 65 ass0N..reqDN..re
0040: 71 54 79 70 65 04 06 72 65 71 4d 6f 64 04 09 72 qType..reqMod..r
0050: 65 71 4e 65 77 52 44 4e 04 0f 72 65 71 44 65 6c eqNewRDN..reqDel
0060: 65 74 65 4f 6c 64 52 44 4e 04 0e 72 65 71 4e 65 eteOldRDN..reqNe
0070: 77 53 75 70 65 72 69 6f 72 04 08 65 6e 74 72 79 wSuperior..entry
0080: 43 53 4e a0 81 82 30 62 04 18 31 2e 33 2e 36 2e CSN...0b..1.3.6.
0090: 31 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e 31 1.4.1.4203.1.9.1
00a0: 2e 31 04 46 30 44 0a 01 03 04 3c 72 69 64 3d 30 .1.F0D....<rid=0
00b0: 30 31 2c 73 69 64 3d 30 30 30 2c 63 73 6e 3d 32 01,sid=000,csn=2
00c0: 30 31 32 30 33 30 31 31 36 32 30 33 33 2e 31 33 0120301162033.13
00d0: 32 35 39 35 5a 23 30 30 30 30 30 30 23 30 30 30 2595Z#000000#000
00e0: 23 30 30 30 30 30 30 01 01 00 30 1c 04 17 32 2e #000000...0...2.
00f0: 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 16.840.1.113730.
0100: 33 2e 34 2e 32 01 01 ff 3.4.2...
=>do_syncrep2 rid=001
ldap_result ld 0x176e58f0 msgid 2
wait4msg ld 0x176e58f0 msgid 2 (timeout 0 usec)
wait4msg continue ld 0x176e58f0 msgid 2 all 0
** ld 0x176e58f0 Connections:
* host: gp42-admin2.group42.ldap port: 636 (default)
refcnt: 2 status: Connected
last used: Tue Mar 13 14:32:09 2012
** ld 0x176e58f0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x176e58f0 request count 1 (abandoned 0)
** ld 0x176e58f0 Response Queue:
Empty
ld 0x176e58f0 response count 0
ldap_chkResponseList ld 0x176e58f0 msgid 2 all 0
ldap_chkResponseList returns ld 0x176e58f0 NULL
ldap_int_select
connection_get(15)
connection_get(15): got connid=0
=>do_syncrepl rid=001
=>do_syncrep2 rid=001
ldap_result ld 0x176e58f0 msgid 2
wait4msg ld 0x176e58f0 msgid 2 (timeout 0 usec)
wait4msg continue ld 0x176e58f0 msgid 2 all 0
** ld 0x176e58f0 Connections:
* host: gp42-admin2.group42.ldap port: 636 (default)
refcnt: 2 status: Connected
last used: Tue Mar 13 14:32:09 2012
** ld 0x176e58f0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x176e58f0 request count 1 (abandoned 0)
** ld 0x176e58f0 Response Queue:
Empty
ld 0x176e58f0 response count 0
ldap_chkResponseList ld 0x176e58f0 msgid 2 all 0
ldap_chkResponseList returns ld 0x176e58f0 NULL
ldap_int_select
read1msg: ld 0x176e58f0 msgid 2 all 0
ber_get_next
tls_read: want=5, got=5
0000: 17 03 01 00 20 ....
tls_read: want=32, got=32
0000: 4e 88 88 4a 6e 77 f0 43 59 1a ec aa 52 ce 3e e1 N..Jnw.CY...R.>.
0010: 02 a2 26 26 6e 23 9a 87 5f f1 ca fc 88 c0 02 76 ..&&n#.._......v
tls_read: want=5, got=5
0000: 17 03 01 00 70 ....p
tls_read: want=112, got=112
0000: 1b 7b 97 8b a7 b3 eb ca db 7b 7a 66 e2 52 52 3a .{.......{zf.RR:
0010: 7c 7b 57 10 ba fa ab 94 f8 67 a3 c7 2d 78 0f dc |{W......g..-x..
0020: d7 c1 3a 06 db 4b ad e5 b8 5a fa 29 a7 b6 f4 92 ..:..K...Z.)....
0030: e3 50 05 58 80 41 e3 e3 9b 43 08 d8 83 ff bb 1d .P.X.A...C......
0040: c1 37 0f 98 34 32 cc af 27 bd a6 06 57 e0 84 ba .7..42..'...W...
0050: 71 8e 1c 85 b6 4d 46 00 04 66 ef 1f e7 a5 ca 3e q....MF..f.....>
0060: 26 ce c6 83 78 db 3b b8 f0 92 92 ee 3d 5e 87 d6 &...x.;.....=^..
ldap_read: want=8, got=8
0000: 30 4d 02 01 02 64 48 04 0M...dH.
ldap_read: want=71, got=71
0000: 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 30 38 30 .cn=accesslog080
0010: 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 04 28 32 6..entryCSN1*.(2
0020: 30 31 32 30 33 30 31 31 36 32 30 33 33 2e 31 33 0120301162033.13
0030: 32 35 39 35 5a 23 30 30 30 30 30 30 23 30 30 30 2595Z#000000#000
0040: 23 30 30 30 30 30 30 #000000
ber_get_next: tag 0x30 len 77 contents:
read1msg: ld 0x176e58f0 msgid 2 message type search-entry
ber_scanf fmt ({xx) ber:
do_syncrep2: rid=001 got search entry without Sync State control
ldap_msgfree
connection_get(15)
connection_get(15): got connid=0
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 15
tls_write: want=74, written=74
0000: 17 03 01 00 20 46 a2 b3 01 e2 fd c9 d8 13 e4 32 .... F.........2
0010: d3 51 b8 21 7e ce 9d 8b f6 ca 39 5e 3d 4a ea ba .Q.!~.....9^=J..
0020: 0a 84 1d 96 a0 17 03 01 00 20 34 0d 82 ce dc 88 ......... 4.....
0030: f3 99 49 90 e8 47 98 8c 72 32 98 e5 50 dd 08 01 ..I..G..r2..P...
0040: 87 20 19 cc 19 3c 6f f1 c8 f4 . ...<o...
ldap_write: want=7, written=7
0000: 30 05 02 01 03 42 00 0....B.
tls_write: want=37, written=37
0000: 15 03 01 00 20 be 7e 35 96 7c a9 fc 95 05 8d cd .... .~5.|......
0010: c0 93 10 86 e2 25 29 0e 32 cf 63 48 ec d0 8d 1f .....%).2.cH....
0020: 1f 75 01 3c 4c .u.<L
TLS trace: SSL3 alert write:warning:close notify
ldap_free_connection: actually freed
tls_read: want=5 error=Bad file descriptor
do_syncrepl: rid=001 rc -1 retrying
David Borresen
ph: 781-981-2954
email: john.d.borresen(a)ll.mit.edu
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: Tuesday, March 13, 2012 2:01 PM
To: Borresen, John - 0442 - MITLL
Cc: Quanah Gibson-Mount; openldap-technical(a)openldap.org
Subject: Re: OPENLDAP SYNCREPL
Borresen, John - 0442 - MITLL wrote:
> Thanks, Quanah;
>
> As requested:
That was clearly not the problem; if the syncprov module was missing your
config would have caused slapd to fail to start. Also it was clearly present
since you had it updating the contextCSN in your shutdown log. Quanah, you
should have already seen that and not sent him on a wild goose chase.
And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG
DIRECTORY.
Use the database administration tools. For your previous case, you should
have
simply used:
slapcat -s olcDatabase=\{1\}bdb,cn=config
Make sure the consumer is talking to the server you think it is. Show slapd
-d7 output from the provider while the consumer is trying to connect.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12 years, 8 months
Re: CSN too old, ignoring - and therefore not syncing
by Gavin Henry
Ok, thanks.
On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
> On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote:
>> Where did you read that those were needed anyway? If it was the admin
>> guide then I need to fix it ;-)
>>
>> Gavin.
>
> I have no idea where I found those at... I know it wasn't the (recent)
> admin guide. It may have been from around the 2.4.8 release, but that
> is long gone...
>
> Pat
>
>>
>> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
>> > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote:
>> >> Try dropping nopresent and reloadhint relating to ITS5669. You only
>> >> need these two syncprov settings on an accesslog db.
>> >>
>> >> Gavin.
>> >
>> > Thanks, that did the job!
>> >
>> > Pat
>> >
>> >>
>> >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
>> >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote:
>> >> >> Can you post your config somewhere?
>> >> >
>> >> >
>> >> > allow bind_v2
>> >> >
>> >> > include /etc/ldap/schema/core.schema
>> >> > include /etc/ldap/schema/cosine.schema
>> >> > include /etc/ldap/schema/nis.schema
>> >> > include /etc/ldap/schema/inetorgperson.schema
>> >> > include /etc/ldap/schema/samba.schema
>> >> > include /etc/ldap/schema/eduperson-200412.schema
>> >> > include /etc/ldap/schema/hdb.schema
>> >> > include /etc/ldap/schema/IWU.schema
>> >> >
>> >> > pidfile /var/run/slapd/slapd.pid
>> >> > argsfile /var/run/slapd/slapd.args
>> >> >
>> >> > modulepath /usr/lib/ldap
>> >> > moduleload back_hdb
>> >> > moduleload back_monitor
>> >> > moduleload memberof
>> >> > moduleload syncprov
>> >> > moduleload smbk5pwd
>> >> >
>> >> > tool-threads 2
>> >> > sizelimit 500
>> >> > idletimeout 7200
>> >> >
>> >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt
>> >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt
>> >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key
>> >> > TLSVerifyClient allow
>> >> >
>> >> > localSSF 160
>> >> > security ssf=1 update_ssf=128 simple_bind=112
>> >> > sasl-secprops noanonymous
>> >> >
>> >> > access to dn.base="" by * read
>> >> > access to dn.base="cn=Subschema" by * read
>> >> >
>> >> > backend hdb
>> >> > database hdb
>> >> >
>> >> > overlay memberof
>> >> > overlay smbk5pwd
>> >> > overlay syncprov
>> >> >
>> >> > smbk5pwd-enable samba
>> >> > smbk5pwd-enable krb5
>> >> > smbk5pwd-must-change 0
>> >> >
>> >> > syncprov-checkpoint 100 10
>> >> > syncprov-sessionlog 200
>> >> > syncprov-nopresent TRUE
>> >> > syncprov-reloadhint TRUE
>> >> >
>> >> > suffix "dc=iwu,dc=edu"
>> >> >
>> >> > rootdn "cn=admin,dc=iwu,dc=edu"
>> >> > rootpw {redacted}
>> >> >
>> >> > authz-regexp "uidNumber=0\\\
>> >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth"
>> >> > "cn=ldapi,dc=iwu,dc=edu"
>> >> > authz-regexp "gidNumber=.*\\\
>> >> > +uidNumber=0,cn=peercred,cn=external,cn=auth"
>> >> > "cn=ldapi,dc=iwu,dc=edu"
>> >> >
>> >> > authz-regexp "uid=(.+),cn=.+,cn=auth"
>> >> > "uid=$1,ou=People,dc=iwu,dc=edu"
>> >> >
>> >> > directory "/var/lib/ldap/"
>> >> >
>> >> > dbconfig set_cachesize 0 62914560 0
>> >> > dbconfig set_lk_max_objects 1500
>> >> > dbconfig set_lk_max_locks 1500
>> >> > dbconfig set_lk_max_lockers 1500
>> >> >
>> >> > # Make sure to do a nightly slapcat
>> >> > dbconfig set_flags DB_LOG_AUTOREMOVE
>> >> >
>> >> > index objectClass eq,pres
>> >> > index default eq,sub,pres
>> >> > index mail eq,sub,pres
>> >> > index sn eq,sub,pres
>> >> > index cn eq,sub,pres
>> >> > index displayName eq,sub,pres
>> >> > index gecos eq,sub,pres
>> >> > index uid eq,sub,pres
>> >> > index memberUid eq,sub,pres
>> >> > index uidNumber eq,pres
>> >> > index gidNumber eq,pres
>> >> > index entryCSN eq,pres
>> >> > index entryUUID eq,pres
>> >> > index uniqueMember eq,pres
>> >> > index userPassword eq,pres
>> >> > index krb5PrincipalName eq,pres
>> >> > index krb5PrincipalRealm eq,pres
>> >> > index sambaDomainName eq,pres
>> >> > index sambaSID eq,pres
>> >> > index sambaPrimaryGroupSID eq,pres
>> >> > index sambaSIDList eq,pres
>> >> >
>> >> > lastmod on
>> >> >
>> >> > checkpoint 256 15
>> >> >
>> >> > password-hash {SSHA}
>> >> >
>> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited
>> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
>> >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited
>> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
>> >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited
>> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
>> >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited
>> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
>> >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited
>> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
>> >> >
>> >> > access to dn.sub="dc=iwu,dc=edu"
>> >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write
>> >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write
>> >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read
>> >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read
>> >> > by * break
>> >> >
>> >> > access to dn.sub="dc=iwu,dc=edu"
>> >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key
>> >> > by anonymous auth
>> >> > by self write
>> >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write
>> >> > by users auth
>> >> > by * break
>> >> >
>> >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none
>> >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none
>> >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none
>> >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none
>> >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none
>> >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none
>> >> >
>> >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by
>> >> > *
>> >> > none
>> >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none
>> >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none
>> >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self
>> >> > read
>> >> > by * none
>> >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by
>> >> > self
>> >> > read by * none
>> >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by
>> >> > *
>> >> > none
>> >> >
>> >> > access to
>> >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by
>> >> > self
>> >> > read by * none
>> >> >
>> >> > access to dn.sub="dc=iwu,dc=edu"
>> >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName
>> >> > by self write
>> >> > by users read
>> >> > by anonymous none
>> >> > by * break
>> >> >
>> >> > access to dn.sub="dc=iwu,dc=edu"
>> >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber
>> >> > by self read
>> >> > by anonymous none
>> >> > by * break
>> >> >
>> >> > access to dn.sub="dc=iwu,dc=edu"
>> >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid
>> >> > by * none
>> >> >
>> >> > access to dn.sub="dc=iwu,dc=edu"
>> >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength
>> >> > by self read
>> >> > by anonymous none
>> >> > by * break
>> >> >
>> >> > access to dn.sub="dc=iwu,dc=edu" by * read
>> >> >
>> >> > serverID 1
>> >> >
>> >> > syncrepl rid=2
>> >> > provider=ldap://ldap2.iwu.edu/
>> >> > schemachecking=off
>> >> > searchbase="dc=iwu,dc=edu"
>> >> > scope=sub
>> >> > type=refreshAndPersist
>> >> > binddn="cn=mirror,dc=iwu,dc=edu"
>> >> > credentials={redacted}
>> >> > bindmethod=simple
>> >> > starttls=yes
>> >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt
>> >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key
>> >> > tls_cacert=/etc/ldap/ssl/IWU.crt
>> >> > tls_reqcert=try
>> >> > interval=00:00:00:30
>> >> > retry="15 +"
>> >> > timeout=1
>> >> > timelimit=unlimited
>> >> > sizelimit=unlimited
>> >> >
>> >> > mirrormode on
>> >> >
>> >> > ###############################
>> >> > database monitor
>> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited
>> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
>> >> >
>> >> > access to dn.exact="cn=Monitor"
>> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read
>> >> > by * none
>> >> >
>> >> > access to dn.subtree="cn=Monitor"
>> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read
>> >> > by * none
>> >> >
>> >> >
>> >> >>
>> >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
>> >> >> > Here is the quick and dirty what I am trying to do:
>> >> >> >
>> >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time
>> >> >> > synced
>> >> >> > to pool.ntp.org and each other (if they drift I would rather they
>> >> >> > sorta
>> >> >> > drift together, but pool should be keeping that in check).
>> >> >> >
>> >> >> > Right now I am just beating them up to see how 2.4.13 performs.
>> >> >> > (So
>> >> >> > far
>> >> >> > VERY well, minus this little problem)
>> >> >> >
>> >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm
>> >> >> > starting small). Debug gives me
>> >> >> >
>> >> >> > ber_scanf fmt (m}) ber:
>> >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62
>> >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30
>> >> >> > 30 .<rid=001,sid=00
>> >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37
>> >> >> > 2,csn=2008122217
>> >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30
>> >> >> > 4721.855904Z#000
>> >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30
>> >> >> > 000#001#000000
>> >> >> > do_syncrep2:
>> >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000
>> >> >> > do_syncrep2: rid=001 CSN too old, ignoring
>> >> >> > 20081222174721.855904Z#000000#001#000000
>> >> >> > ldap_msgfree
>> >> >> >
>> >> >> > I am not exactly sure how it gotten to be "too old." The ldif I
>> >> >> > am
>> >> >> > importing is not the result of a slapcat or anything that would
>> >> >> > preserve
>> >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am
>> >> >> > loading
>> >> >> > one single file with ldapadd which, in my understanding, sets up
>> >> >> > the
>> >> >> > CSN
>> >> >> > and wouldn't let me import one anyway.
>> >> >> >
>> >> >> > Each server has no entries until I load the one, so there
>> >> >> > shouldn't
>> >> >> > be
>> >> >> > any weird stale CSNs causing this. They are "sync'ed" almost
>> >> >> > instantly
>> >> >> > after the one system is loaded - I just don't have everything.
>> >> >> >
>> >> >> > After a sync:
>> >> >> > ldap1 - slapcat |grep dn: |wc -l = 41
>> >> >> > ldap2 - slapcat |grep dn: |wc -l = 18
>> >> >> >
>> >> >> > Right now I can get them in sync with a slapcat/slapadd, but when
>> >> >> > the
>> >> >> > go
>> >> >> > into production I wont be able to say for certain which one is
>> >> >> > authoritative. That is the purpose of multi-master....
>> >> >> >
>> >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32
>> >> >> > bit
>> >> >> >
>> >> >> > Any ideas as to what I can do to stop this from happening?
>> >> >> >
>> >> >> > Pat
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >
>> >> >
>> >>
>> >
>> >
>>
>
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
15 years, 10 months
DEL don't get synced
by Marc Patermann
Hi,
under some circumstances DEL don't get replicated to the consumers
(SyncRepl). I think this has to do with other changes at the some moment.
I attached two logs excepts in sync.log.
In the first except there is only a DEL
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 DEL
dn="employeeNumber=19676,ou=humans,ou=foo"
For this there is a
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp:
cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
line for every connected consumer.
In the second step there is a MOD and a DEL
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 MOD
dn="ou=FA-WF,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=3 DEL
dn="employeeNumber=24387,ou=humans,ou=foo"
As far as I can see, there is only sync activity for the MOD action, and
not for the DEL action. The DEL is not synced.
Marc
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 fd=344 ACCEPT from IP=10.49.8.54:55702 (IP=0.0.0.0:389)
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=0 STARTTLS
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=0 RESULT oid= err=0 text=
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 fd=344 TLS established tls_ssf=256 ssf=256
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=1 BIND dn="cn=human,ou=mgr,ou=foo" method=128
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=1 BIND dn="cn=human,ou=mgr,ou=foo" mech=SIMPLE ssf=0
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=1 RESULT tag=97 err=0 text=
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 DEL dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9186ee300 20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fb8c83c28d0 20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1639 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1640 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1641 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1642 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1645 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1648 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1643 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1647 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1655 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1644 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1664 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1660 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1665 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1670 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1649 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1683 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1692 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1646 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1659 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1658 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1666 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1653 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1675 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9fd5dccd8 20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1674 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1672 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1677 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1668 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1685 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1689 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1662 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1656 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1687 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1682 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1688 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1652 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1700 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1654 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1701 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1695 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1702 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1706 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1697 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1707 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1704 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1709 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=68291 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1705 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=68347 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1661 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1676 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1671 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1663 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1680 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1669 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1681 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1667 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1678 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1679 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fba2edfc470 20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1651 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 RESULT tag=107 err=0 text=
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1673 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1690 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1694 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1691 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1698 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1703 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1657 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1719 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1708 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1650 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1717 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1686 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1684 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1693 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1699 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=1696 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo"
Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 fd=344 closed (connection lost)
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 fd=344 ACCEPT from IP=10.49.8.54:44064 (IP=0.0.0.0:389)
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=0 STARTTLS
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=0 RESULT oid= err=0 text=
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 fd=344 TLS established tls_ssf=256 ssf=256
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=1 BIND dn="cn=human,ou=mgr,ou=foo" method=128
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=1 BIND dn="cn=human,ou=mgr,ou=foo" mech=SIMPLE ssf=0
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=1 RESULT tag=97 err=0 text=
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 MOD dn="ou=FA-WF,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 MOD attr=member
Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fba1dff8e80 20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fba20314a80 20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=68347 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1706 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=68291 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1704 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1709 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1719 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1673 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1692 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1697 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1717 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1643 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1659 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1271 op=1 INTERM oid=1.3.6.1.4.1.4203.1.9.1.4
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1708 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1684 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1683 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9fcc32cd0 20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1695 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1672 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1677 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1674 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1701 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1679 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1675 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1703 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1678 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1681 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1667 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1687 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1670 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1680 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1705 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1671 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1676 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1665 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1669 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1660 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1661 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1650 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1668 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1699 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1657 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1694 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1656 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1666 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1663 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1649 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1651 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1646 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1702 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1693 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1664 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1686 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1688 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1682 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1641 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1685 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1707 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1645 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1642 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1640 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1690 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1700 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fbacf061590 20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 RESULT tag=103 err=0 text=
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1662 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1654 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1696 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1644 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1691 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1648 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1655 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1652 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1689 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1647 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1639 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1653 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=3 DEL dn="employeeNumber=24387,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1658 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: conn=1698 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo"
Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9126e2300 20120131093101.913856Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9fd6e2b20 20120131093101.913856Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fbac92d6750 20120131093101.913856Z#000000#000#000000
Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=3 RESULT tag=107 err=0 text=
Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fbacf061590 20120131093101.913856Z#000000#000#000000
12 years, 9 months
Re: Fwd: CSN too old, ignoring - and therefore not syncing
by Adrien Futschik
I'm facing a similar problem.
I'm testing N-way multimaster replication with OpenLDAP 2.4.13.
I'm able to successfully import data into an instance and have my two masters to sync correctly but then when I try to add a new entry in one of the two masters, I'm getting strange messages :
let's say we have m1 & m2 (m1 & m2 are on the same server):
I initial import data into m1, it is successfully imported into m2 (at least it looks like it).
Then I'm trying to add an entry on m2 (cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr). I'm getting strange message on m1 & m2 :
m1 log :(repetitively)
[...]
Entry ou=administrateurs,o=gazdefrance,c=fr CSN 20081224125950.481561Z#000000#001#000000 older or equal to ctx 20081224125950.481561Z#000000#001#000000
Entry cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr changed by peer, ignored
syncprov_search_response: cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000
do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT
[...]
m2 log : (repetitively)
[...]
master where I added an entry :
do_syncrep2: rid=004 LDAP_RES_INTERMEDIATE - SYNC_ID_SET
do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT
do_syncrep2: cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000
[...]
Is this a bug ? Am-I doing something wrong ?
If I add the same entry to m1 and not m2 I get the following messages :
on m2 :
syncrepl_entry: rid=004 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
syncrepl_entry: rid=004 be_search (0)
syncrepl_entry: rid=004 cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr
<= bdb_equality_candidates: (entryCSN) not indexed
<= bdb_inequality_candidates: (entryCSN) not indexed
<= bdb_inequality_candidates: (entryCSN) not indexed
syncprov_search_response: cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000
syncrepl_entry: rid=004 be_add (0)
do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT
do_syncrep2: cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000
<= bdb_inequality_candidates: (entryCSN) not indexed
nonpresent_callback: rid=004 present UUID 96268508-6609-102d-9d8e-9742e72db399, dn c=fr
nonpresent_callback: rid=004 present UUID 962af700-6609-102d-9d8f-9742e72db399, dn o=edfgdf,c=fr
nonpresent_callback: rid=004 present UUID 962bd698-6609-102d-9d90-9742e72db399, dn ou=personnes,o=edfgdf,c=fr
nonpresent_callback: rid=004 present UUID 962c00b4-6609-102d-9d91-9742e72db399, dn ou=appli,o=edfgdf,c=fr
nonpresent_callback: rid=004 present UUID 962c2634-6609-102d-9d92-9742e72db399, dn ou=groupes,o=edfgdf,c=fr
nonpresent_callback: rid=004 present UUID 962ca492-6609-102d-9d93-9742e72db399, dn ou=administrateurs,o=edfgdf,c=fr
nonpresent_callback: rid=004 present UUID 962cce90-6609-102d-9d94-9742e72db399, dn o=edf,c=fr
nonpresent_callback: rid=004 present UUID 962d7138-6609-102d-9d95-9742e72db399, dn ou=personnes,o=edf,c=fr
nonpresent_callback: rid=004 present UUID 962d96f4-6609-102d-9d96-9742e72db399, dn ou=appli,o=edf,c=fr
nonpresent_callback: rid=004 present UUID 962deafa-6609-102d-9d97-9742e72db399, dn ou=groupes,o=edf,c=fr
nonpresent_callback: rid=004 present UUID 962ef026-6609-102d-9d98-9742e72db399, dn ou=administrateurs,o=edf,c=fr
nonpresent_callback: rid=004 present UUID 962f156a-6609-102d-9d99-9742e72db399, dn o=gazdefrance,c=fr
nonpresent_callback: rid=004 present UUID 962fca8c-6609-102d-9d9a-9742e72db399, dn ou=personnes,o=gazdefrance,c=fr
nonpresent_callback: rid=004 present UUID 962fef76-6609-102d-9d9b-9742e72db399, dn ou=appli,o=gazdefrance,c=fr
nonpresent_callback: rid=004 present UUID 9630106e-6609-102d-9d9c-9742e72db399, dn ou=groupes,o=gazdefrance,c=fr
nonpresent_callback: rid=004 present UUID 9630bfa0-6609-102d-9d9d-9742e72db399, dn ou=administrateurs,o=gazdefrance,c=fr
nonpresent_callback: rid=004 present UUID ae0e93d6-6609-102d-9d9e-9742e72db399, dn cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr
slap_queue_csn: queing 0x843fef0 20081224132238.790862Z#000000#001#000000
slap_graduate_commit_csn: removing 0x83d6410 20081224132238.790862Z#000000#001#000000
on m1 :
slap_queue_csn: queing 0x1df3860 20081224132238.790862Z#000000#001#000000
slap_graduate_commit_csn: removing 0x9703700 20081224132238.790862Z#000000#001#000000
<= bdb_equality_candidates: (entryCSN) not indexed
<= bdb_inequality_candidates: (entryCSN) not indexed
Entry ou=administrateurs,o=gazdefrance,c=fr CSN 20081224132158.749532Z#000000#001#000000 older or equal to ctx 20081224132158.749532Z#000000#001#000000
syncprov_search_response: cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000
do_syncrep2: rid=005 LDAP_RES_INTERMEDIATE - SYNC_ID_SET
do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT
do_syncrep2: cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000
Here is the entry I'm adding :
dn: cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf, c=fr
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetorgPerson
objectclass: ditPerson
cn: adrien-externe.futschik(a)edfgdf.fr
sn: Futschik
givenName: Adrien
uid: adrien-externe.futschik(a)edfgdf.fr
mail: adrien-externe.futschik(a)edfgdf.fr
telephonenumber: 0123456789
userpassword: {SSHA}GuU6CMRoOxp9EA1ANafzuRUXADKlBA0r
allowedServices: appli20
pretty simple isn't it ? What's going wrong ?
Adrien
========================================
Message date : Dec 23 2008, 07:39 PM
From : "Gavin Henry" <gavin.henry(a)gmail.com>
To : openldap-technical(a)openldap.org
Copy to :
Subject : Fwd: CSN too old, ignoring - and therefore not syncing
---------- Forwarded message ----------
From: Pat Riehecky <prieheck(a)iwu.edu>
Date: Tue, 23 Dec 2008 12:34:33 -0600
Subject: Re: CSN too old, ignoring - and therefore not syncing
To: Gavin Henry <gavin.henry(a)gmail.com>
On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote:
> Where did you read that those were needed anyway? If it was the admin
> guide then I need to fix it ;-)
>
> Gavin.
I have no idea where I found those at... I know it wasn't the (recent)
admin guide. It may have been from around the 2.4.8 release, but that
is long gone...
Pat
>
> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
> > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote:
> >> Try dropping nopresent and reloadhint relating to ITS5669. You only
> >> need these two syncprov settings on an accesslog db.
> >>
> >> Gavin.
> >
> > Thanks, that did the job!
> >
> > Pat
> >
> >>
> >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
> >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote:
> >> >> Can you post your config somewhere?
> >> >
> >> >
> >> > allow bind_v2
> >> >
> >> > include /etc/ldap/schema/core.schema
> >> > include /etc/ldap/schema/cosine.schema
> >> > include /etc/ldap/schema/nis.schema
> >> > include /etc/ldap/schema/inetorgperson.schema
> >> > include /etc/ldap/schema/samba.schema
> >> > include /etc/ldap/schema/eduperson-200412.schema
> >> > include /etc/ldap/schema/hdb.schema
> >> > include /etc/ldap/schema/IWU.schema
> >> >
> >> > pidfile /var/run/slapd/slapd.pid
> >> > argsfile /var/run/slapd/slapd.args
> >> >
> >> > modulepath /usr/lib/ldap
> >> > moduleload back_hdb
> >> > moduleload back_monitor
> >> > moduleload memberof
> >> > moduleload syncprov
> >> > moduleload smbk5pwd
> >> >
> >> > tool-threads 2
> >> > sizelimit 500
> >> > idletimeout 7200
> >> >
> >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt
> >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt
> >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key
> >> > TLSVerifyClient allow
> >> >
> >> > localSSF 160
> >> > security ssf=1 update_ssf=128 simple_bind=112
> >> > sasl-secprops noanonymous
> >> >
> >> > access to dn.base="" by * read
> >> > access to dn.base="cn=Subschema" by * read
> >> >
> >> > backend hdb
> >> > database hdb
> >> >
> >> > overlay memberof
> >> > overlay smbk5pwd
> >> > overlay syncprov
> >> >
> >> > smbk5pwd-enable samba
> >> > smbk5pwd-enable krb5
> >> > smbk5pwd-must-change 0
> >> >
> >> > syncprov-checkpoint 100 10
> >> > syncprov-sessionlog 200
> >> > syncprov-nopresent TRUE
> >> > syncprov-reloadhint TRUE
> >> >
> >> > suffix "dc=iwu,dc=edu"
> >> >
> >> > rootdn "cn=admin,dc=iwu,dc=edu"
> >> > rootpw {redacted}
> >> >
> >> > authz-regexp "uidNumber=0\\\
> >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth"
> >> > "cn=ldapi,dc=iwu,dc=edu"
> >> > authz-regexp "gidNumber=.*\\\
> >> > +uidNumber=0,cn=peercred,cn=external,cn=auth"
> >> > "cn=ldapi,dc=iwu,dc=edu"
> >> >
> >> > authz-regexp "uid=(.+),cn=.+,cn=auth" "uid=$1,ou=People,dc=iwu,dc=edu"
> >> >
> >> > directory "/var/lib/ldap/"
> >> >
> >> > dbconfig set_cachesize 0 62914560 0
> >> > dbconfig set_lk_max_objects 1500
> >> > dbconfig set_lk_max_locks 1500
> >> > dbconfig set_lk_max_lockers 1500
> >> >
> >> > # Make sure to do a nightly slapcat
> >> > dbconfig set_flags DB_LOG_AUTOREMOVE
> >> >
> >> > index objectClass eq,pres
> >> > index default eq,sub,pres
> >> > index mail eq,sub,pres
> >> > index sn eq,sub,pres
> >> > index cn eq,sub,pres
> >> > index displayName eq,sub,pres
> >> > index gecos eq,sub,pres
> >> > index uid eq,sub,pres
> >> > index memberUid eq,sub,pres
> >> > index uidNumber eq,pres
> >> > index gidNumber eq,pres
> >> > index entryCSN eq,pres
> >> > index entryUUID eq,pres
> >> > index uniqueMember eq,pres
> >> > index userPassword eq,pres
> >> > index krb5PrincipalName eq,pres
> >> > index krb5PrincipalRealm eq,pres
> >> > index sambaDomainName eq,pres
> >> > index sambaSID eq,pres
> >> > index sambaPrimaryGroupSID eq,pres
> >> > index sambaSIDList eq,pres
> >> >
> >> > lastmod on
> >> >
> >> > checkpoint 256 15
> >> >
> >> > password-hash {SSHA}
> >> >
> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write
> >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write
> >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read
> >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key
> >> > by anonymous auth
> >> > by self write
> >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write
> >> > by users auth
> >> > by * break
> >> >
> >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none
> >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none
> >> >
> >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by *
> >> > none
> >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none
> >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none
> >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self read
> >> > by * none
> >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by self
> >> > read by * none
> >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by *
> >> > none
> >> >
> >> > access to
> >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by self
> >> > read by * none
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName
> >> > by self write
> >> > by users read
> >> > by anonymous none
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber
> >> > by self read
> >> > by anonymous none
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid
> >> > by * none
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu"
> >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength
> >> > by self read
> >> > by anonymous none
> >> > by * break
> >> >
> >> > access to dn.sub="dc=iwu,dc=edu" by * read
> >> >
> >> > serverID 1
> >> >
> >> > syncrepl rid=2
> >> > provider=ldap://ldap2.iwu.edu/
> >> > schemachecking=off
> >> > searchbase="dc=iwu,dc=edu"
> >> > scope=sub
> >> > type=refreshAndPersist
> >> > binddn="cn=mirror,dc=iwu,dc=edu"
> >> > credentials={redacted}
> >> > bindmethod=simple
> >> > starttls=yes
> >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt
> >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key
> >> > tls_cacert=/etc/ldap/ssl/IWU.crt
> >> > tls_reqcert=try
> >> > interval=00:00:00:30
> >> > retry="15 +"
> >> > timeout=1
> >> > timelimit=unlimited
> >> > sizelimit=unlimited
> >> >
> >> > mirrormode on
> >> >
> >> > ###############################
> >> > database monitor
> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited
> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited
> >> >
> >> > access to dn.exact="cn=Monitor"
> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read
> >> > by * none
> >> >
> >> > access to dn.subtree="cn=Monitor"
> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read
> >> > by * none
> >> >
> >> >
> >> >>
> >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote:
> >> >> > Here is the quick and dirty what I am trying to do:
> >> >> >
> >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time
> >> >> > synced
> >> >> > to pool.ntp.org and each other (if they drift I would rather they
> >> >> > sorta
> >> >> > drift together, but pool should be keeping that in check).
> >> >> >
> >> >> > Right now I am just beating them up to see how 2.4.13 performs. (So
> >> >> > far
> >> >> > VERY well, minus this little problem)
> >> >> >
> >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm
> >> >> > starting small). Debug gives me
> >> >> >
> >> >> > ber_scanf fmt (m}) ber:
> >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62
> >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30
> >> >> > 30 .<rid=001,sid=00
> >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37
> >> >> > 2,csn=2008122217
> >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30
> >> >> > 4721.855904Z#000
> >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30
> >> >> > 000#001#000000
> >> >> > do_syncrep2:
> >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000
> >> >> > do_syncrep2: rid=001 CSN too old, ignoring
> >> >> > 20081222174721.855904Z#000000#001#000000
> >> >> > ldap_msgfree
> >> >> >
> >> >> > I am not exactly sure how it gotten to be "too old." The ldif I am
> >> >> > importing is not the result of a slapcat or anything that would
> >> >> > preserve
> >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am
> >> >> > loading
> >> >> > one single file with ldapadd which, in my understanding, sets up the
> >> >> > CSN
> >> >> > and wouldn't let me import one anyway.
> >> >> >
> >> >> > Each server has no entries until I load the one, so there shouldn't
> >> >> > be
> >> >> > any weird stale CSNs causing this. They are "sync'ed" almost
> >> >> > instantly
> >> >> > after the one system is loaded - I just don't have everything.
> >> >> >
> >> >> > After a sync:
> >> >> > ldap1 - slapcat |grep dn: |wc -l = 41
> >> >> > ldap2 - slapcat |grep dn: |wc -l = 18
> >> >> >
> >> >> > Right now I can get them in sync with a slapcat/slapadd, but when the
> >> >> > go
> >> >> > into production I wont be able to say for certain which one is
> >> >> > authoritative. That is the purpose of multi-master....
> >> >> >
> >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32
> >> >> > bit
> >> >> >
> >> >> > Any ideas as to what I can do to stop this from happening?
> >> >> >
> >> >> > Pat
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >
> >> >
> >>
> >
> >
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
Adrien Futschik
15 years, 10 months
TLS issue (again)
by Olivier
I had to renew my openssl certificates and now my ldap tls negociation
doesn't work anymore :
$ ldapsearch -ZZ -D uid=guillard,ou=staff,ou=people,dc=example,dc=fr
-W uid=guillard -h ldap2.th3.example.fr
ldap_start_tls: Connect error (-11)
additional info: TLS error -8172:Unknown code ___f 20
Here are the server configuration relevant directives :
olcTLSCACertificateFile /etc/openldap/cacerts/CA.crt
olcTLSCertificateFile /etc/openldap/cacerts/server.crt
olcTLSCertificateKeyFile /etc/openldap/cacerts/server.key
olcTLSCipherSuite HIGH
( see at the very end of this mail : these certificates are correct since I have
successfully proceed to openssl connexion tests).
and here are logs collected on the server side when receiving ldapsearch
request :
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(7):
daemon: epoll: listen=7 busy
>>> slap_listener(ldap://ldap2.th3.example.fr:389)
daemon: listen=7, new connection on 15
daemon: added 15r (active) listener=(nil)
conn=1003 fd=15 ACCEPT from IP=10.10.86.93:41013 (IP=10.1.92.25:389)
daemon: activity on 2 descriptors
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=zero
connection_get(15)
connection_get(15): got connid=1003
connection_read(15): checking for input on id=1003
ber_get_next
ldap_read: want=8, got=8
0000: 30 1d 02 01 01 77 18 80 0....w..
ldap_read: want=23, got=23
0000: 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 36 .1.3.6.1.4.1.146
0010: 36 2e 32 30 30 33 37 6.20037
ber_get_next: tag 0x30 len 29 contents:
ber_dump: buf=0x7f272017aa70 ptr=0x7f272017aa70 end=0x7f272017aa8d len=29
0000: 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 ...w...1.3.6.1.4
0010: 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .1.1466.20037
op tag 0x77, time 1325683329
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1003 op=0 do_extended
ber_scanf fmt ({m) ber:
ber_dump: buf=0x7f272017aa70 ptr=0x7f272017aa73 end=0x7f272017aa8d len=26
0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1.
0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037
conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037
do_extended: oid=1.3.6.1.4.1.1466.20037
conn=1003 op=0 STARTTLS
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush2: 14 bytes to sd 15
0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........
conn=1003 op=0 RESULT oid= err=0 text=
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=zero
connection_get(15)
connection_get(15): got connid=1003
connection_read(15): checking for input on id=1003
tls_read: want=3, got=3
0000: 80 3a 01 .:.
tls_read: want=57, got=57
0000: 03 01 00 21 00 00 00 10 00 00 35 00 00 04 00 00 ...!......5.....
0010: 05 00 00 2f 00 00 0a 00 00 09 00 00 64 00 00 62 .../........d..b
0020: 00 00 03 00 00 06 00 00 ff 70 1e 75 15 46 04 b3 .........p.u.F..
0030: 16 ed d1 87 1c 77 58 06 48 .....wX.H
tls_write: want=2157, written=2157
0000: 16 03 01 08 68 02 00 00 4d 03 01 4f 04 52 81 3c ....h...M..O.R.<
0010: c6 b8 b6 8a d8 4a 75 83 a7 fc 09 13 2c c8 d4 d4 .....Ju.....,...
0020: ce e7 12 73 80 bc 42 f6 f2 05 de 20 6c db 35 d1 ...s..B.... l.5.
0030: e0 2b bb 93 a4 c2 8c 82 df 51 58 0a 93 e6 c9 ff .+.......QX.....
0040: 10 0d 92 08 6c 96 3e f8 92 aa d8 83 00 35 00 00 ....l.>......5..
0050: 05 ff 01 00 01 00 0b 00 06 d3 00 06 d0 00 02 e3 ................
0060: 30 82 02 df 30 82 01 c7 02 09 00 a6 1d 1f 28 63 0...0.........(c
0070: 5e 6a 57 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 ^jW0...*.H......
0080: 05 00 30 81 87 31 0b 30 09 06 03 55 04 06 13 02 ..0..1.0...U....
0090: 66 72 31 0f 30 0d 06 03 55 04 08 0c 06 66 72 61 fr1.0...U....fra
00a0: 6e 63 65 31 11 30 0f 06 03 55 04 07 0c 08 6d 6f nce1.0...U....mo
00b0: 6e 74 69 67 6e 79 31 0e 30 0c 06 03 55 04 0a 0c ntigny1.0...U...
00c0: 05 61 66 6e 69 63 31 0d 30 0b 06 03 55 04 0b 0c .example1.0...U...
00d0: 04 6c 64 61 70 31 0d 30 0b 06 03 55 04 03 0c 04 .ldap1.0...U....
00e0: 6c 64 61 70 31 26 30 24 06 09 2a 86 48 86 f7 0d ldap1&0$..*.H...
00f0: 01 09 01 16 17 6f 6c 69 76 69 65 72 2e 67 75 69 .....olivier.gui
0100: 6c 6c 61 72 64 40 6e 69 63 2e 66 72 30 1e 17 0d
llard(a)example.fr0...
0110: 31 31 31 32 32 39 31 35 33 39 35 38 5a 17 0d 32 111229153958Z..2
0120: 31 30 37 32 39 31 35 33 39 35 38 5a 30 81 a2 31 10729153958Z0..1
0130: 0b 30 09 06 03 55 04 06 13 02 66 72 31 0f 30 0d .0...U....fr1.0.
0140: 06 03 55 04 08 0c 06 66 72 61 6e 63 65 31 11 30 ..U....france1.0
0150: 0f 06 03 55 04 07 0c 08 6d 6f 6e 74 69 67 6e 79 ...U....myplace
0160: 31 0e 30 0c 06 03 55 04 0a 0c 05 61 66 6e 69 63 1.0...U....example
0170: 31 0d 30 0b 06 03 55 04 0b 0c 04 6c 64 61 70 31 1.0...U....ldap1
0180: 28 30 26 06 03 55 04 03 0c 1f 6c 64 61 70 32 2e (0&..U....ldap2.
0190: 64 61 74 61 62 61 73 65 2e 70 72 69 76 65 2e 74 t
01a0: 68 33 2e 6e 69 63 2e 66 72 31 26 30 24 06 09 2a
h3.example.fr1&0$..*
01b0: 86 48 86 f7 0d 01 09 01 16 17 4f 6c 69 76 69 65 .H........Olivie
01c0: 72 2e 47 75 69 6c 6c 61 72 64 40 6e 69 63 2e 66
r.Guillard(a)example.f
01d0: 72 30 5c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 r0\0...*.H......
01e0: 05 00 03 4b 00 30 48 02 41 00 bf 72 68 cc 54 9d ...K.0H.A..rh.T.
01f0: 10 d3 8b c0 4a 1b 5c 90 d6 03 7a 41 5e 05 6f 8d ....J.\...zA^.o.
0200: cc 2d 61 31 7b 94 0f c2 f7 c1 51 8a 4f d5 59 89 .-a1{.....Q.O.Y.
0210: 51 79 87 3f fa c3 5f af 30 8c 87 f8 ca be bb 0b Qy.?.._.0.......
0220: 28 8c d5 4a 3a 73 b5 a9 e3 d9 02 03 01 00 01 30 (..J:s.........0
0230: 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82 ...*.H..........
0240: 01 01 00 c0 3c 2a 0a d4 af 13 24 b5 2a 2b e3 cd ....<*....$.*+..
0250: 0f 57 f6 86 99 e1 ae ba d7 b2 87 4e 02 a6 d6 a3 .W.........N....
0260: 7d 9f 7b 89 03 61 ac b6 40 9e 93 ca 8d 3a d4 95 }.{..a..@....:..
0270: 7a 48 e2 9a 01 2f ed 3d 2b c3 96 41 c0 58 39 cf zH.../.=+..A.X9.
0280: 52 a2 db 08 78 85 c4 85 17 08 d8 11 62 60 8e d0 R...x.......b`..
0290: b5 61 71 fe 83 d5 94 9d f2 42 1d b5 56 bd fa 67 .aq......B..V..g
02a0: db 8e bf 09 af ef e3 b0 c8 0a f1 38 8b bf 59 75 ...........8..Yu
02b0: 6a 21 01 c0 0b 8c cf 87 20 d2 2f d9 89 a0 37 11 j!...... ./...7.
02c0: a0 62 6a a1 32 4b ff e4 cf 30 4c 8f 8e ef d2 51 .bj.2K...0L....Q
02d0: ec cc d1 fc 21 43 58 5e 09 40 8b bf ca bb fc 4f ....!CX^.@.....O
02e0: d1 d4 e9 cf 80 8f b1 af 72 d0 ff c1 d7 52 f3 4b ........r....R.K
02f0: e3 85 69 ef e9 36 6e 4d 54 13 d2 bd 3b 93 ad ed ..i..6nMT...;...
0300: 6e 36 cc 4f e6 b9 c5 01 1e 86 c8 88 aa de a6 7b n6.O...........{
0310: c1 99 9a 3f c5 69 9e af e0 94 6e ba 51 5b ec 2a ...?.i....n.Q[.*
0320: 2c aa 09 ff 4a 27 15 96 ad 9f b0 5c f0 c4 9c 34 ,...J'.....\...4
0330: 53 32 03 1c d4 e2 dd b8 96 88 d2 5d b2 c6 e1 5e S2.........]...^
0340: 32 ba 81 00 03 e7 30 82 03 e3 30 82 02 cb a0 03 2.....0...0.....
0350: 02 01 02 02 09 00 a1 67 1e 44 66 c6 f6 59 30 0d .......g.Df..Y0.
0360: 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 81 87 ..*.H........0..
0370: 31 0b 30 09 06 03 55 04 06 13 02 66 72 31 0f 30 1.0...U....fr1.0
0380: 0d 06 03 55 04 08 0c 06 66 72 61 6e 63 65 31 11 ...U....france1.
0390: 30 0f 06 03 55 04 07 0c 08 6d 6f 6e 74 69 67 6e 0...U....montign
03a0: 79 31 0e 30 0c 06 03 55 04 0a 0c 05 61 66 6e 69 y1.0...U....afni
03b0: 63 31 0d 30 0b 06 03 55 04 0b 0c 04 6c 64 61 70 c1.0...U....ldap
03c0: 31 0d 30 0b 06 03 55 04 03 0c 04 6c 64 61 70 31 1.0...U....ldap1
03d0: 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 &0$..*.H........
03e0: 6f 6c 69 76 69 65 72 2e 67 75 69 6c 6c 61 72 64 olivier.guillard
03f0: 40 6e 69 63 2e 66 72 30 1e 17 0d 31 31 31 32 32
@example.fr0...11122
0400: 39 31 34 31 33 35 35 5a 17 0d 33 31 31 32 32 34 9141355Z..311224
0410: 31 34 31 33 35 35 5a 30 81 87 31 0b 30 09 06 03 141355Z0..1.0...
0420: 55 04 06 13 02 66 72 31 0f 30 0d 06 03 55 04 08 U....fr1.0...U..
0430: 0c 06 66 72 61 6e 63 65 31 11 30 0f 06 03 55 04 ..france1.0...U.
0440: 07 0c 08 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c 06 ...myplace1.0..
0450: 03 55 04 0a 0c 05 61 66 6e 69 63 31 0d 30 0b 06 .U....example1.0..
0460: 03 55 04 0b 0c 04 6c 64 61 70 31 0d 30 0b 06 03 .U....ldap1.0...
0470: 55 04 03 0c 04 6c 64 61 70 31 26 30 24 06 09 2a U....ldap1&0$..*
0480: 86 48 86 f7 0d 01 09 01 16 17 6f 6c 69 76 69 65 .H........olivie
0490: 72 2e 67 75 69 6c 6c 61 72 64 40 6e 69 63 2e 66
r.guillard(a)example.f
04a0: 72 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 r0.."0...*.H....
04b0: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 .........0......
04c0: 01 00 c8 90 e1 61 d2 28 38 aa 35 a9 21 5b f7 2b .....a.(8.5.![.+
04d0: f2 ed 04 5c 73 03 c5 f8 f9 97 5a 53 3b 39 bf aa ...\s.....ZS;9..
04e0: 20 b8 45 c1 92 2e 27 ea bf b1 78 57 f9 41 a3 b3 .E...'...xW.A..
04f0: 23 11 fc 8d 79 ea 21 a9 01 c0 ce 01 27 e6 0f a6 #...y.!.....'...
0500: 13 8d 12 5c 72 bf ba 60 41 71 76 94 99 da 43 f7 ...\r..`Aqv...C.
0510: e0 f9 b4 2f e7 25 7c 36 4f e9 4f dc 18 26 a9 7c .../.%|6O.O..&.|
0520: ad 98 2a 9c 91 16 76 41 31 1e 5d dd 81 2a b9 38 ..*...vA1.]..*.8
0530: ec 91 5c 91 11 03 fb 14 7d 59 d5 49 6d 32 42 c7 ..\.....}Y.Im2B.
0540: 66 73 58 b0 fb 02 b4 a0 4d 3e e3 3c ab ff 8c 42 fsX.....M>.<...B
0550: 83 51 b5 51 b7 19 71 61 f8 39 5c b7 8d 1a 70 97 .Q.Q..qa.9\...p.
0560: 69 5d e6 47 9e 7e ae ec 5c 7c be 73 7b d0 df df i].G.~..\|.s{...
0570: a7 53 6d a8 d3 d3 f6 7e e6 2f 13 3e c5 80 e6 f2 .Sm....~./.>....
0580: fe 2a cc d4 1e 4d 3d 6a bc b0 a9 fa a5 51 12 31 .*...M=j.....Q.1
0590: 0e 41 2d 7a 8a 52 de 66 bd 3b 0c ef fa 9b fe 82 .A-z.R.f.;......
05a0: df ad 1c 7f d9 53 4b c0 db fe f3 e6 b9 3d ea 5d .....SK......=.]
05b0: 66 7f fb 14 41 b5 0a e7 70 11 4e 5d 80 69 04 bd f...A...p.N].i..
05c0: 9e 97 02 03 01 00 01 a3 50 30 4e 30 1d 06 03 55 ........P0N0...U
05d0: 1d 0e 04 16 04 14 24 05 af 2a 63 a4 0b 0f ae a4 ......$..*c.....
05e0: e2 2c e9 13 40 5a 8b d7 a4 41 30 1f 06 03 55 1d .,..@Z...A0...U.
05f0: 23 04 18 30 16 80 14 24 05 af 2a 63 a4 0b 0f ae #..0...$..*c....
0600: a4 e2 2c e9 13 40 5a 8b d7 a4 41 30 0c 06 03 55 ..,..@Z...A0...U
0610: 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 ....0....0...*.H
0620: 86 f7 0d 01 01 05 05 00 03 82 01 01 00 57 2d 0a .............W-.
0630: d5 88 d0 98 2b 9e f9 d7 bc e6 82 08 65 25 d9 65 ....+.......e%.e
0640: 84 98 e3 da a3 36 a1 6f 40 3b d0 d8 16 3d 48 06 .....6.o@;...=H.
0650: 6c ee 99 fd b6 4c f3 3b 10 50 bb 71 97 6e 4d e0 l....L.;.P.q.nM.
0660: 77 48 57 5b db d1 e6 ca c8 80 79 d0 f5 17 94 5d wHW[......y....]
0670: 11 93 07 74 8b 5c 4b b1 ad 45 1f 5a 2c d9 6e e8 ...t.\K..E.Z,.n.
0680: d4 7a e4 99 e7 ba 86 36 93 1d 4c 0e 9b 13 4d ef .z.....6..L...M.
0690: 25 72 7b ae b0 f1 95 c0 17 dc 4a c0 ed 04 b5 54 %r{.......J....T
06a0: 98 90 47 2f dc f0 1c 5a ca b0 2e 0d ee 58 14 e8 ..G/...Z.....X..
06b0: 2c d0 cd a8 d9 2c ae 2f 65 81 89 70 af f9 d8 01 ,....,./e..p....
06c0: 1b 14 ae 63 1d 90 af 3d 29 71 7d 74 4a e8 7a e5 ...c...=)q}tJ.z.
06d0: ed a0 fb 9b ce 1d 5a e2 82 7e c4 bc 97 88 e7 06 ......Z..~......
06e0: 66 86 77 23 85 29 2c b1 28 72 8c af a5 51 96 b1 f.w#.),.(r...Q..
06f0: d5 dc 51 62 bd 2d e6 8f 4c 22 24 4e e1 c6 a3 64 ..Qb.-..L"$N...d
0700: 40 fc e9 d8 6d b1 48 d8 80 10 3a 6a bc 35 06 d9 @...m.H...:j.5..
0710: 4c e8 4c e6 66 82 9d fd a9 a2 9f 3e 13 37 c0 52 L.L.f......>.7.R
0720: 3f c3 15 e1 3e 9c 05 67 b2 11 0d 38 a4 0d 00 01 ?...>..g...8....
0730: 38 02 01 02 01 33 00 8a 30 81 87 31 0b 30 09 06 8....3..0..1.0..
0740: 03 55 04 06 13 02 66 72 31 0f 30 0d 06 03 55 04 .U....fr1.0...U.
0750: 08 0c 06 66 72 61 6e 63 65 31 11 30 0f 06 03 55 ...france1.0...U
0760: 04 07 0c 08 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c ....myplace1.0.
0770: 06 03 55 04 0a 0c 05 61 66 6e 69 63 31 0d 30 0b ..U....example1.0.
0780: 06 03 55 04 0b 0c 04 6c 64 61 70 31 0d 30 0b 06 ..U....ldap1.0..
0790: 03 55 04 03 0c 04 6c 64 61 70 31 26 30 24 06 09 .U....ldap1&0$..
07a0: 2a 86 48 86 f7 0d 01 09 01 16 17 6f 6c 69 76 69 *.H........olivi
07b0: 65 72 2e 67 75 69 6c 6c 61 72 64 40 6e 69 63 2e
er.guillard@example.
07c0: 66 72 00 a5 30 81 a2 31 0b 30 09 06 03 55 04 06 fr..0..1.0...U..
07d0: 13 02 66 72 31 0f 30 0d 06 03 55 04 08 0c 06 66 ..fr1.0...U....f
07e0: 72 61 6e 63 65 31 11 30 0f 06 03 55 04 07 0c 08 rance1.0...U....
07f0: 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c 06 03 55 04 myplace1.0...U.
0800: 0a 0c 05 61 66 6e 69 63 31 0d 30 0b 06 03 55 04 ...example1.0...U.
0810: 0b 0c 04 6c 64 61 70 31 28 30 26 06 03 55 04 03 ...ldap1(0&..U..
0820: 0c 1f 6c 64 61 70 32 2e 64 61 74 61 62 61 73 65 ..ldap2.
0830: 2e 70 72 69 76 65 2e 74 68 33 2e 6e 69 63 2e 66 .th3.example.fr
0840: 72 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 1&0$..*.H.......
0850: 16 17 4f 6c 69 76 69 65 72 2e 47 75 69 6c 6c 61 .Olivier.Guilla
0860: 72 64 40 6e 69 63 2e 66 72 0e 00 00 00
rd(a)example.fr....
tls_read: want=5 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 15r
daemon: read active on 15
daemon: epoll: listen=7 active_threads=0 tvp=zero
connection_get(15)
connection_get(15): got connid=1003
connection_read(15): checking for input on id=1003
tls_read: want=5, got=5
0000: 15 03 01 00 02 .....
tls_read: want=2, got=2
0000: 02 30 .0
TLS: error: accept - force handshake failure: errno 11 - moznss error -12195
TLS: can't accept: TLS error -12195:Unknown code ___P 93.
connection_read(15): TLS accept failure error=-1 id=1003, closing
connection_closing: readying conn=1003 sd=15 for close
connection_close: conn=1003 sd=15
daemon: removing 15
conn=1003 fd=15 closed (TLS negotiation failure)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
^Cdaemon: shutdown requested and initiated.
daemon: closing 7
connection_closing: readying conn=1000 sd=13 for close
connection_close: conn=1000 sd=13
daemon: removing 13
conn=1000 fd=13 closed (slapd shutdown)
As far as I can see it doesn't looks like
[root@ldap2 cacerts]# openssl s_server -accept 5555 -key
/etc/openldap/cacerts/server.key -cert
/etc/openldap/cacerts/server.crt -state
Using default temp DH parameters
ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client key exchange A
SSL_accept:SSLv3 read finished A
SSL_accept:SSLv3 write session ticket A
SSL_accept:SSLv3 write change cipher spec A
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
MFoCAQECAgMBBAIAOQQABDB88nXC0TcyHgrQcZ+51a/16Nw874VzV1cEEkOMwfSy
VCIJ8jOiylXmk2gHkAK7y6OhBgIETwRP56IEAgIBLKQGBAQBAAAAqwMEAQE=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-SHA:CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
CIPHER is DHE-RSA-AES256-SHA
Secure Renegotiation IS supported
ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT
[guillard@fouine ~]$ openssl s_client -CAfile
/etc/openldap/cacerts/CA.crt -connect ldap2.th3.example.fr:5555
CONNECTED(00000003)
depth=1 C = fr, ST = france, L = myplace, O = example, OU = ldap, CN =
ldap, emailAddress = olivier.guillard(a)example.fr
verify return:1
depth=0 C = fr, ST = france, L = myplace, O = example, OU = ldap, CN =
ldap2.th3.example.fr, emailAddress = Olivier.Guillard(a)example.fr
verify return:1
---
Certificate chain
0 s:/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap2.th3.example.fr/emailAddress=Olivier.Guillard@example.fr
i:/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap/emailAddress=olivier.guillard@example.fr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC3zCCAccCCQCmHR8oY15qVzANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMC
ZnIxDzANBgNVBAgMBmZyYW5jZTERMA8GA1UEBwwIbW9udGlnbnkxDjAMBgNVBAoM
BWFmbmljMQ0wCwYDVQQLDARsZGFwMQ0wCwYDVQQDDARsZGFwMSYwJAYJKoZIhvcN
AQkBFhdvbG24KJJD7GJVBIYTIVHTFJCGFDHGFXGRFCYTDFYTDjkxNTM5NThaFw0y
MTA3MjkxNTM5NThaMIGiMQswCQYDVQQGEwJmcjEPMA0GA1UECAwGZnJhbmNlMREw
DwYDVQQHDAhtb250aWdueTEOMAwGA1UECgwFYWZuaWMxDTALBgNVBAsMBGxkYXAx
KDAmBgNVBAMMH2xkYXAyLmRhdGFiYXNlLnByaXZlLnRoMy5uaWMuZnIxJjAkBgkq
hkiG9w0BCQEWFNBIHGJ4UTFHGXCYTDCYXDYCYTFCUGCUTTFUYFUJKoZIhvcNAQEB
BQADSwAwSAJBAL9yaMxUnRDTi8BKG1yQ1gN6QV4Fb43MLWExe5QPwvfBUYpP1VmJ
UXmHP/rDX68wjIf4yr67CyiM1Uo6c7Wp49kCAwEAATANBgkqhkiG9w0BAQUFAAOC
AQEAwDwqCtSvEyS1KivjzQ9X9oaZ4a6617KHTgKm1qN9n3uJA2GstkCek8qNOtSV
ekjimgEv7T0rw5ZBwFg5z1Ki2wh4hcSFFwjYEWJgjtC1YXH+g9WUnfJCHbVWvfpn
246NBVJHJHVJVJJKVJHVJHVJKHVJHVJHVJHVJHVJHVJHVJHVJHVJHVJHVJHV79JR
7MzR/CFDWF4JQIu/yrv8T9HU6c+Aj7GvctD/wddS80vjhWnv6TZuTVQT0r07k63t
bjbMT+a5xQEehsiIqt6me8GZmj/FaZ6v4JRuulFb7Cosqgn/SicVlq2fsFzwxJw0
UzIDHNTi3biWiNJdssbhXjK6gQ==
-----END CERTIFICATE-----
subject=/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap2.th3.example.fr/emailAddress=Olivier.Guillard(a)example.fr
issuer=/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap/emailAddress=olivier.guillard(a)example.fr
---
No client certificate CA names sent
---
SSL handshake has read 1265 bytes and written 247 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 512 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: DBCDE5CD6EB4D7FF8C38DD1557CA90EDBEDDCB27600CFA4D1FD9D58388A11EBE
Session-ID-ctx:
Master-Key:
7CF275C2D137321E0AD0719FB9D5AFF5E8DC3CEF857357570412438CC1F4B2542209F233A2CA55E69368079002BBCBA3
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - c2 bb 20 23 85 0a cf b0-bc b2 6d cd 4b d2 32 0e .. #......m.K.2.
0010 - 6f 51 29 7f 3a 44 c3 95-76 c2 c6 23 e5 8d 98 3c oQ).:D..v..#...<
0020 - 7a b9 eb 6b 8e d1 c5 c4-57 74 26 34 4c db ec fe z..k....Wt&4L...
0030 - a9 3b 77 12 fb 74 67 fb-57 f1 8f 2a 71 d3 a6 ae .;w..tg.W..*q...
0040 - 17 48 9e bf 7d 94 1f c3-d4 02 6e 7f 27 07 f4 d6 .H..}.....n.'...
0050 - 98 6f 24 6c f9 63 b7 4c-cd ce d8 85 e5 be 3e fd .o$l.c.L......>.
0060 - 65 a2 1b 36 cc 26 76 3b-d3 f6 cf e1 f9 a7 c3 c2 e..6.&v;........
0070 - 2f fe 8f 3c 7c d1 0f 58-43 be d7 a5 64 69 04 91 /..<|..XC...di..
0080 - cb 68 08 82 fe 8d 9d 4e-1b 0f 96 27 59 5e d8 76 .h.....N...'Y^.v
0090 - be 44 01 6d 53 2e 9e 67-22 07 35 d1 6f a4 80 e1 .D.mS..g".5.o...
Compression: 1 (zlib compression)
Start Time: 1325682663
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
^C
12 years, 10 months
syncrepl problems
by Bram Cymet
Hi,
I am trying to set up a syncrepl consumer. I have done this a number of
times without any problem.
The consumer seems to be connecting via TLS to the producer and
authenticating but the consumer directory never gets populated.
Here is the log from the producer:
Nov 22 19:19:57 anubis slapd[24088]: slap_listener_activate(7):
Nov 22 19:19:57 anubis slapd[24088]: >>> slap_listener(ldap://)
Nov 22 19:19:57 anubis slapd[24088]: conn=1026 fd=15 ACCEPT from
IP=172.20.150.141:38831 (IP=0.0.0.0:389)
Nov 22 19:19:57 anubis slapd[24088]: connection_get(15)
Nov 22 19:19:57 anubis slapd[24088]: connection_get(15): got connid=1026
Nov 22 19:19:57 anubis slapd[24088]: connection_read(15): checking for
input on id=1026
Nov 22 19:19:57 anubis slapd[24088]: op tag 0x77, time 1290471597
Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 do_extended
Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Nov 22 19:19:57 anubis slapd[24088]: do_extended: oid=1.3.6.1.4.1.1466.20037
Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 STARTTLS
Nov 22 19:19:57 anubis slapd[24088]: send_ldap_extended: err=0 oid= len=0
Nov 22 19:19:57 anubis slapd[24088]: send_ldap_response: msgid=1 tag=120
err=0
Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 RESULT oid= err=0 text=
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15)
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026
Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for
input on id=1026
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15)
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026
Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for
input on id=1026
Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): unable to get
TLS client DN, error=49 id=1026
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 TLS established
tls_ssf=256 ssf=256
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15)
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026
Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for
input on id=1026
Nov 22 19:19:58 anubis slapd[24088]: op tag 0x60, time 1290471598
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 do_bind
Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>, <uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND
dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128
Nov 22 19:19:58 anubis slapd[24088]: do_bind: version=3
dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128
Nov 22 19:19:58 anubis slapd[24088]: ==> hdb_bind: dn:
uid=syncrepl,ou=system,dc=ls,dc=cbn
Nov 22 19:19:58 anubis slapd[24088]:
bdb_dn2entry("uid=syncrepl,ou=system,dc=ls,dc=cbn")
Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: result not in
cache (userPassword)
Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access to
"uid=syncrepl,ou=system,dc=ls,dc=cbn" "userPassword" requested
Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [2] attr userPassword
Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry
"uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested
Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0)
Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat:
uid=syncrepl,ou=system,dc=ls,dc=cbn
Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: *
Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying +0 (break)
Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: =0
Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [3] attr userPassword
Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry
"uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested
Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0)
Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: self
Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: *
Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying auth(=xd)
(stop)
Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: auth(=xd)
Nov 22 19:19:58 anubis slapd[24088]: => slap_access_allowed: auth access
granted by auth(=xd)
Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access
granted by auth(=xd)
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND
dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" mech=SIMPLE ssf=0
Nov 22 19:19:58 anubis slapd[24088]: do_bind: v3 bind:
"uid=syncrepl,ou=system,dc=ls,dc=cbn" to
"uid=syncrepl,ou=system,dc=ls,dc=cbn"
Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=1 p=3
Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 matched=""
text=""
Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=2 tag=97
err=0
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 RESULT tag=97 err=0
text=
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15)
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026
Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for
input on id=1026
Nov 22 19:19:58 anubis slapd[24088]: op tag 0x63, time 1290471598
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 do_search
Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal: <dc=ls,dc=cbn>
Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal: <dc=ls,dc=cbn>,
<dc=ls,dc=cbn>
Nov 22 19:19:58 anubis slapd[24088]: SRCH "dc=ls,dc=cbn" 2 0
Nov 22 19:19:58 anubis slapd[24088]: 0 0 0
Nov 22 19:19:58 anubis slapd[24088]: filter: (objectClass=*)
Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls
Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls:
oid="1.3.6.1.4.1.4203.1.9.1.1" (noncritical)
Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls:
oid="2.16.840.1.113730.3.4.2" (critical)
Nov 22 19:19:58 anubis slapd[24088]: <= get_ctrls: n=2 rc=0 err=""
Nov 22 19:19:58 anubis slapd[24088]: attrs:
Nov 22 19:19:58 anubis slapd[24088]: *
Nov 22 19:19:58 anubis slapd[24088]: +
Nov 22 19:19:58 anubis slapd[24088]:
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH
base="dc=ls,dc=cbn" scope=2 deref=0 filter="(objectClass=*)"
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH attr=* +
Nov 22 19:19:58 anubis slapd[24088]: ==> limits_get: conn=1026 op=2
self="uid=syncrepl,ou=system,dc=ls,dc=cbn" this="dc=ls,dc=cbn"
Nov 22 19:19:58 anubis slapd[24088]: <== limits_get: type=DN match=EXACT
dn="uid=syncrepl,ou=system,dc=ls,dc=cbn"
Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=2 p=3
Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 matched=""
text=""
Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=3 tag=101
err=0
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15)
Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026
Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for
input on id=1026
Nov 22 19:19:58 anubis slapd[24088]: op tag 0x42, time 1290471598
Nov 22 19:19:58 anubis slapd[24088]: ber_get_next on fd 15 failed
errno=0 (Success)
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 do_unbind
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 UNBIND
Nov 22 19:19:58 anubis slapd[24088]: connection_close: conn=1026 sd=15
Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 closed
Here is the log from the consumer:
Nov 22 18:22:49 mgaauth1 slapd[12587]: daemon: shutdown requested and
initiated.
Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: waiting for 0
operations/tasks to finish
Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: initiated
Nov 22 18:22:49 mgaauth1 slapd[12587]: ====> bdb_cache_release_all
Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd destroy: freeing system
resources.
Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=001
Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=002
Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd stopped.
Nov 22 18:22:52 mgaauth1 slapd[12638]: @(#) $OpenLDAP: slapd 2.4.20 (Jun
16 2010 10:21:06) $
abuild@anonymi:/usr/src/packages/BUILD/openldap-2.4.20/servers/slapd
Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed
errno=97 (Address family not supported by protocol)
Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed
errno=97 (Address family not supported by protocol)
Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema.ldif"
Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn=schema
objectClass: olcSchemaConfig cn: schema structuralObjectClass:
olcSchemaConfig entryUUID: 1a05f3b8-8ade-102f-8d02-5da984889200
creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN:
20101122234350.437126Z#000000#000#000000 modifiersName: cn=config
modifyTimestamp: 20101122234350Z "
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=schema>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=schema>,
<cn=schema>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn=schema) ->
0x7ff49ab19758
Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif"
Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={0}core
objectClass: olcSchemaConfig cn: {0}core olcAttributeTypes: {0}( 2.5.4.2
NAME 'knowledgeInformation' DESC 'RFC2256: kno wledge information'
EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{32768} )
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256:
last (f amily) name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256:
serial numb er of the entity' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC
'RFC4519: two- letter ISO-3166 country code' SUP name SYNTAX
1.3.6.1.4.1.1466.115.121.1.11 S INGLE-VALUE ) olcAttributeTypes: {4}(
2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc ality which this
object resides in' SUP name ) olcAttributeTypes: {5}( 2.5.4.8 NAME (
'st' 'stateOrProvinceName' ) DESC 'RFC2 256: state or province which
this object resides in' SUP name ) olcAttributeTypes: {6}( 2.5.4.9 NAME
( 'street' 'streetAddress' ) DESC 'RFC225 6: street address of this
object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {7}(
2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 : organization
this object belongs to' SUP name ) olcAttributeTypes: {8}( 2.5.4.11 NAME
( 'ou' 'organizationalUnitName' ) DESC ' RFC2256: organizational unit
this object belongs to' SUP name ) olcAttributeTypes: {9}( 2.5.4.12 NAME
'title' DESC 'RFC2256: title associated with the entity' SUP name )
olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256:
search gui de, deprecated by enhancedSearchGuide' SYNTAX
1.3.6.1.4.1.1466.115.121.1.25 ) olcAttributeTypes: {11}( 2.5.4.15 NAME
'businessCategory' DESC 'RFC2256: busin ess category' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X
1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {12}( 2.5.4.16
NAME 'postalAddress' DESC 'RFC2256: postal a ddress' EQUALITY
caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN TAX
1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {13}( 2.5.4.17 NAME
'postalCode' DESC 'RFC2256: postal code ' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.15{40} ) olcAttributeTypes: {14}( 2.5.4.18 NAME
'postOfficeBox' DESC 'RFC2256: Post Off ice Box' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3
.6.1.4.1.1466.115.121.1.15{40} ) olcAttributeTypes: {15}( 2.5.4.19 NAME
'physicalDeliveryOfficeName' DESC 'RFC2 256: Physical Delivery Office
Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {16}( 2.5.4.20
NAME 'telephoneNumber' DESC 'RFC2256: Teleph one Number' EQUALITY
telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX
1.3.6.1.4.1.1466.115.121.1.50{32} ) olcAttributeTypes: {17}( 2.5.4.21
NAME 'telexNumber' DESC 'RFC2256: Telex Numb er' SYNTAX
1.3.6.1.4.1.1466.115.121.1.52 ) olcAttributeTypes: {18}( 2.5.4.22 NAME
'teletexTerminalIdentifier' DESC 'RFC22 56: Teletex Terminal
Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) olcAttributeTypes:
{19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE SC
'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX
1.3.6.1.4.1.1466.115.12 1.1.22 ) olcAttributeTypes: {20}( 2.5.4.24 NAME
'x121Address' DESC 'RFC2256: X.121 Addr ess' EQUALITY
numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.36{15} ) olcAttributeTypes: {21}( 2.5.4.25
NAME 'internationaliSDNNumber' DESC 'RFC2256 : international ISDN
number' EQUALITY numericStringMatch SUBSTR numericString
SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC
'RFC2256: regi stered postal address' SUP postalAddress SYNTAX
1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {23}( 2.5.4.27 NAME
'destinationIndicator' DESC 'RFC2256: d estination indicator' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX
1.3.6.1.4.1.1466.115.121.1.44{128} ) olcAttributeTypes: {24}( 2.5.4.28
NAME 'preferredDeliveryMethod' DESC 'RFC2256 : preferred delivery
method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU E )
olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC
'RFC2256: pr esentation address' EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466 .115.121.1.43 SINGLE-VALUE ) olcAttributeTypes:
{26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC 2256:
supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.
3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: {27}( 2.5.4.31 NAME
'member' DESC 'RFC2256: member of a gro up' SUP distinguishedName )
olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of
the ob ject)' SUP distinguishedName ) olcAttributeTypes: {29}( 2.5.4.33
NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP
distinguishedName ) olcAttributeTypes: {30}( 2.5.4.36 NAME
'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.8 )
olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256:
X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1. 1466.115.121.1.8 ) olcAttributeTypes: {32}(
2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256 : X.509 authority
revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.9 )
olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC
'RFC22 56: X.509 certificate revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.1 15.121.1.9 ) olcAttributeTypes: {34}( 2.5.4.40 NAME
'crossCertificatePair' DESC 'RFC2256: X .509 cross certificate pair,
use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 0 ) olcAttributeTypes:
{35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir st name(s)
for which the entity is known by' SUP name ) olcAttributeTypes: {36}(
2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s ome or all of
names, but not the surname(s).' SUP name ) olcAttributeTypes: {37}(
2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na me qualifier
indicating a generation' SUP name ) olcAttributeTypes: {38}( 2.5.4.45
NAME 'x500UniqueIdentifier' DESC 'RFC2256: X .500 unique identifier'
EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.6 )
olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN
qualifi er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
) olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC
'RFC2256: en hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21
) olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC
'RFC2256: pr otocol information' EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466 .115.121.1.42 ) olcAttributeTypes: {42}(
2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me mber of a group'
EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .34 )
olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256:
house identifier' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
) olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC
'RFC2256: su pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC
'RFC2256: de lta revocation list; use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.9 ) olcAttributeTypes: {46}( 2.5.4.54 NAME
'dmdName' DESC 'RFC2256: name of DMD' S UP name ) olcAttributeTypes:
{47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the
object' SUP name ) olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbo x' ) DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match SUBSTR ca seIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {49}( 0.9.234
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={0}core>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={0}core>,
<cn={0}core>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={0}core) ->
0x7ff49ab19758
Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif"
Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={1}cosine
objectClass: olcSchemaConfig cn: {1}cosine olcAttributeTypes: {0}(
0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.15{256} ) olcAttributeTypes: {1}(
0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g eneral
information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) olcAttributeTypes: {2}(
0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri nk' ) DESC
'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC
'RFC1 274: room number' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC
'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000}
) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass'
DESC 'RFC12 74: category of user' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC
'RFC1274: h ost computer' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC
'RFC127 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115 .121.1.12 ) olcAttributeTypes: {8}(
0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D ESC 'RFC1274:
unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC ' RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME
'documentVersion' DES C 'RFC1274: version of document' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {11}(
0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of
author of document' EQUALITY distinguishedNameMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {12}(
0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE SC 'RFC1274:
location of document original' EQUALITY caseIgnoreMatch SUBSTR c
aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone'
'homeTe lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY
telephoneNumb erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121 .1.50 ) olcAttributeTypes: {14}(
0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 1274: DN of
secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.12 ) olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22
NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME
'associatedName' DESC 'RFC1274: DN of entry associated with domain'
EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME
'homePostalAddress' D ESC 'RFC1274: home postal address' EQUALITY
caseIgnoreListMatch SUBSTR caseIg noreListSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {24}(
0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274:
personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes:
{25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY
telephoneNum berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.12 1.1.50 ) olcAttributeTypes: {26}(
0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep honeNumber' )
DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber Match
SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.50 ) olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co'
'friendlyCount ryName' ) DESC 'RFC1274: friendly country name' EQUALITY
caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {28}(
0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE SC 'RFC1274:
unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
66.115.121.1.15{256} ) olcAttributeTypes: {29}(
0.9.2342.19200300.100.1.45 NAME 'organizationalStatus ' DESC 'RFC1274:
organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC ' RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
) olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME
'mailPreferenceOption ' DESC 'RFC1274: mail preference option' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 ) olcAttributeTypes: {32}(
0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' RFC1274: name of
building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {33}(
0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF C1274: DSA
Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME
'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.13 SIN GLE-VALUE ) olcAttributeTypes: {35}(
0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit y' DESC 'RFC1274:
Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13
SINGLE-VALUE ) olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME
'subtreeMaximumQualit y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) olcAttributeTypes: {37}(
0.9.2342.19200300.100.1.53 NAME 'personalSignature' D ESC 'RFC1274:
Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 23 )
olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
DESC 'R FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466 .115.121.1.12 ) olcAttributeTypes: {39}(
0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 : audio (u-law)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) olcAttributeTypes: {40}(
0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D ESC 'RFC1274:
publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson'
'newPilo tPerson' ) SUP person STRUCTURAL MAY ( userid $
textEncodedORAddress $ rfc822 Mailbox $ favouriteDrink $ roomNumber $
userClass $ homeTelephoneNumber $ hom ePostalAddress $ secretary $
personalTitle $ preferredDeliveryMethod $ busine ssCategory $
janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep hone
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={1}cosine>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<cn={1}cosine>, <cn={1}cosine>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={1}cosine) ->
0x7ff49ab19758
Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif"
Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn:
cn={2}inetorgperson objectClass: olcSchemaConfig cn: {2}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC
'RFC279 8: vehicle license or registration plate' EQUALITY
caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}(
2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' RFC2798:
identifies a department within an organization' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}(
2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 2798: preferred
name to be used when displaying entries' EQUALITY caseIgnoreM atch
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SI NGLE-VALUE ) olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME
'employeeNumber' DESC 'RF C2798: numerically identifies an employee
within an organization' EQUALITY ca seIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15
SINGLE-VALUE ) olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME
'employeeType' DESC 'RFC2 798: type of employment for a person'
EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}(
0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 798: a JPEG
image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) olcAttributeTypes: {6}(
2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798:
preferred written or spoken language for a person' EQUALITY caseIg
noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) olcAttributeTypes: {7}(
2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D ESC 'RFC2798:
PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
66.115.121.1.5 ) olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME
'userPKCS12' DESC 'RFC2 798: personal identity information, a PKCS #12
PFX' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.5 ) olcObjectClasses: {0}(
2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 798: Internet
Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio
$ businessCategory $ carLicense $ departmentNumber $ displayName $ em
ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress
$ ini tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $
pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ pre ferredLanguage $ userSMIMECertificate $
userPKCS12 ) ) structuralObjectClass: olcSchemaConfig entryUUID:
1a06766c-8ade-102f-8d05-5da984889200 creatorsName: cn=config
createTimestamp: 20101122234350Z entryCSN:
20101122234350.440473Z#000000#000#000000 modifiersName: cn=config
modifyTimestamp: 20101122234350Z "
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<cn={2}inetorgperson>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<cn={2}inetorgperson>, <cn={2}inetorgperson>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={2}inetorgperson)
-> 0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn:
cn={3}rfc2307bis objectClass: olcSchemaConfig cn: {3}rfc2307bis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS
field; th e common name' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME
'homeDirectory' DESC 'The absolut e path to the home directory'
EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26
SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell'
DESC 'The path to th e login shell' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE ) olcAttributeTypes: {3}(
1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ erMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}(
1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}(
1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}(
1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM atch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}(
1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}(
1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM atch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}(
1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat ch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}(
1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI A5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {11}(
1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca seExactIA5Match
SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.26 ) olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME
'nisNetgroupTriple' DESC 'Netgr oup triple' EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}(
1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service p ort number'
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE
-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME
'ipServiceProtocol' DESC 'Servi ce protocol name' SUP name )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC
'IP pro tocol number' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE ) olcAttributeTypes: {16}(
1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC nu mber' EQUALITY
integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4
addre sses as a dotted decimal omitting leading zeros or IPv6
addresses as de fined in RFC2373' SUP name ) olcAttributeTypes: {18}(
1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw ork as a dotted
decimal, eg. 192.168, omitting leading zeros' SUP name
SINGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME
'ipNetmaskNumber' DESC 'IP netm ask as a dotted decimal, eg.
255.255.255.0, omitting leading zeros' EQU ALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC
address in maximal, colon separated hex notation, eg.
00:00:92:90:ee:e2' EQUALI TY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}(
1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp aramd parameter'
EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot
image nam e' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {23}(
1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a A generic NIS map'
SUP name ) olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
DESC 'A generic N IS entry' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE ) olcAttributeTypes: {25}( 1.3.6.1.1.1.1.28 NAME
'nisPublicKey' DESC 'NIS public key' EQUALITY octetStringMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE ) olcAttributeTypes: {26}(
1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret key' EQUALITY
octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE )
olcAttributeTypes: {27}( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS
domain' E QUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {28}( 1.3.6.1.1.1.1.31
NAME 'automountMapName' DESC 'automo unt Map Name' EQUALITY
caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch S YNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {29}(
1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key value'
EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT AX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {30}(
1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Au tomount
information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top
AUXILIARY D ESC 'Abstraction of an account with POSIX attributes' MUST
( cn $ uid $ uidNu mber $ gidNumber $ homeDirectory ) MAY (
userPassword $ loginShell $ gecos $ description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top
AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid
MAY ( userPassword $ description $ shadowLastChange $ shadowMin
$ shadowMax $ shado wWarning $ shadowInactive $
shadowExpire $ shadowFlag ) ) olcObjectClasses: {2}( 1.3.6.1.1.1.2.2
NAME 'posixGroup' SUP top AUXILIARY DES C 'Abstraction of a group of
accounts' MUST gidNumber MAY ( userPassword $ me mberUid $
description ) ) olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService'
SUP top STRUCTURAL DES C 'Abstraction an Internet Protocol
service. Maps an IP port and protoc ol (such as tcp or udp)
to one or more names; the distinguished value o f the cn
attribute denotes the services canonical name' MUST ( cn $
ipServicePort $ ipServiceProtocol ) MAY description ) olcObjectClasses:
{4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL DE SC
'Abstraction of an IP protocol. Maps a protocol number to one or
mor e names. The distinguished value of the cn attribute denotes
the protoc ols canonical name' MUST ( cn $ ipProtocolNumber ) MAY
description ) olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP
top STRUCTURAL DESC ' Abstraction of an Open Network Computing
(ONC) [RFC1057] Remote Procedur e Call (RPC) binding. This
class maps an ONC RPC number to a name. The distinguished value
of the cn attribute denotes the RPC services can onical name' MUST
( cn $ oncRpcNumber ) MAY description ) olcObjectClasses: {6}(
1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY DESC 'A bstraction of a
host, an IP device. The distinguished value of the cn a ttribute
denotes the hosts canonical name. Device SHOULD be used as a s
tructural class' MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $
descript ion $ manager ) ) olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME
'ipNetwork' SUP top STRUCTURAL DES C 'Abstraction of a network. The
distinguished value of the cn attribut e denotes the networks
canonical name' MUST ipNetworkNumber MAY ( cn $ ipNetm askNumber $ l $
description $ manager ) ) olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME
'nisNetgroup' SUP top STRUCTURAL D ESC 'Abstraction of a netgroup. May
refer to other netgroups' MUST cn MAY ( n isNetgroupTriple $
memberNisNetgroup $ description ) ) olcObjectClasses: {9}(
1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL DESC ' A generic
abstraction of a NIS map' MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top
STRUCTURAL D ESC 'An entry in a NIS map' MUST ( cn $ nisMapE
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<cn={3}rfc2307bis>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<cn={3}rfc2307bis>, <cn={3}rfc2307bis>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={3}rfc2307bis) ->
0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema/cn={4}yast.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={4}yast
objectClass: olcSchemaConfig cn: {4}yast olcObjectIdentifier: {0}SUSE
1.3.6.1.4.1.7057 olcObjectIdentifier: {1}SUSE.YaST SUSE:10.1
olcObjectIdentifier: {2}SUSE.YaST.ModuleConfig SUSE:10.1.2
olcObjectIdentifier: {3}SUSE.YaST.ModuleConfig.OC
SUSE.YaST.ModuleConfig:1 olcObjectIdentifier:
{4}SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2
olcAttributeTypes: {0}( SUSE.YaST.ModuleConfig.Attr:2 NAME (
'suseDefaultBase' ) DESC 'Base DN where new Objects should be created
by default' EQUALITY dis tinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes:
{1}( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId ' ) DESC
'Next unused unique ID, can be used to generate directory wide uniqe
IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX
1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {2}(
SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' ) DESC 'lower
Border for Unique IDs' EQUALITY integerMatch ORDERING integerO
rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( SUSE.YaST.ModuleConfig.Attr:5 NAME (
'suseMaxUniqueId' ) DESC 'upper Border for Unique IDs' EQUALITY
integerMatch ORDERING integerO rderingMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}(
SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTempl ate' ) DESC 'The
DN of a template that should be used by default' EQUALITY di
stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE ) olcAttributeTypes: {5}( SUSE.YaST.ModuleConfig.Attr:7
NAME ( 'suseSearchFilter ' ) DESC 'Search filter to localize Objects'
SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE )
olcAttributeTypes: {6}( SUSE.YaST.ModuleConfig.Attr:11 NAME (
'suseDefaultValu e' ) DESC 'an Attribute-Value-Assertions to define
defaults for specific Attr ibutes' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {7}(
SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttri bute' ) DESC
'AttributeType that should be used as the RDN' EQUALITY caseIgno
reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {8}( SUSE.YaST.ModuleConfig.Attr:15 NAME (
'suseSecondaryGr oup' ) DESC 'seconday group DN' EQUALITY
distinguishedNameMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {9}( SUSE.YaST.ModuleConfig.Attr:16 NAME (
'suseMinPassword Length' ) DESC 'minimum Password length for new users'
EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE ) olcAttributeTypes: {10}(
SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswor dLength' ) DESC
'maximum Password length for new users' EQUALITY integerMatch ORDERING
integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA LUE
) olcAttributeTypes: {11}( SUSE.YaST.ModuleConfig.Attr:18 NAME (
'susePasswordHa sh' ) DESC 'Hash method to use for new users' EQUALITY
caseIgnoreIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE ) olcAttributeTypes: {12}( SUSE.YaST.ModuleConfig.Attr:19
NAME ( 'suseSkelDir' ) DESC '' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}(
SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' ) DESC 'plugin to
use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTA X
1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {14}(
SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribu te' ) DESC ''
EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {15}( SUSE.YaST.ModuleConfig.Attr:22 NAME (
'suseImapServer ' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes:
{16}( SUSE.YaST.ModuleConfig.Attr:23 NAME ( 'suseImapAdmin' ) DESC ''
EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE ) olcAttributeTypes: {17}( SUSE.YaST.ModuleConfig.Attr:24
NAME ( 'suseImapDefaul tQuota' ) DESC '' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes:
{18}( SUSE.YaST.ModuleConfig.Attr:25 NAME ( 'suseImapUseSsl ' ) DESC
'' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.7 SINGLE-VALUE ) olcObjectClasses: {0}(
SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfigurati on' SUP
top STRUCTURAL DESC 'Contains configuration of Management Modu les'
MUST ( cn ) MAY ( suseDefaultBase )) olcObjectClasses: {1}(
SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfiguration ' SUP
suseModuleConfiguration STRUCTURAL DESC 'Configuration of user m
anagement tools' MAY ( suseMinPasswordLength $ suseMaxPasswordLength
$ susePasswordHash $ suseSkelDir $ suseNextUniqueId $
suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $
suseSearchFilter $ suseMapAttribute )) olcObjectClasses:
{2}( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate' SUP
top STRUCTURAL DESC 'Base Class for Object-Templates' MUST ( cn ) M AY
( susePlugin $ suseDefaultValue $ suseNamingAttribute ))
olcObjectClasses: {3}( SUSE.YaST.ModuleConfig.OC:5 NAME
'suseUserTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'User
object template' MUST ( cn ) MAY ( suseSecondaryGroup ))
olcObjectClasses: {4}( SUSE.YaST.ModuleConfig.OC:6 NAME
'suseGroupTemplate' SUP suseObjectTemplate STRUCTURAL DESC
'Group object template' MUST ( cn )) olcObjectClasses: {5}(
SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfiguratio n' SUP
suseModuleConfiguration STRUCTURAL DESC 'Configuration of user
management tools' MAY ( suseNextUniqueId $ suseMinUniqueId $
suseMaxUni queId $ suseDefaultTemplate $ suseSearchFilter
$ suseMapAttribut e )) olcObjectClasses: {6}(
SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration' SUP
suseModuleConfiguration STRUCTURAL DESC 'Configuration of CA manage
ment tools') olcObjectClasses: {7}( SUSE.YaST.ModuleConfig.OC:9 NAME
'suseDnsConfiguration' SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of mail se rver management tools')
olcObjectClasses: {8}( SUSE.YaST.ModuleConfig.OC:10 NAME
'suseDhcpConfiguratio n' SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of DHCP server management tools')
olcObjectClasses: {9}( SUSE.YaST.ModuleConfig.OC:11 NAME
'suseMailConfiguratio n' SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of IMAP user management tools' MUST (
suseImapServer $ suseImapAdmin $ suseImap DefaultQuota $
suseImapUseSsl )) structuralObjectClass: olcSchemaConfig entryUUID:
1a06ad4e-8ade-102f-8d07-5da984889200 creatorsName: cn=config
createTimestamp: 20101122234350Z entryCSN:
20101122234350.441878Z#000000#000#000000 modifiersName: cn=config
modifyTimestamp: 20101122234350Z "
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={4}yast>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={4}yast>,
<cn={4}yast>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={4}yast) ->
0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema/cn={5}kerberos.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={5}kerberos
objectClass: olcSchemaConfig cn: {5}kerberos olcAttributeTypes::
ezB9KCAyLjE2Ljg0MC4xLjExMzcxOS4xLjMwMS40LjEuMSAgICAgICAgIC
AgICAgIE5BTUUgJ2tyYlByaW5jaXBhbE5hbWUnICAgICAgICAgICAgICAgRVFVQUxJVFkgY2FzZUV
4YWN0SUE1TWF0Y2ggCVNVQlNUUiBjYXNlRXhhY3RTdWJzdHJpbmdzTWF0Y2ggICAgICAgICAgICAg
ICBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYp olcAttributeTypes:
{1}( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanoni
calName' EQUALITY caseExactIA5Match SUBSTR
caseEx actSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
olcAttributeTypes: {2}( 2.16.840.1.113719.1.301.4.3.1 NAME
'krbP rincipalType' EQUALITY integerMatch
SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {3}( 2.16.840.1.113719.1.301.4.5.1 NAME
'krbU PEnabled' DESC 'Boolean' SYNTAX
1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE)
olcAttributeTypes: {4}( 2.16.840.1.113719.1.301.4.6.1 NAME
'krbP rincipalExpiration' EQUALITY
generalizedTimeMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE)
olcAttributeTypes: {5}( 2.16.840.1.113719.1.301.4.8.1 NAME
'krbT icketFlags' EQUALITY integerMatch
SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {6}( 2.16.840.1.113719.1.301.4.9.1 NAME
'krbM axTicketLife' EQUALITY integerMatch
SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {7}( 2.16.840.1.113719.1.301.4.10.1
NAME 'krb MaxRenewableAge' EQUALITY
integerMatch SYNTAX 1.3
.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {8}( 2.16.840.1.113719.1.301.4.14.1
NAME 'krb RealmReferences' EQUALITY
distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {9}(
2.16.840.1.113719.1.301.4.15.1 NAME 'krb
LdapServers' EQUALITY caseIgnoreMatch SYNTAX
1.3. 6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {10}(
2.16.840.1.113719.1.301.4.17.1 NAME 'kr
bKdcServers' EQUALITY distinguishedNameMatch
SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {11}(
2.16.840.1.113719.1.301.4.18.1 NAME 'kr
bPwdServers' EQUALITY distinguishedNameMatch
SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {12}(
2.16.840.1.113719.1.301.4.24.1 NAME 'kr
bHostServer' EQUALITY caseExactIA5Match
SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {13}(
2.16.840.1.113719.1.301.4.25.1 NAME 'kr
bSearchScope' EQUALITY integerMatch SYNTAX
1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {14}( 2.16.840.1.113719.1.301.4.26.1
NAME 'kr bPrincipalReferences' EQUALITY
distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {15}(
2.16.840.1.113719.1.301.4.28.1 NAME 'kr
bPrincNamingAttr' EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
olcAttributeTypes: {16}( 2.16.840.1.113719.1.301.4.29.1
NAME 'kr bAdmServers' EQUALITY
distinguishedNameMatch SYNT AX
1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {17}(
2.16.840.1.113719.1.301.4.30.1 NAME 'kr
bMaxPwdLife' EQUALITY integerMatch SYNTAX
1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {18}( 2.16.840.1.113719.1.301.4.31.1
NAME 'kr bMinPwdLife' EQUALITY integerMatch
SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {19}( 2.16.840.1.113719.1.301.4.32.1
NAME 'kr bPwdMinDiffChars' EQUALITY
integerMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {20}( 2.16.840.1.113719.1.301.4.33.1
NAME 'kr bPwdMinLength' EQUALITY
integerMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {21}( 2.16.840.1.113719.1.301.4.34.1
NAME 'kr bPwdHistoryLength' EQUALITY
integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {22}( 1.3.6.1.4.1.5322.21.2.1 NAME
'krbPwdMax Failure' EQUALITY integerMatch
SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {23}( 1.3.6.1.4.1.5322.21.2.2 NAME
'krbPwdFai lureCountInterval' EQUALITY
integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
olcAttributeTypes: {24}( 1.3.6.1.4.1.5322.21.2.3 NAME
'krbPwdLoc koutDuration' EQUALITY
integerMatch SYNTAX 1.3.6
.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes:
{25}( 2.16.840.1.113719.1.301.4.36.1 NAME 'kr
bPwdPolicyReference' EQUALITY
distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
olcAttributeTypes: {26}( 2.16.840.1.113719.1.301.4.37.1
NAME 'kr bPasswordExpiration' EQUALITY
generalizedTimeMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE)
olcAttributeTypes: {27}( 2.16.840.1.113719.1.301.4.39.1
NAME 'kr bPrincipalKey' EQUALITY
octetStringMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.40)
olcAttributeTypes: {28}( 2.16.840.1.113719.1.301.4.40.1
NAME 'kr bTicketPolicyReference' EQUALITY
distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
olcAttributeTypes: {29}( 2.16.840.1.113719.1.301.4.41.1
NAME 'kr bSubTrees' EQUALITY
distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {30}(
2.16.840.1.113719.1.301.4.42.1 NAME 'kr
bDefaultEncSaltTypes' EQUALITY
caseIgnoreMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15)
olcAttributeTypes: {31}( 2.16.840.1.113719.1.301.4.43.1
NAME 'kr bSupportedEncSaltTypes' EQUALITY
caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
olcAttributeTypes: {32}( 2.16.840.1.113719.1.301.4.44.1
NAME 'kr bPwdHistory' EQUALITY
octetStringMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.40)
olcAttributeTypes: {33}( 2.16.840.1.113719.1.301.4.45.1
NAME 'kr bLastPwdChange' EQUALITY
generalizedTimeMatch SYN TAX
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE)
olcAttributeTypes: {34}( 2.16.840.1.113719.1.301.4.46.1
NAME 'kr bMKey' EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4 .1.1466.115.121.1.40) olcAttributeTypes: {35}(
2.16.840.1.113719.1.301.4.47.1 NAME 'kr
bPrincipalAliases' EQUALITY
caseExactIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26)
olcAttributeTypes: {36}( 2.16.840.1.113719.1.301.4.48.1
NAME 'kr bLastSuccessfulAuth' EQUALITY
generalizedTimeMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE)
olcAttributeTypes: {37}( 2.16.840.1.113719.1.301.4.49.1
NAME 'kr bLastFailedAuth' EQUALITY
generalizedTimeMatch SY NTAX
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE)
olcAttributeTypes: {38}( 2.16.840.1.113719.1.301.4.50.1
NAME 'kr bLo
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={5}kerberos>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<cn={5}kerberos>, <cn={5}kerberos>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={5}kerberos) ->
0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/cn=schema/cn={6}uidnext.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={6}uidnext
objectClass: olcSchemaConfig cn: {6}uidnext olcObjectClasses: {0}(
1.1.2.2.1.30 NAME 'uidnext' SUP top STRUCTURAL MUST ( cn $
uidNumber )) structuralObjectClass: olcSchemaConfig entryUUID:
189d1db6-8adf-102f-87a7-a13f60af0032 creatorsName: cn=config
createTimestamp: 20101122235057Z entryCSN:
20101122235057.569075Z#000000#000#000000 modifiersName: cn=config
modifyTimestamp: 20101122235057Z "
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={6}uidnext>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<cn={6}uidnext>, <cn={6}uidnext>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={6}uidnext) ->
0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn:
olcDatabase={-1}frontend objectClass: olcDatabaseConfig olcDatabase:
{-1}frontend olcAccess: {0}to dn.base="" by * read olcAccess: {1}to
dn.base="cn=Subschema" by * read structuralObjectClass:
olcDatabaseConfig entryUUID: 1a06c66c-8ade-102f-8d08-5da984889200
creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN:
20101122234350.442520Z#000000#000#000000 modifiersName: cn=config
modifyTimestamp: 20101122234350Z "
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<olcDatabase={-1}frontend>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<olcDatabase={-1}frontend>, <olcDatabase={-1}frontend>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <=
str2entry(olcDatabase={-1}frontend) -> 0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema>
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn:
olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase:
{0}config olcAccess: {0}to * by
dn.base="uid=syncrepl,ou=system,dc=ls,dc=cbn" read by * break
olcLimits: {0}dn.exact="uid=syncrepl,ou=system,dc=ls,dc=cbn"
size.soft=unlimit ed olcRootDN: cn=config olcRootPW::
e1NTSEF9K3hqNDB5T2U1ZGtyTU45aWVrMGhpSlFMMFVGUlFVNWFXZz09 olcSecurity:
simple_bind=128 ssf=71 olcSyncrepl: {0}rid=1
provider="ldap://mgaauth1.ni.ls.cbn/" searchbase="cn=con fig"
type="refreshAndPersist" retry="120 +" starttls=critical
tls_reqcert=dem and bindmethod="simple"
binddn="uid=syncrepl,ou=system,dc=ls,dc=cbn" credenti
als="I9BpLVmLdOaL" olcUpdateRef: ldap://mgaauth1.ni.ls.cbn/
structuralObjectClass: olcDatabaseConfig entryUUID:
1a06cd10-8ade-102f-8d09-5da984889200 creatorsName: cn=config
createTimestamp: 20101122234350Z entryCSN:
20101122234350.442690Z#000000#000#000000 modifiersName: cn=config
modifyTimestamp: 20101122234350Z "
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<olcDatabase={0}config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<olcDatabase={0}config>, <olcDatabase={0}config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <=
str2entry(olcDatabase={0}config) -> 0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=config>,
<cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=config>,
<cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn:
olcOverlay={0}syncprov objectClass: olcSyncProvConfig olcOverlay:
{0}syncprov olcSpCheckpoint: 100 10 structuralObjectClass:
olcSyncProvConfig entryUUID: 1a06d9fe-8ade-102f-8d0a-5da984889200
creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN:
20101122234350.443021Z#000000#000#000000 modifiersName: cn=config
modifyTimestamp: 20101122234350Z "
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<olcOverlay={0}syncprov>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<olcOverlay={0}syncprov>, <olcOverlay={0}syncprov>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <=
str2entry(olcOverlay={0}syncprov) -> 0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file:
"/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif"
Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn:
olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass:
olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ls,dc=cbn olcAccess: {0}to attrs=userPassword by self
write by * auth olcAccess: {1}to attrs=shadowLastChange by self write by
* read olcAccess: {2}to attrs=userPKCS12 by self read by * none
olcAccess: {3}to * by * read olcRootDN: cn=admin,dc=ls,dc=cbn
olcRootPW:: e1NTSEF9TkJSVVEyR0FGMlNQN1dsbFh3eS9GK2t5MFBST1UxaEpWQT09
olcUpdateRef: ldap://anubis.ls.cbn/ olcDbCacheSize: 10000
olcDbCheckpoint: 1024 5 olcDbConfig: {0}set_cachesize 0 15000000 1
olcDbConfig: {1}set_lg_regionmax 262144 olcDbConfig: {2}set_lg_bsize
2097152 olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE olcDbIDLcacheSize:
30000 olcDbIndex: objectclass eq olcDbIndex: uidNumber eq olcDbIndex:
gidNumber eq olcDbIndex: member eq olcDbIndex: memberUid eq olcDbIndex:
mail eq olcDbIndex: cn eq,sub olcDbIndex: displayName eq,sub olcDbIndex:
uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: givenName eq,sub
olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq structuralObjectClass:
olcHdbConfig entryUUID: 65b86196-8adf-102f-87a8-a13f60af0032
creatorsName: cn=config createTimestamp: 20101122235306Z olcSyncrepl:
{0}rid=2 provider="ldap://anubis.ls.cbn/" searchbase="dc=ls,dc=cb n"
type="refreshOnly" retry="120 +" interval="00:00:01:00"
starttls=critical tls_reqcert=demand bindmethod="simple"
binddn="uid=syncrepl,ou=system,dc=ls,d c=cbn" credentials="lieguYwHee"
entryCSN: 20101123001649.251496Z#000000#000#000000 modifiersName:
cn=config modifyTimestamp: 20101123001649Z "
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<olcDatabase={1}hdb>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<olcDatabase={1}hdb>, <olcDatabase={1}hdb>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize:
<cn=admin,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize:
<cn=admin,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcDatabase={1}hdb)
-> 0x7ff49ab19758
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<dc=ls,dc=cbn>, <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<cn=admin,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: hdb_db_init: Initializing HDB
database
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<dc=ls,dc=cbn>, <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal:
<cn=admin,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal:
<cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize:
<uid=syncrepl,ou=system,dc=ls,dc=cbn>
Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: conn=-1 op=0 p=0
Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: err=0
matched="" text=""
Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema>
Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema>
Nov 22 18:22:53 mgaauth1 slapd[12638]: matching_rule_use_init
Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.804
(integerBitOrMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency
$ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth
$ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $
olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $
olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax
$ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $
olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $
shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $
ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $
suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $
suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $
krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $
krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $
krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $
krbPwdLockoutDuration $ krbLoginFailedCount ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.803
(integerBitAndMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency
$ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth
$ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $
olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $
olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax
$ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $
olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $
shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $
ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $
suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $
suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $
krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $
krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $
krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $
krbPwdLockoutDuration $ krbLoginFailedCount ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.2
(caseIgnoreIA5Match):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer
$ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $
mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox
$ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $
nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $
bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $
automountInformation $ suseNamingAttribute $ susePasswordHash $
suseSkelDir $ krbPrincipalName $ krbCanonicalName $ krbHostServer $
krbPrincipalAliases $ krbAllowedToDelegateTo ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.1
(caseExactIA5Match):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer
$ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $
mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox
$ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $
nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $
bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $
automountInformation $ suseNamingAttribute $ susePasswordHash $
suseSkelDir $ krbPrincipalName $ krbCanonicalName $ krbHostServer $
krbPrincipalAliases $ krbAllowedToDelegateTo ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.39
(certificateListMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.38
(certificateListExactMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.38 NAME
'certificateListExactMatch' APPLIES ( authorityRevocationList $
certificateRevocationList $ deltaRevocationList ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.35 (certificateMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.34
(certificateExactMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.30
(objectIdentifierFirstComponentMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.30 NAME
'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $
supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.29
(integerFirstComponentMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.29 NAME
'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $
uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval
$ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $
olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $
olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $
olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax
$ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $
olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $
shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $
ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $
suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $
suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $
krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $
krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $
krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $
krbPwdLockoutDuration $ krbLoginFailedCount ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.27
(generalizedTimeMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $
pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime
$ krbPrincipalExpiration $ krbPasswordExpiration $ krbLastPwdChange $
krbLastSuccessfulAuth $ krbLastFailedAuth ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.24
(protocolInformationMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.23 (uniqueMemberMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.22
(presentationAddressMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.20
(telephoneNumberMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $
pager ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.17 (octetStringMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey $ pwdHistory $
nisPublicKey $ nisSecretKey $ krbPrincipalKey $ krbPwdHistory $ krbMKey
$ krbExtraData ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.16 (bitStringMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.14 (integerMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $
gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $
olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $
olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $
olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $
olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax
$ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $
olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $
shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $
ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $
suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $
suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $
krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $
krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $
krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $
krbPwdLockoutDuration $ krbLoginFailedCount ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.13 (booleanMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $
olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $
olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $
olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $
olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $
olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs
$ olcDbNoUndefFilter $ olcAccessLogSuccess $ olcDDSstate $
olcMemberOfRefInt $ pwdReset $ olcPPolicyHashCleartext $
olcPPolicyForwardUpdates $ olcPPolicyUseLockout $ olcPcachePersist $
olcPcacheValidate $ olcPcacheOffline $ olcRetcodeInDir $
olcRwmNormalizeMapped $ olcRwmDropUnrequested $ olcSpNoPresent $
olcSpReloadHint $ olcTranslucentStrict $ olcTranslucentNoGlue $
olcTranslucentBindLocal $ olcTranslucentPwModLocal $ olcUniqueStrict $
suseImapUseSsl $ krbUPEnabled ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.11 (caseIgnoreListMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.8 (numericStringMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.7
(caseExactSubstringsMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator
$ dnQualifier ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.6
(caseExactOrderingMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.5 (caseExactMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $
olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $
olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $
olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $
olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $
olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $
olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals
$ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $
olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $
olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $
olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $
olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $
olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $
olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $
olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $
olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $
olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $
olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl
$ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $
olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC
$ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError
$ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $
olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $
olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $
olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $
olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber
$ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $
postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $
givenName $ initials $ generationQualifier $ dnQualifier $
houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $
drink $ roomNumber $ userClass $ host $ documentIdentifier $
documentTitle $ documentVersion $ documentLocation $ personalTitle $ co
$ uniqueIdentifier $ organizationalStatus $ buildingName $
documentPublisher $ carLicense $ departmentNumber $ displayName $
employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $
ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $
suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $
suseImapAdmin $ krbLdapServers $ krbPrincNamingAttr $
krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.4
(caseIgnoreSubstringsMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $
destinationIndicator $ dnQualifier ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.3
(caseIgnoreOrderingMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator
$ dnQualifier ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.2 (caseIgnoreMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $
olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $
olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $
olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $
olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $
olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $
olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals
$ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $
olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $
olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $
olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $
olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $
olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $
olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $
olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $
olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $
olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $
olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl
$ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $
olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC
$ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError
$ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $
olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $
olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $
olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $
olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber
$ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $
postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $
givenName $ initials $ generationQualifier $ dnQualifier $
houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $
drink $ roomNumber $ userClass $ host $ documentIdentifier $
documentTitle $ documentVersion $ documentLocation $ personalTitle $ co
$ uniqueIdentifier $ organizationalStatus $ buildingName $
documentPublisher $ carLicense $ departmentNumber $ displayName $
employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $
ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $
suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $
suseImapAdmin $ krbLdapServers $ krbPrincNamingAttr $
krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.36.79672281.1.13.3
(rdnMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.1
(distinguishedNameMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $
dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $
olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $
olcDbIDAssertAuthcDn $ olcRelay $ olcAccessLogDB $ memberOf $
olcMemberOfDN $ pwdPolicySubentry $ olcPPolicyDefault $ olcRefintNothing
$ olcRefintModifiersName $ olcRetcodeParent $ olcUniqueBase $ member $
owner $ roleOccupant $ manager $ documentAuthor $ secretary $
associatedName $ dITRedirect $ suseDefaultBase $ suseDefaultTemplate $
suseSecondaryGroup $ krbRealmReferences $ krbKdcServers $ krbPwdServers
$ krbPrincipalReferences $ krbAdmServers $ krbPwdPolicyReference $
krbTicketPolicyReference $ krbSubTrees $ krbObjectReferences $
krbPrincContainerRef ) )
Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.0
(objectIdentifierMatch):
Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension
$ supportedFeatures $ supportedApplicationContext ) )
Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd startup: initiated.
Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting
"cn=config"
Nov 22 18:22:53 mgaauth1 slapd[12651]: config_back_db_open
Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: conn=-1 op=0 p=0
Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: err=0
matched="" text=""
Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting
"dc=ls,dc=cbn"
Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: "dc=ls,dc=cbn"
Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: database
"dc=ls,dc=cbn": dbenv_open(/var/lib/ldap).
Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_monitor_db_open: monitoring
disabled; configure monitor database to enable
Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd starting
Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrepl rid=002
Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: ndn: "dc=ls,dc=cbn"
Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: oc: "(null)",
at: "contextCSN"
Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_dn2entry("dc=ls,dc=cbn")
Nov 22 18:22:53 mgaauth1 slapd[12651]: => hdb_dn2id("dc=ls,dc=cbn")
Nov 22 18:22:53 mgaauth1 slapd[12651]: <= hdb_dn2id: got id=0x1
Nov 22 18:22:53 mgaauth1 slapd[12651]: entry_decode: ""
Nov 22 18:22:53 mgaauth1 slapd[12651]: <= entry_decode()
Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_entry_get: rc=0
Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrep2 rid=002
Nov 22 18:22:53 mgaauth1 slapd[12651]: do_syncrep2: rid=002
LDAP_RES_SEARCH_RESULT
Nov 22 18:22:54 mgaauth1 slapd[12651]: slap_listener_activate(7):
Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> slap_listener(ldap://)
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 ACCEPT from
IP=127.0.0.1:33205 (IP=0.0.0.0:389)
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13)
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for
input on id=1000
Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x60, time 1290471774
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 do_bind
Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <>
Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <>
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 BIND dn="" method=128
Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: version=3 dn="" method=128
Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 op=0 p=3
Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0
matched="" text=""
Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=1
tag=97 err=0
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 RESULT tag=97
err=0 text=
Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: v3 anonymous bind
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13)
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for
input on id=1000
Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x63, time 1290471774
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 do_search
Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <>
Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <>
Nov 22 18:22:54 mgaauth1 slapd[12651]: SRCH "" 0 0
Nov 22 18:22:54 mgaauth1 slapd[12651]: 0 0 0
Nov 22 18:22:54 mgaauth1 slapd[12651]: filter: (objectClass=*)
Nov 22 18:22:54 mgaauth1 slapd[12651]: attrs:
Nov 22 18:22:54 mgaauth1 slapd[12651]:
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SRCH base=""
scope=0 deref=0 filter="(objectClass=*)"
Nov 22 18:22:54 mgaauth1 slapd[12651]: => send_search_entry: conn 1000 dn=""
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 ENTRY dn=""
Nov 22 18:22:54 mgaauth1 slapd[12651]: <= send_search_entry: conn 1000 exit.
Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 op=1 p=3
Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0
matched="" text=""
Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=2
tag=101 err=0
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13)
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for
input on id=1000
Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x42, time 1290471774
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 do_unbind
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 UNBIND
Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_close: conn=1000 sd=13
Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 closed
Any idea what could be going on?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
13 years, 11 months
errors when trying to modify olcAttributeTypes
by Alexander 'Leo' Bergolth
Hi!
I'd like to slightly change the attribute definition of olcDbConfig by
modifying olcAttributeTypes in cn=schema,cn=config with openldap-2.4.16.
I tried to apply the modification using two different ways, both
failing with different errors:
1) Delete the old attribute value and adding the new one:
---------------------------------------------------------
$ ldapmodify -xvW -h bach-s49 -D cn=Manager,cn=config -f cn-schema-olcAttributeTypes-add-del.ldif
ldap_initialize( ldap://bach-s49 )
Enter LDAP Password:
delete olcAttributeTypes:
( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
add olcAttributeTypes:
( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String EQUALITY CaseExactIA5Match X-ORDERED 'VALUES' )
modifying entry "cn=schema,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Duplicate attributeType: ""
Apache DirectoryStudio shows a little bit more info:
#!ERROR [LDAP: error code 80 - olcAttributeTypes: Duplicate attributeType: "?? 6.1.4.1.4203.1.12.2.3.2.1.3"]
dn: cn=schema,cn=config
changetype: modify
add: olcAttributeTypes
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF
IG configuration directives' EQUALITY caseExactIA5Match SYNTAX OMsIA5String X
-ORDERED 'VALUES' )
-
delete: olcAttributeTypes
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF
IG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
-
2) Replace all olcAttributeTypes-attributes:
--------------------------------------------
$ ldapmodify -xvW -h bach-s49 -D cn=Manager,cn=config -f cn-schema-olcAttributeTypes-repl.ldif
ldap_initialize( ldap://bach-s49 )
Enter LDAP Password:
replace olcAttributeTypes:
( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: structural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change sequence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syncrepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the largest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4512: features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'monitor context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'config context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administrative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE directoryOperation )
( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtree specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE directoryOperation )
( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT structure rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation )
( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL entry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RFC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common name(s) for which the entity is known by' SUP name )
( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related object' SUP distinguishedName )
( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control List' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check ACLs against content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )
( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )
( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX OMsDN SINGLE-VALUE )
( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI )
( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )
( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI SINGLE-VALUE )
( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' )
( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY distinguishedNameMatch SYNTAX OMsDN )
( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX OMsDirectoryString )
( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI EQUALITY caseIgnoreMatch )
( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'monitored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monitor managed info' SUP name )
( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'monitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAddress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAddress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'name of overlays defined for a given database' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/write status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DESC 'name of restricted operation for a given database' SUP managedInfo )
( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtocol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsReceived' DESC 'monitor number of operations received by the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExecuting' DESC 'monitor number of operations in execution within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPending' DESC 'monitor number of pending operations within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCompleted' DESC 'monitor number of operations completed within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' DESC 'number of times connection_get() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' DESC 'number of times connection_read() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' DESC 'number of times connection_write() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListener' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDomain' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartTime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivityTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC 'TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' DESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number of extra entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry cache size in entries' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database checkpoint interval in kbytes and minutes' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable database checksum validation' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname of file containing the DB encryption key' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB encryption key' SYNTAX OMsOctetString SINGLE-VALUE )
( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable synchronous database writes' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN cache size' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL cache size in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute index parameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index attributes one at a time' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock detection algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix permissions of database files' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth of search stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for shared memory region' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgOvAt:3.2 NAME 'olcChainCacheURI' DESC 'Enables caching of URIs not present in configuration' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgOvAt:3.3 NAME 'olcChainMaxReferralDepth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgOvAt:3.4 NAME 'olcChainReturnError' DESC 'Errors are returned instead of the original referral' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:0.14 NAME 'olcDbURI' DESC 'URI (list) for remote DSA' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.1 NAME 'olcDbStartTLS' DESC 'StartTLS' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.2 NAME 'olcDbACLAuthcDn' DESC 'Remote ACL administrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:3.3 NAME 'olcDbACLPasswd' DESC 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.4 NAME 'olcDbACLBind' DESC 'Remote ACL administrative identity auth bind configuration' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.5 NAME 'olcDbIDAssertAuthcDn' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:3.6 NAME 'olcDbIDAssertPasswd' DESC 'Remote Identity Assertion administrative identity credentials' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.7 NAME 'olcDbIDAssertBind' DESC 'Remote Identity Assertion administrative identity auth bind configuration' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.8 NAME 'olcDbIDAssertMode' DESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.9 NAME 'olcDbIDAssertAuthzFrom' DESC 'Remote Identity Assertion authz rules' SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgDbAt:3.10 NAME 'olcDbRebindAsUser' DESC 'Rebind as user' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.11 NAME 'olcDbChaseReferrals' DESC 'Chase referrals' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.12 NAME 'olcDbTFSupport' DESC 'Absolute filters support' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.13 NAME 'olcDbProxyWhoAmI' DESC 'Proxy whoAmI exop' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.14 NAME 'olcDbTimeout' DESC 'Per-operation timeouts' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.15 NAME 'olcDbIdleTimeout' DESC 'connection idle timeout' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.16 NAME 'olcDbConnTtl' DESC 'connection ttl' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.17 NAME 'olcDbNetworkTimeout' DESC 'connection network timeout' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.18 NAME 'olcDbProtocolVersion' DESC 'protocol version' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:3.19 NAME 'olcDbSingleConn' DESC 'cache a single connection per identity' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.20 NAME 'olcDbCancel' DESC 'abandon/ignore/exop operations when appropriate' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.21 NAME 'olcDbQuarantine' DESC 'Quarantine database if connection fails and retry according to rule' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.22 NAME 'olcDbUseTemporaryConn' DESC 'Use temporary connections if the cached one is busy' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.23 NAME 'olcDbConnectionPoolMax' DESC 'Max size of privileged connections pool' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:3.25 NAME 'olcDbNoRefs' DESC 'Do not return search reference responses' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.26 NAME 'olcDbNoUndefFilter' DESC 'Do not propagate undefined search filters' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:5.1 NAME 'olcRelay' DESC 'Relay DN' SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:7.1 NAME 'olcDbSocketPath' DESC 'Pathname for Unix domain socket' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:7.2 NAME 'olcDbSocketExtensions' DESC 'binddn, peername, or ssf' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( olmBDBAttributes:1 NAME 'olmBDBEntryCache' DESC 'Number of items in Entry Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( olmBDBAttributes:2 NAME 'olmBDBDNCache' DESC 'Number of items in DN Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( olmBDBAttributes:3 NAME 'olmBDBIDLCache' DESC 'Number of items in IDL Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( olmBDBAttributes:4 NAME 'olmDbDirectory' DESC 'Path name of the directory where the database environment resides' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
modifying entry "cn=schema,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
The corresponding ldif-files and the original cn=schema,cn=config entry
can be found at http://leo.kloburg.at/tmp/openldap-olcattributetypes/
Any hints?
Thanks,
--leo
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
15 years, 2 months