openldap.org
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
List overview
openldap-technical
search results
for query "starttls"
openldap-technical@openldap.org
800 messages
sort by score
sort by latest first
sort by earliest first
Fwd: CSN too old, ignoring - and therefore not syncing
by Gavin Henry
---------- Forwarded message ---------- From: Pat Riehecky <prieheck(a)iwu.edu> Date: Tue, 23 Dec 2008 12:34:33 -0600 Subject: Re: CSN too old, ignoring - and therefore not syncing To: Gavin Henry <gavin.henry(a)gmail.com> On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: > Where did you read that those were needed anyway? If it was the admin > guide then I need to fix it ;-) > > Gavin. I have no idea where I found those at... I know it wasn't the (recent) admin guide. It may have been from around the 2.4.8 release, but that is long gone... Pat > > On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: > >> Try dropping nopresent and reloadhint relating to ITS5669. You only > >> need these two syncprov settings on an accesslog db. > >> > >> Gavin. > > > > Thanks, that did the job! > > > > Pat > > > >> > >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: > >> >> Can you post your config somewhere? > >> > > >> > > >> > allow bind_v2 > >> > > >> > include /etc/ldap/schema/core.schema > >> > include /etc/ldap/schema/cosine.schema > >> > include /etc/ldap/schema/nis.schema > >> > include /etc/ldap/schema/inetorgperson.schema > >> > include /etc/ldap/schema/samba.schema > >> > include /etc/ldap/schema/eduperson-200412.schema > >> > include /etc/ldap/schema/hdb.schema > >> > include /etc/ldap/schema/IWU.schema > >> > > >> > pidfile /var/run/slapd/slapd.pid > >> > argsfile /var/run/slapd/slapd.args > >> > > >> > modulepath /usr/lib/ldap > >> > moduleload back_hdb > >> > moduleload back_monitor > >> > moduleload memberof > >> > moduleload syncprov > >> > moduleload smbk5pwd > >> > > >> > tool-threads 2 > >> > sizelimit 500 > >> > idletimeout 7200 > >> > > >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt > >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt > >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key > >> > TLSVerifyClient allow > >> > > >> > localSSF 160 > >> > security ssf=1 update_ssf=128 simple_bind=112 > >> > sasl-secprops noanonymous > >> > > >> > access to dn.base="" by * read > >> > access to dn.base="cn=Subschema" by * read > >> > > >> > backend hdb > >> > database hdb > >> > > >> > overlay memberof > >> > overlay smbk5pwd > >> > overlay syncprov > >> > > >> > smbk5pwd-enable samba > >> > smbk5pwd-enable krb5 > >> > smbk5pwd-must-change 0 > >> > > >> > syncprov-checkpoint 100 10 > >> > syncprov-sessionlog 200 > >> > syncprov-nopresent TRUE > >> > syncprov-reloadhint TRUE > >> > > >> > suffix "dc=iwu,dc=edu" > >> > > >> > rootdn "cn=admin,dc=iwu,dc=edu" > >> > rootpw {redacted} > >> > > >> > authz-regexp "uidNumber=0\\\ > >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" > >> > "cn=ldapi,dc=iwu,dc=edu" > >> > authz-regexp "gidNumber=.*\\\ > >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" > >> > "cn=ldapi,dc=iwu,dc=edu" > >> > > >> > authz-regexp "uid=(.+),cn=.+,cn=auth" "uid=$1,ou=People,dc=iwu,dc=edu" > >> > > >> > directory "/var/lib/ldap/" > >> > > >> > dbconfig set_cachesize 0 62914560 0 > >> > dbconfig set_lk_max_objects 1500 > >> > dbconfig set_lk_max_locks 1500 > >> > dbconfig set_lk_max_lockers 1500 > >> > > >> > # Make sure to do a nightly slapcat > >> > dbconfig set_flags DB_LOG_AUTOREMOVE > >> > > >> > index objectClass eq,pres > >> > index default eq,sub,pres > >> > index mail eq,sub,pres > >> > index sn eq,sub,pres > >> > index cn eq,sub,pres > >> > index displayName eq,sub,pres > >> > index gecos eq,sub,pres > >> > index uid eq,sub,pres > >> > index memberUid eq,sub,pres > >> > index uidNumber eq,pres > >> > index gidNumber eq,pres > >> > index entryCSN eq,pres > >> > index entryUUID eq,pres > >> > index uniqueMember eq,pres > >> > index userPassword eq,pres > >> > index krb5PrincipalName eq,pres > >> > index krb5PrincipalRealm eq,pres > >> > index sambaDomainName eq,pres > >> > index sambaSID eq,pres > >> > index sambaPrimaryGroupSID eq,pres > >> > index sambaSIDList eq,pres > >> > > >> > lastmod on > >> > > >> > checkpoint 256 15 > >> > > >> > password-hash {SSHA} > >> > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write > >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write > >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read > >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key > >> > by anonymous auth > >> > by self write > >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write > >> > by users auth > >> > by * break > >> > > >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none > >> > > >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by * > >> > none > >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none > >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none > >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self read > >> > by * none > >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by self > >> > read by * none > >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by * > >> > none > >> > > >> > access to > >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by self > >> > read by * none > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName > >> > by self write > >> > by users read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber > >> > by self read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid > >> > by * none > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength > >> > by self read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" by * read > >> > > >> > serverID 1 > >> > > >> > syncrepl rid=2 > >> >
provider=ldap://ldap2.iwu.edu/
> >> > schemachecking=off > >> > searchbase="dc=iwu,dc=edu" > >> > scope=sub > >> > type=refreshAndPersist > >> > binddn="cn=mirror,dc=iwu,dc=edu" > >> > credentials={redacted} > >> > bindmethod=simple > >> > starttls=yes > >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt > >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key > >> > tls_cacert=/etc/ldap/ssl/IWU.crt > >> > tls_reqcert=try > >> > interval=00:00:00:30 > >> > retry="15 +" > >> > timeout=1 > >> > timelimit=unlimited > >> > sizelimit=unlimited > >> > > >> > mirrormode on > >> > > >> > ############################### > >> > database monitor > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > > >> > access to dn.exact="cn=Monitor" > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > >> > by * none > >> > > >> > access to dn.subtree="cn=Monitor" > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > >> > by * none > >> > > >> > > >> >> > >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > >> >> > Here is the quick and dirty what I am trying to do: > >> >> > > >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time > >> >> > synced > >> >> > to
pool.ntp.org
and each other (if they drift I would rather they > >> >> > sorta > >> >> > drift together, but pool should be keeping that in check). > >> >> > > >> >> > Right now I am just beating them up to see how 2.4.13 performs. (So > >> >> > far > >> >> > VERY well, minus this little problem) > >> >> > > >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm > >> >> > starting small). Debug gives me > >> >> > > >> >> > ber_scanf fmt (m}) ber: > >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 > >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 > >> >> > 30 .<rid=001,sid=00 > >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 > >> >> > 2,csn=2008122217 > >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 > >> >> > 4721.855904Z#000 > >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 > >> >> > 000#001#000000 > >> >> > do_syncrep2: > >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 > >> >> > do_syncrep2: rid=001 CSN too old, ignoring > >> >> > 20081222174721.855904Z#000000#001#000000 > >> >> > ldap_msgfree > >> >> > > >> >> > I am not exactly sure how it gotten to be "too old." The ldif I am > >> >> > importing is not the result of a slapcat or anything that would > >> >> > preserve > >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am > >> >> > loading > >> >> > one single file with ldapadd which, in my understanding, sets up the > >> >> > CSN > >> >> > and wouldn't let me import one anyway. > >> >> > > >> >> > Each server has no entries until I load the one, so there shouldn't > >> >> > be > >> >> > any weird stale CSNs causing this. They are "sync'ed" almost > >> >> > instantly > >> >> > after the one system is loaded - I just don't have everything. > >> >> > > >> >> > After a sync: > >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 > >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 > >> >> > > >> >> > Right now I can get them in sync with a slapcat/slapadd, but when the > >> >> > go > >> >> > into production I wont be able to say for certain which one is > >> >> > authoritative. That is the purpose of multi-master.... > >> >> > > >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32 > >> >> > bit > >> >> > > >> >> > Any ideas as to what I can do to stop this from happening? > >> >> > > >> >> > Pat > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> > > >> > > >> > > > > > -- Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
15 years, 10 months
0
0
[Re: ldap proxy acl filter problem]
by Ron Peterson
Had to turn away from this problem to deal w/ other stuff, but it's still an issue for me. Does anyone have a working example of a working proxy configuration they would be willing to share that: * includes a filter expression restricting the result set * allows you to query for the value of an individual attribute I would be very grateful. Right now I'm thinking I may try a different tack: put the filter expression on the master directory in an acl specific to the proxy base dn I'm dealing with. -Ron- ----- Forwarded message from Ron Peterson <rpeterso(a)mtholyoke.edu> ----- Date: Fri, 16 Sep 2011 09:25:41 -0400 From: Ron Peterson <rpeterso(a)mtholyoke.edu> To: Howard Chu <hyc(a)symas.com> Subject: Re: ldap proxy acl filter problem Organization: Mount Holyoke College X-Spam-Score: -0.504 () RP_MATCHES_RCVD Cc: openldap-technical(a)openldap.org 2011-09-15_08:22:54-0400 Ron Peterson <rpeterso(a)mtholyoke.edu>: > 2011-09-14_16:54:56-0400 Howard Chu <hyc(a)symas.com>: > > >I've turned my logging way up, and the hiccup seems to be that the DN > > >I've authenticated as > > >(uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu) needs read > > >access to the attributes in the filter expression. But how do I give > > >that account read access to those attributes, without then exposing the > > >objects that I'm trying to hide with the filter expression? > > > > Give it auth access, not read access. My previous example had too much going on for any sane person to wade through, so I've distilled this configuration down to illustrate the essence of the problem. No fancy rewrite rules, etc. The problem remains: adding a filter expression makes it impossible to query the value of particular attributes, although I can retrieve the entire object. It must be possible to filter the result set in a back-ldap proxy setup when querying for particular attributes, but how? ________________________________________________________________________ ldaprc like: BASE ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu BINDDN uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu URI
ldap://dirt.mtholyoke.edu
SIZELIMIT 40000 TLS_CACERT /local/etc/cert/ca/cacert.pem ________________________________________________________________________ proxy config like: database ldap suffix "ou=accounts,ou=prod,dc=mtholyoke,dc=edu" uri "ldapi://%2Fvar%2Frun%2Fslapd%2Fmastertest%2Fldapi" access to dn.sub="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" attrs="entry" by dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" read by * none # log file (see below) seems to indicate proxy wants search permission on this attribute, # but this doesn't help access to dn.sub="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" attrs="yApplicationPermission" by dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" search by * none access to dn.sub="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" filter="(yApplicationPermission=email)" by dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" read by * none ________________________________________________________________________ (1) This query works (returns all attributes): ldapsearch -LLL -Z -x -y ../../private/pwemail '(yUsername=rpeterso)' (2) This query does not (only returns DN, but not yPrimaryEmail): ldapsearch -LLL -Z -x -y ../../private/pwemail '(yUsername=rpeterso)' yPrimaryEmail ________________________________________________________________________ Log for both master and proxy database (loglevel 256 128 64 32), for query (2) above: pid 32160 = proxy server pid 24268 = master directory server Sep 16 09:17:41 mid slapd[32160]: conn=1001 fd=13 ACCEPT from IP=138.110.86.129:51010 (IP=138.110.86.129:389) Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=0 STARTTLS Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=0 RESULT oid= err=0 text= Sep 16 09:17:41 mid slapd[32160]: conn=1001 fd=13 TLS established tls_ssf=256 ssf=256 Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=1 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" method=128 Sep 16 09:17:41 mid slapd[24268]: conn=1025 fd=13 ACCEPT from PATH=/var/run/slapd/mastertest/ldapi (PATH=/var/run/slapd/mastertest/ldapi) Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=0 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" method=128 Sep 16 09:17:41 mid slapd[24268]: => access_allowed: result not in cache (userPassword) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: auth access to "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "userPassword" requested Sep 16 09:17:41 mid slapd[24268]: => acl_get: [1] attr userPassword Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "userPassword" requested Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to value by "", (=0) Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: self Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: anonymous Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [2] applying auth(=xd) (stop) Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [2] mask: auth(=xd) Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: auth access granted by auth(=xd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: auth access granted by auth(=xd) Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=0 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" mech=SIMPLE ssf=0 Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=0 RESULT tag=97 err=0 text= Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=1 BIND dn="uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" mech=SIMPLE ssf=0 Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=1 RESULT tag=97 err=0 text= Sep 16 09:17:41 mid slapd[32160]: begin get_filter Sep 16 09:17:41 mid slapd[32160]: EQUALITY Sep 16 09:17:41 mid slapd[32160]: end get_filter 0 Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=2 SRCH base="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" scope=2 deref=0 filter="(yUsername=rpeterso)" Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=2 SRCH attr=yPrimaryEmail Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=1 SRCH base="ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" scope=2 deref=0 filter="(yUsername=rpeterso)" Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=1 SRCH attr=yPrimaryEmail Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access to "ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "entry" requested Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] attr entry Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "entry" requested Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to all values by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0) Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop) Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: search access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yUsername" requested Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched Sep 16 09:17:41 mid slapd[24268]: => dn: [4] dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] matched Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] attr yUsername Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "yUsername" requested Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to value by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0) Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop) Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: search access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: search access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "entry" requested Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] attr entry Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "entry" requested Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to all values by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0) Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid=[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop) Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: read access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: result not in cache (yPrimaryEmail) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yPrimaryEmail" requested Sep 16 09:17:41 mid slapd[24268]: => dn: [3] dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_get: [3] matched Sep 16 09:17:41 mid slapd[24268]: => dn: [4] dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] matched Sep 16 09:17:41 mid slapd[24268]: => acl_get: [4] attr yPrimaryEmail Sep 16 09:17:41 mid slapd[24268]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "yPrimaryEmail" requested Sep 16 09:17:41 mid slapd[24268]: => acl_mask: to value by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0) Sep 16 09:17:41 mid slapd[24268]: <= check a_dn_pat: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: pattern: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: => acl_string_expand: expanded: ^uid[^,]*,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] applying read(=rscxd) (stop) Sep 16 09:17:41 mid slapd[24268]: <= acl_mask: [1] mask: read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => slap_access_allowed: read access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: => access_allowed: read access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 16 09:17:41 mid slapd[32160]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "entry" requested Sep 16 09:17:41 mid slapd[32160]: => dn: [1] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[32160]: => acl_get: [1] matched Sep 16 09:17:41 mid slapd[32160]: => acl_get: [1] attr entry Sep 16 09:17:41 mid slapd[32160]: => acl_mask: access to entry "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", attr "entry" requested Sep 16 09:17:41 mid slapd[32160]: => acl_mask: to all values by "uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu", (=0) Sep 16 09:17:41 mid slapd[32160]: <= check a_dn_pat: uid=email,ou=admin,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[32160]: <= acl_mask: [1] applying read(=rscxd) (stop) Sep 16 09:17:41 mid slapd[32160]: <= acl_mask: [1] mask: read(=rscxd) Sep 16 09:17:41 mid slapd[32160]: => slap_access_allowed: read access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[32160]: => access_allowed: read access granted by read(=rscxd) Sep 16 09:17:41 mid slapd[32160]: => access_allowed: result not in cache (yPrimaryEmail) Sep 16 09:17:41 mid slapd[32160]: => access_allowed: read access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yPrimaryEmail" requested Sep 16 09:17:41 mid slapd[32160]: => dn: [1] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[32160]: => acl_get: [1] matched Sep 16 09:17:41 mid slapd[32160]: => dn: [2] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[32160]: => acl_get: [2] matched Sep 16 09:17:41 mid slapd[32160]: => dn: [3] ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu Sep 16 09:17:41 mid slapd[32160]: => acl_get: [3] matched Sep 16 09:17:41 mid slapd[32160]: => test_filter Sep 16 09:17:41 mid slapd[32160]: EQUALITY Sep 16 09:17:41 mid slapd[32160]: => access_allowed: search access to "yDirectoryID=c44883ba-ac62-d28c-556f-99ccbf532da7,ou=people,ou=accounts,ou=prod,dc=mtholyoke,dc=edu" "yApplicationPermission" requested Sep 16 09:17:41 mid slapd[32160]: <= test_filter 5 Sep 16 09:17:41 mid slapd[32160]: <= acl_get: done. Sep 16 09:17:41 mid slapd[32160]: => slap_access_allowed: no more rules Sep 16 09:17:41 mid slapd[32160]: => access_allowed: no more rules Sep 16 09:17:41 mid slapd[32160]: send_search_entry: conn 1001 access to attribute yPrimaryEmail, value #0 not allowed Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 16 09:17:41 mid slapd[32160]: conn=1001 op=3 UNBIND Sep 16 09:17:41 mid slapd[24268]: conn=1025 op=2 UNBIND Sep 16 09:17:41 mid slapd[32160]: conn=1001 fd=13 closed Sep 16 09:17:41 mid slapd[24268]: conn=1025 fd=13 closed Sep 16 09:17:41 mid slapd[24268]: connection_read(13): no connection! Sep 16 09:17:41 mid slapd[24268]: connection_read(13): no connection! -- Ron Peterson Network & Systems Administrator Mount Holyoke College
http://www.mtholyoke.edu/~rpeterso
----- End forwarded message -----
13 years, 1 month
0
0
Re: TLS Configuration - "unable to get TLS client DN, error=49"
by Sambuddho Chakravarty
I might be wrong but I think there is a certain problem with Debian/*buntu for LDAPS clients... Sambuddho On Fri, 2008-08-01 at 16:14 -0400, Brad T Waldorf wrote: > Hi. We're trying to configure a basic SSL (TLS) connection through > OpenLDAP version 2.4.6. We're using Linux, Debian Version 4.0 ('etch') > INTEL. > > > The pertinent info... > > > slapd.conf > > include /usr/local/etc/openldap/schema/core.schema > include /usr/local/etc/openldap/schema/cosine.schema > include /usr/local/etc/openldap/schema/inetorgperson.schema > > pidfile /usr/local/var/run/slapd.pid > argsfile /usr/local/var/run/slapd.args > > loglevel -1 > logfile /usr/local/var/openldap-data/logb > > > TLSCACertificateFile /home/bwaldorf/certs/1024pcert.pem > TLSCertificateFile /home/bwaldorf/certs/1024pcert.pem > TLSCertificateKeyFile /home/bwaldorf/certs/1024pkey.pem > TLSCipherSuite DES-CBC-SHA > TLSVerifyClient never > > > #TLSRandFile > #TLSEphemeralDHParamFile > > > > ####################################################################### > # BDB database definitions > ####################################################################### > > database bdb > suffix "o=replDB" > rootdn "cn=replman,o=replDB" > rootpw password > timelimit 1 > idletimeout 4 > > access to attrs=userPassword > by self write > by anonymous auth > by * none > > access to * > by self write > by * read > > directory /usr/local/var/openldap-data > > index sn,mail,uid,title eq > > > > > > > > ldap.conf > > TLS_CACERT /home/bwaldorf/certs/1024pcert.pem > TLS_CERT /home/bwaldorf/certs/1024pcert.pem > TLS_KEY /home/bwaldorf/certs/1024pkey.pem > > > > > > > > > So we try the following search (-ZZ to force the command to be > successful)... > > ldapsearch -x -D "cn=replman,o=replDB" -w password -b "o=replDB1" -ZZ > > > > > > > And we get the following output (below) with -d -1... (sorry for the > excessive messages). > > Looks like the problem is... > "connection_read(13): unable to get TLS client DN, error=49 id=5" > > I did some googling for this error, but never found a thread with a > cause/solution. > > Thanks in advance for your time and help! > > > > > > daemon: activity on 1 descriptor > daemon: activity on: > slap_listener_activate(8): > daemon: epoll: listen=7 active_threads=0 tvp=NULL > daemon: epoll: listen=8 busy > >>> slap_listener(ldap:///) > daemon: activity on 1 descriptor > daemon: listen=8, new connection on 13 > daemon: activity on:daemon: added 13r (active) listener=(nil) > > conn=5 fd=13 ACCEPT from IP=127.0.0.1:32933 (IP=0.0.0.0:389)) > daemon: epoll: listen=7 active_threads=1 tvp=zero. > daemon: epoll: listen=8 active_threads=1 tvp=zero. > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read active on 13 > daemon: epoll: listen=7 active_threads=1 tvp=zero. > connection_get(13) > daemon: epoll: listen=8 active_threads=1 tvp=zero. > connection_get(13): got connid=5 > connection_read(13): checking for input on id=5 > ber_get_next > ldap_read: want=8, got=8 > 0000: 30 1d 02 01 01 77 18 80 0....w.. > ldap_read: want=23, got=23 > 0000: 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 > 36 .1.3.6.1.4.1.146 > 0010: 36 2e 32 30 30 33 37 6.20037 > ber_get_next: tag 0x30 len 29 contents: > ber_dump: buf=0xa0c11fc8 ptr=0xa0c11fc8 end=0xa0c11fe5 len=29. > 0000: 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 2e > 34 ...w...1.3.6.1.4 > 0010: 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .1.1466.20037 > ber_get_next > ldap_read: want=8 error=Resource temporarily unavailable > conn=5 op=0 do_extended > ber_scanf fmt ({m) ber: > ber_dump: buf=0xa0c11fc8 ptr=0xa0c11fcb end=0xa0c11fe5 len=26 > 0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e > w...1.3.6.1.4.1. > 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037 > conn=5 op=0 EXT oid=1.3.6.1.4.1.1466.20037 > do_extended: oid=1.3.6.1.4.1.1466.20037 > daemon: activity on 1 descriptor > conn=5 op=0 STARTTLS > daemon: activity on:send_ldap_extended: err=0 oid= len=0 > > send_ldap_response: msgid=1 tag=120 err=0 > daemon: epoll: listen=7 active_threads=1 tvp=zero > ber_flush2: 14 bytes to sd 13 > 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ > ldap_write: want=14, written=14 > 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ > conn=5 op=0 RESULT oid= err=0 text= > daemon: epoll: listen=8 active_threads=1 tvp=zero > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read active on 13 > daemon: epoll: listen=7 active_threads=1 tvp=zero > connection_get(13) > daemon: epoll: listen=8 active_threads=1 tvp=zero > connection_get(13): got connid=5 > connection_read(13): checking for input on id=5 > TLS trace: SSL_accept:before/accept initialization > tls_read: want=11, got=11 > 0000: 80 74 01 03 01 00 4b 00 00 00 20 .t....K....... > tls_read: want=107, got=107 > 0000: 00 00 39 00 00 38 00 00 35 00 00 16 00 00 13 > 00 ..9..8..5....... > 0010: 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f 03 > 00 .......3..2../.. > 0020: 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 > 12 ................ > 0030: 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 > 00 .....@.......... > 0040: 00 06 04 00 80 00 00 03 02 00 80 15 2d dd 5d > 9a ............-.]. > 0050: f5 29 55 3b 15 f2 e5 47 18 9c 22 f2 7d 07 51 > 72 .)U;...G..".}.Qr > 0060: 60 1f 38 61 8d 9a e7 67 2a 5e 9e `.8a...g*^..}. > TLS trace: SSL_accept:SSLv3 read client hello A > TLS trace: SSL_accept:SSLv3 write server hello A > TLS trace: SSL_accept:SSLv3 write certificate A > TLS trace: SSL_accept:SSLv3 write server done A > tls_write: want=985, written=985 > 0000: 16 03 01 00 4a 02 00 00 46 03 01 48 92 1d e7 > 69 ....J...F..H...i > 0010: f3 a0 ea 95 0f 3b 21 71 a5 b0 11 34 27 91 b8 > 0b .....;!q...4'... > 0020: d1 25 4f ca d5 56 fd 55 d2 0f 33 20 a7 fe 44 > 07 .%O..V.U..3 ..D. > 0030: 8a 33 a1 ec 46 61 01 94 2a 05 9a 59 9e 95 02 > ec .3..Fa..*..Y.... > 0040: 99 82 42 77 1d f6 bf 6e b4 0f 05 23 00 09 00 > 16 ..Bw...n...#.... > 0050: 03 01 03 7c 0b 00 03 78 00 03 75 00 03 72 30 > 82 ...|...x..u..r0. > 0060: 03 6e 30 82 02 d7 a0 03 02 01 02 02 01 00 30 > 0d .n0...........0. > 0070: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 > 87 ..*.H........0.. > 0080: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 > 1.0...U....US1.0 > 0090: 0f 06 03 55 04 08 13 08 4e 65 77 20 59 6f 72 6b ...U....New > York > 00a0: 31 15 30 13 06 03 55 04 07 13 0c 50 6f 75 67 68 > 1.0...U....Pough > 00b0: 6b 65 65 70 73 69 65 31 0c 30 0a 06 03 55 04 0a > keepsie1.0...U.. > 00c0: 13 03 49 42 4d 31 0c 30 0a 06 03 55 04 0b 13 > 03 ..IBM1.0...U.... > 00d0: 54 50 46 31 0e 30 0c 06 03 55 04 03 13 05 44 61 > TPF1.0...U....Da > 00e0: 76 69 64 31 22 30 20 06 09 2a 86 48 86 f7 0d 01 > vid1"0 ..*.H.... > 00f0: 09 01 16 13 6d 6f 7a 65 73 68 74 61 40 75 73 > 2e ....mozeshta@us. > 0100: 69 62 6d 2e 63 6f 6d 30 1e 17 0d 30 38 30 33 31 > ibm.com0...08031 > 0110: 31 30 31 31 36 31 31 5a 17 0d 31 30 31 32 30 37 > 1011611Z..101207 > 0120: 30 31 31 36 31 31 5a 30 81 87 31 0b 30 09 06 03 > 011611Z0..1.0... > 0130: 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08 > U....US1.0...U.. > 0140: 13 08 4e 65 77 20 59 6f 72 6b 31 15 30 13 06 03 ..New > York1.0... > 0150: 55 04 07 13 0c 50 6f 75 67 68 6b 65 65 70 73 69 > U....Poughkeepsi > 0160: 65 31 0c 30 0a 06 03 55 04 0a 13 03 49 42 4d 31 > e1.0...U....IBM1 > 0170: 0c 30 0a 06 03 55 04 0b 13 03 54 50 46 31 0e > 30 .0...U....TPF1.0 > 0180: 0c 06 03 55 04 03 13 05 44 61 76 69 64 31 22 > 30 ...U....David1"0 > 0190: 20 06 09 2a 86 48 86 f7 0d 01 09 01 16 13 6d > 6f ..*.H........mo > 01a0: 7a 65 73 68 74 61 40 75 73 2e 69 62 6d 2e 63 6f > zeshta(a)us.ibm.co > 01b0: 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 > m0..0...*.H..... > 01c0: 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 ac > ee .......0........ > 01d0: f9 a7 40 cc 73 af 67 a0 ea 46 08 45 a5 fd 44 > 71 ..@.s.g..F.E..Dq > 01e0: a4 04 3e 51 f7 39 51 82 3d 7e 9b 99 ae 1d c1 > 22 ..>Q.9Q.=~....." > 01f0: 67 10 e7 15 d1 a9 65 75 e9 3e 0f 77 64 d1 14 4d > g.....eu.>.wd..M > 0200: 28 f0 8c ba d3 ed 87 e9 b1 5b 11 c1 3f 11 ed 1a > (........[..?... > 0210: 96 9a 3f b3 4b f3 db bd 84 41 11 aa ea 37 6d > ab ..?.K....A...7m. > 0220: c5 fb a9 bb ab 9d 87 66 b2 31 7a c8 35 06 06 > ec .......f.1z.5... > 0230: fb 07 f1 29 f5 f3 fd 29 f4 df 33 bf 40 de 84 > 6f ...)...)..3.@..o > 0240: 9d 66 ea 57 42 ab 0f 13 a0 07 71 d5 e0 6d 02 > 03 .f.WB.....q..m.. > 0250: 01 00 01 a3 81 e7 30 81 e4 30 1d 06 03 55 1d > 0e ......0..0...U.. > 0260: 04 16 04 14 11 76 af b1 5a bd 99 53 a5 de 02 > 35 .....v..Z..S...5 > 0270: 06 51 c4 01 74 71 2c c6 30 81 b4 06 03 55 1d > 23 .Q..tq,.0....U.# > 0280: 04 81 ac 30 81 a9 80 14 11 76 af b1 5a bd 99 > 53 ...0.....v..Z..S > 0290: a5 de 02 35 06 51 c4 01 74 71 2c c6 a1 81 8d > a4 ...5.Q..tq,..... > 02a0: 81 8a 30 81 87 31 0b 30 09 06 03 55 04 06 13 > 02 ..0..1.0...U.... > 02b0: 55 53 31 11 30 0f 06 03 55 04 08 13 08 4e 65 77 > US1.0...U....New > 02c0: 20 59 6f 72 6b 31 15 30 13 06 03 55 04 07 13 0c > York1.0...U.... > 02d0: 50 6f 75 67 68 6b 65 65 70 73 69 65 31 0c 30 0a > Poughkeepsie1.0. > 02e0: 06 03 55 04 0a 13 03 49 42 4d 31 0c 30 0a 06 > 03 ..U....IBM1.0... > 02f0: 55 04 0b 13 03 54 50 46 31 0e 30 0c 06 03 55 04 > U....TPF1.0...U. > 0300: 03 13 05 44 61 76 69 64 31 22 30 20 06 09 2a > 86 ...David1"0 ..*. > 0310: 48 86 f7 0d 01 09 01 16 13 6d 6f 7a 65 73 68 74 > H........mozesht > 0320: 61 40 75 73 2e 69 62 6d 2e 63 6f 6d 82 01 00 30 > a@us.ibm.com...0 > 0330: 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d > 06 ...U....0....0.. > 0340: 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 > 00 .*.H............ > 0350: a8 39 22 f9 88 b2 c1 e6 95 5e af 4d ae f6 89 > e5 .9"......^.M.... > 0360: 64 82 37 42 f6 5b 00 56 22 d0 c6 b9 5f 70 36 2f > d.7B.[.V"..._p6/ > 0370: 8f 10 bb 5a d1 18 33 2a 37 8a a0 f2 c3 53 21 > 12 ...Z..3*7....S!. > 0380: 2c 28 8a 62 a9 e0 b5 5a 70 4c 77 f1 5c 33 d2 > a3 ,(.b...ZpLw.\3.. > 0390: 6d 77 e8 6e e8 7e 5b 74 d9 3a 70 24 38 89 ce 11 mw.n.~[t.:p > $8... > 03a0: 4c ec 64 51 f2 be 61 4c 18 09 25 13 48 e2 5b 13 > L.dQ..aL..%.H.[. > 03b0: d9 fa 8c 0c b7 a2 dd 09 dd e8 da 01 c7 29 2b > 9a .............)+. > 03c0: 22 51 6f 19 54 e7 02 90 75 0e a9 3a 4b e0 d1 a4 > "Qo.T...u..:K... > 03d0: 16 03 01 00 04 0e 00 00 00 ...........: > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5 error=Resource temporarily unavailable > TLS trace: SSL_accept:error in SSLv3 read client certificate A.........: > TLS trace: SSL_accept:error in SSLv3 read client certificate A.........: > daemon: activity on 1 descriptor > daemon: activity on: > daemon: epoll: listen=7 active_threads=1 tvp=zero > daemon: epoll: listen=8 active_threads=1 tvp=zero > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read active on 13 > daemon: epoll: listen=7 active_threads=1 tvp=zero > connection_get(13) > daemon: epoll: listen=8 active_threads=1 tvp=zero > connection_get(13): got connid=5 > connection_read(13): checking for input on id=5 > tls_read: want=5, got=5 > 0000: 16 03 01 00 86 ...........: > tls_read: want=134, got=134 > 0000: 10 00 00 82 00 80 91 6b 72 70 d5 4e 89 66 4e > 5f .......krp.N.fN_ > 0010: f2 d6 d6 41 e7 3a 85 1e 8e ce 85 4d 90 ac 4a > ec ...A.:.....M..J. > 0020: 81 f6 4d 2c 1d 94 85 e8 78 cf c9 68 11 77 b3 > 4e ..M,....x..h.w.N > 0030: 13 97 62 43 e2 e8 12 44 42 46 c6 bc c3 74 c7 > ad ..bC...DBF...t.. > 0040: f7 46 22 2b ac 8c 8e 59 5d de f4 fd f9 73 3f > 76 .F"+...Y]....s?v > 0050: 1b 58 1f da 5c 95 49 a6 73 ec 75 37 fc 38 fa > 53 .X..\.I.s.u7.8.S > 0060: 6d 3c a9 fd 2a 7d c3 f7 b9 79 e7 3f 8f da df 04 > m<..*}...y.?.... > 0070: cb 06 e2 67 75 3c 57 cf 8e 60 6e e4 27 fa 23 > a3 ...gu<W..`n.'.#. > 0080: b8 fb c6 5b 14 7e ...[.~ > TLS trace: SSL_accept:SSLv3 read client key exchange A > tls_read: want=5, got=5 > 0000: 14 03 01 00 01 ..... > tls_read: want=1, got=1 > 0000: 01 ..... > tls_read: want=5, got=5 > 0000: 16 03 01 00 28 ....( > tls_read: want=40, got=40 > 0000: 77 34 09 6c 45 e9 f1 f0 a2 e6 cb 2d e4 49 27 42 > w4.lE......-.I'B > 0010: 45 a5 84 74 bb bd 0f 6e 24 70 e1 b0 0f 19 83 4a E..t...n > $p.....J > 0020: 7a 41 c3 b3 ca fe 80 68 zA.....h > TLS trace: SSL_accept:SSLv3 read finished A > TLS trace: SSL_accept:SSLv3 write change cipher spec A > TLS trace: SSL_accept:SSLv3 write finished A > tls_write: want=51, written=51 > 0000: 14 03 01 00 01 01 16 03 01 00 28 97 a6 bb b1 > 8c ..........(..... > 0010: 50 d4 6f 60 2c fb c7 d1 10 a6 a6 37 ff ea 0b e8 > P.o`,......7.... > 0020: 60 d0 f1 6b 34 d7 26 7b a9 c8 c0 45 72 33 7c 67 `..k4.&{...Er3| > g > 0030: b4 07 93 ... > TLS trace: SSL_accept:SSLv3 flush data > connection_read(13): unable to get TLS client DN, error=49 id=5 > conn=5 fd=13 TLS established tls_ssf=56 ssf=56 > daemon: activity on 1 descriptor > daemon: activity on: > daemon: epoll: listen=7 active_threads=1 tvp=zero > daemon: epoll: listen=8 active_threads=1 tvp=zero > daemon: activity on 1 descriptor > daemon: activity on: 13r > daemon: read active on 13 > daemon: epoll: listen=7 active_threads=1 tvp=zero > connection_get(13) > daemon: epoll: listen=8 active_threads=1 tvp=zero > connection_get(13): got connid=5 > connection_read(13): checking for input on id=5 > ber_get_next > tls_read: want=5, got=0 > > ldap_read: want=8, got=0 > > ber_get_next on fd 13 failed errno=0 (Success) > connection_read(13): input error=-2 id=5, closing. > connection_closing: readying conn=5 sd=13 for close > connection_close: conn=5 sd=13 > daemon: removing 13 > daemon: activity on 1 descriptor > tls_write: want=29, written=29 > 0000: 15 03 01 00 18 73 41 45 4f f9 51 03 05 e6 66 > c2 .....sAEO.Q...f. > 0010: f5 65 d2 a9 ab 03 aa 8d d1 79 ef 18 8c .e.......y.... > TLS trace: SSL3 alert write:warning:close notify > conn=5 fd=13 closed (connection lost) > daemon: activity on: > daemon: epoll: listen=7 active_threads=0 tvp=NULL > daemon: epoll: listen=8 active_threads=0 tvp=NULL >
16 years, 3 months
0
0
RE: OPENLDAP SYNCREPL
by Borresen, John - 0442 - MITLL
Thanks, Howard; In hindsight, if my config looks jumbled, it is...that's what I get for doing little things in a quasi-blind attempt at solving issues. *******Here is the output of slapcat on the Provider:********** # slapcat -s olcDatabase=\{1}bdb,cn=config dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/1 2/18 11:53:27 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <
http://www.oracle.com/technology/documentation/berkeley-d
b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}# <
http://www.openldap.org/faq/index.cgi?file=1075
> olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: cn,uid eq,sub olcDbIndex: uidNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: ipHostNumber eq olcDbIndex: gidNumber,memberUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8 creatorsName: cn=config createTimestamp: 20111219143532Z olcDbSearchStack: 32 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDatabase: {1}bdb olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited time=u nlimited entryCSN: 20120313163732.658240Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313163732Z dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca creatorsName: cn=admin,cn=config createTimestamp: 20120224171809Z olcSpReloadHint: TRUE olcSpCheckpoint: 1000 60 entryCSN: 20120312145000.123929Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120312145000Z dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: eea1e438-6385-4660-807b-bb270eb4843a creatorsName: cn=admin,cn=config createTimestamp: 20120229161649Z entryCSN: 20120229161649.880441Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120229161649Z # slapcat -s olcDatabase=\{2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDbDirectory: /var/lib/ldap_db/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48 creatorsName: cn=admin,cn=config createTimestamp: 20120229153826Z olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" time.soft=unlimited t ime.hard=unlimited size.soft=unlimited size.hard=unlimited olcDatabase: {2}bdb entryCSN: 20120313143637.046410Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20120313143637Z ################################################ ***Here is the output of slapcat from the Consumer*** # slapcat -s olcDatabase=\{2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4 2007/1 2/18 11:51:46 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <
http://www.oracle.com/technology/documentation/berkeley-d
b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}# <
http://www.openldap.org/faq/index.cgi?file=1075
> olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008 creatorsName: cn=config createTimestamp: 20120229205835Z olcDatabase: {2}bdb olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636 olcMirrorMode: TRUE olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=********* interva l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs= "*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23 /etc/openldap/cacerts entryCSN: 20120313150609.224840Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313150609Z dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {0}memberof structuralObjectClass: olcMemberOf entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d creatorsName: cn=admin,cn=config createTimestamp: 20120302121345Z entryCSN: 20120302121345.220702Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302121345Z dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63 creatorsName: cn=admin,cn=config createTimestamp: 20120302141557Z entryCSN: 20120302141557.545770Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302141557Z I know that the two systems are communicating, at least, at the client level and attempting to at the slapd level. As stated earlier, the only error I'm seeing consistently on the Consumer is: do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying The full log up to the above "Sync State Control" messages on the consumer: request done: ld 0x14043290 msgid 1 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x14043290 msgid 2 dborresen on gp42-rohan$ ssh -X root@gp42-admin1 request done: ld 0x2af20fe89d70 msgid 1 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 2 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 3 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 4 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 5 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 6 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 7 Last login: Tue Mar 13 09:06:13 2012 from
gp42-rohan.llan.ll.mit.edu
root on gp42-admin1# tail -f /var/log/slapd 0000: 15 03 01 00 20 dd 4d 17 93 a1 ce 3f 55 5f c5 db .... .M....?U_.. 0010: ed 5c c1 86 6f 21 09 c9 ec 8e f5 c0 39 8a b7 7a .\..o!......9..z 0020: 1d 4e 66 ed b6 .Nf.. TLS trace: SSL3 alert write:warning:close notify ldap_free_connection: actually freed tls_read: want=5 error=Bad file descriptor do_syncrepl: rid=001 rc -1 retrying daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: shutdown requested and initiated. daemon: closing 7 connection_closing: readying conn=1000 sd=15 for close connection_close: conn=1000 sd=15 daemon: removing 15 tls_write: want=37, written=37 0000: 15 03 01 00 20 d7 c9 23 bd 9d c0 16 c6 d4 44 a4 .... ..#......D. 0010: a5 dc c0 98 2b 1e 30 a0 87 21 77 b1 53 cc 48 4a ....+.0..!w.S.HJ 0020: 4b 80 11 e2 c3 K.... TLS trace: SSL3 alert write:warning:close notify conn=1000 fd=15 closed (slapd shutdown) connection_closing: readying conn=1001 sd=16 for close connection_close: conn=1001 sd=16 daemon: removing 16 tls_write: want=37, written=37 0000: 15 03 01 00 20 00 3e 12 4d e4 d0 22 6a c3 8c 7d .... .>.M.."j..} 0010: ab c9 6e 6b 6b bf 45 de 98 03 e4 3d dc 7a f6 3d ..nkk.E....=.z.= 0020: 59 8a ff 95 df Y.... TLS trace: SSL3 alert write:warning:close notify conn=1001 fd=16 closed (slapd shutdown) slapd shutdown: waiting for 0 operations/tasks to finish slapd shutdown: initiated ====> bdb_cache_release_all ====> bdb_cache_release_all slapd destroy: freeing system resources. syncinfo_free: rid=001 Just noticed on the Provider, after restarting with DEBUG of "7", the following: slapd destroy: freeing system resources slapd stopped That is the final two entries in the log. Running a ps for slapd, it shows as running, The following is the slapd logs from the Consumer: ldap_build_search_req ATTRS: reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 264 bytes to sd 15 tls_write: want=330, written=330 0000: 17 03 01 00 20 72 13 92 07 08 37 c4 7b 38 98 13 .... r....7.{8.. 0010: 5a 47 35 08 a5 8e da f7 91 6a 9c ce 57 ba 2e 78 ZG5......j..W..x 0020: 96 ca e7 1c 4b 17 03 01 01 20 61 b0 79 38 e9 ec ....K.... a.y8.. 0030: 79 6a 8c 3c a2 55 62 0e 30 f3 86 a5 58 f8 4f 75 yj.<.Ub.0...X.Ou 0040: e4 47 a5 16 de 1a 10 34 3d 2f 61 c0 71 f2 72 8d .G.....4=/a.q.r. 0050: 11 25 24 3d 7c 52 4e 2d 10 75 84 3b 01 a5 ef 7c .%$=|RN-.u.;...| 0060: 2f f1 69 f7 e4 02 89 d6 4e 81 b0 ef f1 43 89 61 /.i.....N....C.a 0070: a8 06 ab e1 b9 c8 de d6 92 de f7 f2 38 7e ed 97 ............8~.. 0080: 41 61 f9 13 96 4f d8 a1 72 c7 58 7f d7 52 3e 27 Aa...O..r.X..R>' 0090: 95 e8 6b 2e b1 36 14 87 96 bf 39 54 08 8f b1 df ..k..6....9T.... 00a0: 6e 79 3f df b3 0d 14 8d 9a a2 85 8e 6e b5 e7 b6 ny?.........n... 00b0: 6e d0 f5 41 66 98 2d bd c9 22 5a e6 bd 91 a0 ea n..Af.-.."Z..... 00c0: 10 e3 00 84 a6 13 ed ce 56 10 2b 15 92 5b cf 5f ........V.+..[._ 00d0: 85 2a 7e 72 57 ad fe 21 a2 09 cf 3a 00 6b 97 a0 .*~rW..!...:.k.. 00e0: e4 59 47 a1 39 2f 6d 23 a3 6b ec ce c0 c3 88 59 .YG.9/m#.k.....Y 00f0: 51 15 f7 f0 d0 a4 c9 1d 74 89 34 72 17 f6 ae a5 Q.......t.4r.... 0100: fe f5 2b 31 af ba ff 2c 11 c8 70 35 26 1e a8 12 ..+1...,..p5&... 0110: cd b7 26 ee ff 5e 5e 44 6c fd bb e3 33 5d 8c 6b ..&..^^Dl...3].k 0120: 5a f7 81 c9 43 fa 76 88 90 1f 62 39 fd 50 2d 68 Z...C.v...b9.P-h 0130: c2 e2 0a f8 32 59 84 5d 97 ca fd ed ab be 76 b5 ....2Y.]......v. 0140: bd c2 ef be 08 b4 2a d0 0a 58 ......*..X ldap_write: want=264, written=264 0000: 30 82 01 04 02 01 02 63 7a 04 0c 63 6e 3d 61 63 0......cz..cn=ac 0010: 63 65 73 73 6c 6f 67 0a 01 02 0a 01 00 02 01 00 cesslog......... 0020: 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c ........objectcl 0030: 61 73 73 30 4e 04 05 72 65 71 44 4e 04 07 72 65 ass0N..reqDN..re 0040: 71 54 79 70 65 04 06 72 65 71 4d 6f 64 04 09 72 qType..reqMod..r 0050: 65 71 4e 65 77 52 44 4e 04 0f 72 65 71 44 65 6c eqNewRDN..reqDel 0060: 65 74 65 4f 6c 64 52 44 4e 04 0e 72 65 71 4e 65 eteOldRDN..reqNe 0070: 77 53 75 70 65 72 69 6f 72 04 08 65 6e 74 72 79 wSuperior..entry 0080: 43 53 4e a0 81 82 30 62 04 18 31 2e 33 2e 36 2e CSN...0b..1.3.6. 0090: 31 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e 31 1.4.1.4203.1.9.1 00a0: 2e 31 04 46 30 44 0a 01 03 04 3c 72 69 64 3d 30 .1.F0D....<rid=0 00b0: 30 31 2c 73 69 64 3d 30 30 30 2c 63 73 6e 3d 32 01,sid=000,csn=2 00c0: 30 31 32 30 33 30 31 31 36 32 30 33 33 2e 31 33 0120301162033.13 00d0: 32 35 39 35 5a 23 30 30 30 30 30 30 23 30 30 30 2595Z#000000#000 00e0: 23 30 30 30 30 30 30 01 01 00 30 1c 04 17 32 2e #000000...0...2. 00f0: 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 16.840.1.113730. 0100: 33 2e 34 2e 32 01 01 ff 3.4.2... =>do_syncrep2 rid=001 ldap_result ld 0x176e58f0 msgid 2 wait4msg ld 0x176e58f0 msgid 2 (timeout 0 usec) wait4msg continue ld 0x176e58f0 msgid 2 all 0 ** ld 0x176e58f0 Connections: * host: gp42-admin2.group42.ldap port: 636 (default) refcnt: 2 status: Connected last used: Tue Mar 13 14:32:09 2012 ** ld 0x176e58f0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x176e58f0 request count 1 (abandoned 0) ** ld 0x176e58f0 Response Queue: Empty ld 0x176e58f0 response count 0 ldap_chkResponseList ld 0x176e58f0 msgid 2 all 0 ldap_chkResponseList returns ld 0x176e58f0 NULL ldap_int_select connection_get(15) connection_get(15): got connid=0 =>do_syncrepl rid=001 =>do_syncrep2 rid=001 ldap_result ld 0x176e58f0 msgid 2 wait4msg ld 0x176e58f0 msgid 2 (timeout 0 usec) wait4msg continue ld 0x176e58f0 msgid 2 all 0 ** ld 0x176e58f0 Connections: * host: gp42-admin2.group42.ldap port: 636 (default) refcnt: 2 status: Connected last used: Tue Mar 13 14:32:09 2012 ** ld 0x176e58f0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x176e58f0 request count 1 (abandoned 0) ** ld 0x176e58f0 Response Queue: Empty ld 0x176e58f0 response count 0 ldap_chkResponseList ld 0x176e58f0 msgid 2 all 0 ldap_chkResponseList returns ld 0x176e58f0 NULL ldap_int_select read1msg: ld 0x176e58f0 msgid 2 all 0 ber_get_next tls_read: want=5, got=5 0000: 17 03 01 00 20 .... tls_read: want=32, got=32 0000: 4e 88 88 4a 6e 77 f0 43 59 1a ec aa 52 ce 3e e1 N..Jnw.CY...R.>. 0010: 02 a2 26 26 6e 23 9a 87 5f f1 ca fc 88 c0 02 76 ..&&n#.._......v tls_read: want=5, got=5 0000: 17 03 01 00 70 ....p tls_read: want=112, got=112 0000: 1b 7b 97 8b a7 b3 eb ca db 7b 7a 66 e2 52 52 3a .{.......{zf.RR: 0010: 7c 7b 57 10 ba fa ab 94 f8 67 a3 c7 2d 78 0f dc |{W......g..-x.. 0020: d7 c1 3a 06 db 4b ad e5 b8 5a fa 29 a7 b6 f4 92 ..:..K...Z.).... 0030: e3 50 05 58 80 41 e3 e3 9b 43 08 d8 83 ff bb 1d .P.X.A...C...... 0040: c1 37 0f 98 34 32 cc af 27 bd a6 06 57 e0 84 ba .7..42..'...W... 0050: 71 8e 1c 85 b6 4d 46 00 04 66 ef 1f e7 a5 ca 3e q....MF..f.....> 0060: 26 ce c6 83 78 db 3b b8 f0 92 92 ee 3d 5e 87 d6 &...x.;.....=^.. ldap_read: want=8, got=8 0000: 30 4d 02 01 02 64 48 04 0M...dH. ldap_read: want=71, got=71 0000: 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 30 38 30 .cn=accesslog080 0010: 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 04 28 32 6..entryCSN1*.(2 0020: 30 31 32 30 33 30 31 31 36 32 30 33 33 2e 31 33 0120301162033.13 0030: 32 35 39 35 5a 23 30 30 30 30 30 30 23 30 30 30 2595Z#000000#000 0040: 23 30 30 30 30 30 30 #000000 ber_get_next: tag 0x30 len 77 contents: read1msg: ld 0x176e58f0 msgid 2 message type search-entry ber_scanf fmt ({xx) ber: do_syncrep2: rid=001 got search entry without Sync State control ldap_msgfree connection_get(15) connection_get(15): got connid=0 ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 15 tls_write: want=74, written=74 0000: 17 03 01 00 20 46 a2 b3 01 e2 fd c9 d8 13 e4 32 .... F.........2 0010: d3 51 b8 21 7e ce 9d 8b f6 ca 39 5e 3d 4a ea ba .Q.!~.....9^=J.. 0020: 0a 84 1d 96 a0 17 03 01 00 20 34 0d 82 ce dc 88 ......... 4..... 0030: f3 99 49 90 e8 47 98 8c 72 32 98 e5 50 dd 08 01 ..I..G..r2..P... 0040: 87 20 19 cc 19 3c 6f f1 c8 f4 . ...<o... ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B. tls_write: want=37, written=37 0000: 15 03 01 00 20 be 7e 35 96 7c a9 fc 95 05 8d cd .... .~5.|...... 0010: c0 93 10 86 e2 25 29 0e 32 cf 63 48 ec d0 8d 1f .....%).2.cH.... 0020: 1f 75 01 3c 4c .u.<L TLS trace: SSL3 alert write:warning:close notify ldap_free_connection: actually freed tls_read: want=5 error=Bad file descriptor do_syncrepl: rid=001 rc -1 retrying David Borresen ph: 781-981-2954 email: john.d.borresen(a)ll.mit.edu -----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, March 13, 2012 2:01 PM To: Borresen, John - 0442 - MITLL Cc: Quanah Gibson-Mount; openldap-technical(a)openldap.org Subject: Re: OPENLDAP SYNCREPL Borresen, John - 0442 - MITLL wrote: > Thanks, Quanah; > > As requested: That was clearly not the problem; if the syncprov module was missing your config would have caused slapd to fail to start. Also it was clearly present since you had it updating the contextCSN in your shutdown log. Quanah, you should have already seen that and not sent him on a wild goose chase. And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG DIRECTORY. Use the database administration tools. For your previous case, you should have simply used: slapcat -s olcDatabase=\{1\}bdb,cn=config Make sure the consumer is talking to the server you think it is. Show slapd -d7 output from the provider while the consumer is trying to connect. -- -- Howard Chu CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/
12 years, 8 months
0
0
Re: CSN too old, ignoring - and therefore not syncing
by Gavin Henry
Ok, thanks. On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: >> Where did you read that those were needed anyway? If it was the admin >> guide then I need to fix it ;-) >> >> Gavin. > > I have no idea where I found those at... I know it wasn't the (recent) > admin guide. It may have been from around the 2.4.8 release, but that > is long gone... > > Pat > >> >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: >> > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: >> >> Try dropping nopresent and reloadhint relating to ITS5669. You only >> >> need these two syncprov settings on an accesslog db. >> >> >> >> Gavin. >> > >> > Thanks, that did the job! >> > >> > Pat >> > >> >> >> >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: >> >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: >> >> >> Can you post your config somewhere? >> >> > >> >> > >> >> > allow bind_v2 >> >> > >> >> > include /etc/ldap/schema/core.schema >> >> > include /etc/ldap/schema/cosine.schema >> >> > include /etc/ldap/schema/nis.schema >> >> > include /etc/ldap/schema/inetorgperson.schema >> >> > include /etc/ldap/schema/samba.schema >> >> > include /etc/ldap/schema/eduperson-200412.schema >> >> > include /etc/ldap/schema/hdb.schema >> >> > include /etc/ldap/schema/IWU.schema >> >> > >> >> > pidfile /var/run/slapd/slapd.pid >> >> > argsfile /var/run/slapd/slapd.args >> >> > >> >> > modulepath /usr/lib/ldap >> >> > moduleload back_hdb >> >> > moduleload back_monitor >> >> > moduleload memberof >> >> > moduleload syncprov >> >> > moduleload smbk5pwd >> >> > >> >> > tool-threads 2 >> >> > sizelimit 500 >> >> > idletimeout 7200 >> >> > >> >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt >> >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt >> >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key >> >> > TLSVerifyClient allow >> >> > >> >> > localSSF 160 >> >> > security ssf=1 update_ssf=128 simple_bind=112 >> >> > sasl-secprops noanonymous >> >> > >> >> > access to dn.base="" by * read >> >> > access to dn.base="cn=Subschema" by * read >> >> > >> >> > backend hdb >> >> > database hdb >> >> > >> >> > overlay memberof >> >> > overlay smbk5pwd >> >> > overlay syncprov >> >> > >> >> > smbk5pwd-enable samba >> >> > smbk5pwd-enable krb5 >> >> > smbk5pwd-must-change 0 >> >> > >> >> > syncprov-checkpoint 100 10 >> >> > syncprov-sessionlog 200 >> >> > syncprov-nopresent TRUE >> >> > syncprov-reloadhint TRUE >> >> > >> >> > suffix "dc=iwu,dc=edu" >> >> > >> >> > rootdn "cn=admin,dc=iwu,dc=edu" >> >> > rootpw {redacted} >> >> > >> >> > authz-regexp "uidNumber=0\\\ >> >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" >> >> > "cn=ldapi,dc=iwu,dc=edu" >> >> > authz-regexp "gidNumber=.*\\\ >> >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" >> >> > "cn=ldapi,dc=iwu,dc=edu" >> >> > >> >> > authz-regexp "uid=(.+),cn=.+,cn=auth" >> >> > "uid=$1,ou=People,dc=iwu,dc=edu" >> >> > >> >> > directory "/var/lib/ldap/" >> >> > >> >> > dbconfig set_cachesize 0 62914560 0 >> >> > dbconfig set_lk_max_objects 1500 >> >> > dbconfig set_lk_max_locks 1500 >> >> > dbconfig set_lk_max_lockers 1500 >> >> > >> >> > # Make sure to do a nightly slapcat >> >> > dbconfig set_flags DB_LOG_AUTOREMOVE >> >> > >> >> > index objectClass eq,pres >> >> > index default eq,sub,pres >> >> > index mail eq,sub,pres >> >> > index sn eq,sub,pres >> >> > index cn eq,sub,pres >> >> > index displayName eq,sub,pres >> >> > index gecos eq,sub,pres >> >> > index uid eq,sub,pres >> >> > index memberUid eq,sub,pres >> >> > index uidNumber eq,pres >> >> > index gidNumber eq,pres >> >> > index entryCSN eq,pres >> >> > index entryUUID eq,pres >> >> > index uniqueMember eq,pres >> >> > index userPassword eq,pres >> >> > index krb5PrincipalName eq,pres >> >> > index krb5PrincipalRealm eq,pres >> >> > index sambaDomainName eq,pres >> >> > index sambaSID eq,pres >> >> > index sambaPrimaryGroupSID eq,pres >> >> > index sambaSIDList eq,pres >> >> > >> >> > lastmod on >> >> > >> >> > checkpoint 256 15 >> >> > >> >> > password-hash {SSHA} >> >> > >> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write >> >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write >> >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read >> >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key >> >> > by anonymous auth >> >> > by self write >> >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write >> >> > by users auth >> >> > by * break >> >> > >> >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none >> >> > >> >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by >> >> > * >> >> > none >> >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none >> >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none >> >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self >> >> > read >> >> > by * none >> >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by >> >> > self >> >> > read by * none >> >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by >> >> > * >> >> > none >> >> > >> >> > access to >> >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by >> >> > self >> >> > read by * none >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName >> >> > by self write >> >> > by users read >> >> > by anonymous none >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber >> >> > by self read >> >> > by anonymous none >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid >> >> > by * none >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength >> >> > by self read >> >> > by anonymous none >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" by * read >> >> > >> >> > serverID 1 >> >> > >> >> > syncrepl rid=2 >> >> >
provider=ldap://ldap2.iwu.edu/
>> >> > schemachecking=off >> >> > searchbase="dc=iwu,dc=edu" >> >> > scope=sub >> >> > type=refreshAndPersist >> >> > binddn="cn=mirror,dc=iwu,dc=edu" >> >> > credentials={redacted} >> >> > bindmethod=simple >> >> > starttls=yes >> >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt >> >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key >> >> > tls_cacert=/etc/ldap/ssl/IWU.crt >> >> > tls_reqcert=try >> >> > interval=00:00:00:30 >> >> > retry="15 +" >> >> > timeout=1 >> >> > timelimit=unlimited >> >> > sizelimit=unlimited >> >> > >> >> > mirrormode on >> >> > >> >> > ############################### >> >> > database monitor >> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > >> >> > access to dn.exact="cn=Monitor" >> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read >> >> > by * none >> >> > >> >> > access to dn.subtree="cn=Monitor" >> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read >> >> > by * none >> >> > >> >> > >> >> >> >> >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: >> >> >> > Here is the quick and dirty what I am trying to do: >> >> >> > >> >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time >> >> >> > synced >> >> >> > to
pool.ntp.org
and each other (if they drift I would rather they >> >> >> > sorta >> >> >> > drift together, but pool should be keeping that in check). >> >> >> > >> >> >> > Right now I am just beating them up to see how 2.4.13 performs. >> >> >> > (So >> >> >> > far >> >> >> > VERY well, minus this little problem) >> >> >> > >> >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm >> >> >> > starting small). Debug gives me >> >> >> > >> >> >> > ber_scanf fmt (m}) ber: >> >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 >> >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 >> >> >> > 30 .<rid=001,sid=00 >> >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 >> >> >> > 2,csn=2008122217 >> >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 >> >> >> > 4721.855904Z#000 >> >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 >> >> >> > 000#001#000000 >> >> >> > do_syncrep2: >> >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 >> >> >> > do_syncrep2: rid=001 CSN too old, ignoring >> >> >> > 20081222174721.855904Z#000000#001#000000 >> >> >> > ldap_msgfree >> >> >> > >> >> >> > I am not exactly sure how it gotten to be "too old." The ldif I >> >> >> > am >> >> >> > importing is not the result of a slapcat or anything that would >> >> >> > preserve >> >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am >> >> >> > loading >> >> >> > one single file with ldapadd which, in my understanding, sets up >> >> >> > the >> >> >> > CSN >> >> >> > and wouldn't let me import one anyway. >> >> >> > >> >> >> > Each server has no entries until I load the one, so there >> >> >> > shouldn't >> >> >> > be >> >> >> > any weird stale CSNs causing this. They are "sync'ed" almost >> >> >> > instantly >> >> >> > after the one system is loaded - I just don't have everything. >> >> >> > >> >> >> > After a sync: >> >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 >> >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 >> >> >> > >> >> >> > Right now I can get them in sync with a slapcat/slapadd, but when >> >> >> > the >> >> >> > go >> >> >> > into production I wont be able to say for certain which one is >> >> >> > authoritative. That is the purpose of multi-master.... >> >> >> > >> >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32 >> >> >> > bit >> >> >> > >> >> >> > Any ideas as to what I can do to stop this from happening? >> >> >> > >> >> >> > Pat >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> > >> >> > >> >> >> > >> > >> > > -- Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
15 years, 10 months
0
0
DEL don't get synced
by Marc Patermann
Hi, under some circumstances DEL don't get replicated to the consumers (SyncRepl). I think this has to do with other changes at the some moment. I attached two logs excepts in sync.log. In the first except there is only a DEL Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 DEL dn="employeeNumber=19676,ou=humans,ou=foo" For this there is a Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 line for every connected consumer. In the second step there is a MOD and a DEL Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 MOD dn="ou=FA-WF,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=3 DEL dn="employeeNumber=24387,ou=humans,ou=foo" As far as I can see, there is only sync activity for the MOD action, and not for the DEL action. The DEL is not synced. Marc Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 fd=344 ACCEPT from IP=10.49.8.54:55702 (IP=0.0.0.0:389) Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=0 STARTTLS Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=0 RESULT oid= err=0 text= Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 fd=344 TLS established tls_ssf=256 ssf=256 Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=1 BIND dn="cn=human,ou=mgr,ou=foo" method=128 Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=1 BIND dn="cn=human,ou=mgr,ou=foo" mech=SIMPLE ssf=0 Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=1 RESULT tag=97 err=0 text= Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 DEL dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9186ee300 20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fb8c83c28d0 20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1639 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1640 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1641 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1642 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1645 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1648 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1643 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1647 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1655 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1644 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1664 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1660 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1665 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1670 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1649 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1683 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1692 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1646 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1659 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1658 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1666 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1653 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1675 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9fd5dccd8 20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1674 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1672 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1677 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1668 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1685 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1689 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1662 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1656 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1687 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1682 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1688 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1652 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1700 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1654 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1701 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1695 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1702 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1706 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1697 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1707 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1704 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1709 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=68291 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1705 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=68347 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1661 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1676 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1671 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1663 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1680 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1669 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1681 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1667 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1678 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1679 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fba2edfc470 20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1651 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 RESULT tag=107 err=0 text= Jan 31 09:16:01 ldapserver slapd[10641]: conn=1673 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1690 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1694 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1691 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1698 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131081601.377028Z#000000#000#000000 Jan 31 09:16:01 ldapserver slapd[10641]: conn=1703 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1657 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1719 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1708 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1650 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1717 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1686 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1684 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1693 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1699 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=1696 op=1 ENTRY dn="employeeNumber=19676,ou=humans,ou=foo" Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 fd=344 closed (connection lost) Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 fd=344 ACCEPT from IP=10.49.8.54:44064 (IP=0.0.0.0:389) Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=0 STARTTLS Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=0 RESULT oid= err=0 text= Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 fd=344 TLS established tls_ssf=256 ssf=256 Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=1 BIND dn="cn=human,ou=mgr,ou=foo" method=128 Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=1 BIND dn="cn=human,ou=mgr,ou=foo" mech=SIMPLE ssf=0 Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=1 RESULT tag=97 err=0 text= Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 MOD dn="ou=FA-WF,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 MOD attr=member Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fba1dff8e80 20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fba20314a80 20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=68347 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1706 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=68291 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1704 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1709 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1719 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1673 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1692 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1697 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1717 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1643 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1659 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1271 op=1 INTERM oid=1.3.6.1.4.1.4203.1.9.1.4 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1708 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1684 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1683 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9fcc32cd0 20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1695 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1672 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1677 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1674 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1701 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1679 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1675 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1703 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1678 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1681 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1667 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1687 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1670 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1680 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1705 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1671 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1676 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1665 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1669 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1660 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1661 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1650 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1668 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1699 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1657 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1694 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1656 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1666 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1663 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1649 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1651 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1646 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1702 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1693 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1664 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1686 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1688 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1682 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1641 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1685 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1707 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1645 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1642 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1640 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1690 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1700 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fbacf061590 20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=2 RESULT tag=103 err=0 text= Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: syncprov_sendresp: cookie=rid=401,csn=20120131093101.898916Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=1662 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1654 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1696 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1644 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1691 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1648 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1655 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1652 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1689 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1647 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1639 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1653 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=3 DEL dn="employeeNumber=24387,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1658 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: conn=1698 op=1 ENTRY dn="ou=fa-wf,ou=gruppen,ou=humans,ou=foo" Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9126e2300 20120131093101.913856Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: slap_queue_csn: queing 0x7fb9fd6e2b20 20120131093101.913856Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fbac92d6750 20120131093101.913856Z#000000#000#000000 Jan 31 10:31:01 ldapserver slapd[10641]: conn=79938 op=3 RESULT tag=107 err=0 text= Jan 31 10:31:01 ldapserver slapd[10641]: slap_graduate_commit_csn: removing 0x7fbacf061590 20120131093101.913856Z#000000#000#000000
12 years, 9 months
0
0
Re: Fwd: CSN too old, ignoring - and therefore not syncing
by Adrien Futschik
I'm facing a similar problem. I'm testing N-way multimaster replication with OpenLDAP 2.4.13. I'm able to successfully import data into an instance and have my two masters to sync correctly but then when I try to add a new entry in one of the two masters, I'm getting strange messages : let's say we have m1 & m2 (m1 & m2 are on the same server): I initial import data into m1, it is successfully imported into m2 (at least it looks like it). Then I'm trying to add an entry on m2 (cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr). I'm getting strange message on m1 & m2 : m1 log :(repetitively) [...] Entry ou=administrateurs,o=gazdefrance,c=fr CSN 20081224125950.481561Z#000000#001#000000 older or equal to ctx 20081224125950.481561Z#000000#001#000000 Entry cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr changed by peer, ignored syncprov_search_response: cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT [...] m2 log : (repetitively) [...] master where I added an entry : do_syncrep2: rid=004 LDAP_RES_INTERMEDIATE - SYNC_ID_SET do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT do_syncrep2: cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 [...] Is this a bug ? Am-I doing something wrong ? If I add the same entry to m1 and not m2 I get the following messages : on m2 : syncrepl_entry: rid=004 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) syncrepl_entry: rid=004 be_search (0) syncrepl_entry: rid=004 cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr <= bdb_equality_candidates: (entryCSN) not indexed <= bdb_inequality_candidates: (entryCSN) not indexed <= bdb_inequality_candidates: (entryCSN) not indexed syncprov_search_response: cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 syncrepl_entry: rid=004 be_add (0) do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT do_syncrep2: cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 <= bdb_inequality_candidates: (entryCSN) not indexed nonpresent_callback: rid=004 present UUID 96268508-6609-102d-9d8e-9742e72db399, dn c=fr nonpresent_callback: rid=004 present UUID 962af700-6609-102d-9d8f-9742e72db399, dn o=edfgdf,c=fr nonpresent_callback: rid=004 present UUID 962bd698-6609-102d-9d90-9742e72db399, dn ou=personnes,o=edfgdf,c=fr nonpresent_callback: rid=004 present UUID 962c00b4-6609-102d-9d91-9742e72db399, dn ou=appli,o=edfgdf,c=fr nonpresent_callback: rid=004 present UUID 962c2634-6609-102d-9d92-9742e72db399, dn ou=groupes,o=edfgdf,c=fr nonpresent_callback: rid=004 present UUID 962ca492-6609-102d-9d93-9742e72db399, dn ou=administrateurs,o=edfgdf,c=fr nonpresent_callback: rid=004 present UUID 962cce90-6609-102d-9d94-9742e72db399, dn o=edf,c=fr nonpresent_callback: rid=004 present UUID 962d7138-6609-102d-9d95-9742e72db399, dn ou=personnes,o=edf,c=fr nonpresent_callback: rid=004 present UUID 962d96f4-6609-102d-9d96-9742e72db399, dn ou=appli,o=edf,c=fr nonpresent_callback: rid=004 present UUID 962deafa-6609-102d-9d97-9742e72db399, dn ou=groupes,o=edf,c=fr nonpresent_callback: rid=004 present UUID 962ef026-6609-102d-9d98-9742e72db399, dn ou=administrateurs,o=edf,c=fr nonpresent_callback: rid=004 present UUID 962f156a-6609-102d-9d99-9742e72db399, dn o=gazdefrance,c=fr nonpresent_callback: rid=004 present UUID 962fca8c-6609-102d-9d9a-9742e72db399, dn ou=personnes,o=gazdefrance,c=fr nonpresent_callback: rid=004 present UUID 962fef76-6609-102d-9d9b-9742e72db399, dn ou=appli,o=gazdefrance,c=fr nonpresent_callback: rid=004 present UUID 9630106e-6609-102d-9d9c-9742e72db399, dn ou=groupes,o=gazdefrance,c=fr nonpresent_callback: rid=004 present UUID 9630bfa0-6609-102d-9d9d-9742e72db399, dn ou=administrateurs,o=gazdefrance,c=fr nonpresent_callback: rid=004 present UUID ae0e93d6-6609-102d-9d9e-9742e72db399, dn cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr slap_queue_csn: queing 0x843fef0 20081224132238.790862Z#000000#001#000000 slap_graduate_commit_csn: removing 0x83d6410 20081224132238.790862Z#000000#001#000000 on m1 : slap_queue_csn: queing 0x1df3860 20081224132238.790862Z#000000#001#000000 slap_graduate_commit_csn: removing 0x9703700 20081224132238.790862Z#000000#001#000000 <= bdb_equality_candidates: (entryCSN) not indexed <= bdb_inequality_candidates: (entryCSN) not indexed Entry ou=administrateurs,o=gazdefrance,c=fr CSN 20081224132158.749532Z#000000#001#000000 older or equal to ctx 20081224132158.749532Z#000000#001#000000 syncprov_search_response: cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 do_syncrep2: rid=005 LDAP_RES_INTERMEDIATE - SYNC_ID_SET do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT do_syncrep2: cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 Here is the entry I'm adding : dn: cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf, c=fr objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: ditPerson cn: adrien-externe.futschik(a)edfgdf.fr sn: Futschik givenName: Adrien uid: adrien-externe.futschik(a)edfgdf.fr mail: adrien-externe.futschik(a)edfgdf.fr telephonenumber: 0123456789 userpassword: {SSHA}GuU6CMRoOxp9EA1ANafzuRUXADKlBA0r allowedServices: appli20 pretty simple isn't it ? What's going wrong ? Adrien ======================================== Message date : Dec 23 2008, 07:39 PM From : "Gavin Henry" <gavin.henry(a)gmail.com> To : openldap-technical(a)openldap.org Copy to : Subject : Fwd: CSN too old, ignoring - and therefore not syncing ---------- Forwarded message ---------- From: Pat Riehecky <prieheck(a)iwu.edu> Date: Tue, 23 Dec 2008 12:34:33 -0600 Subject: Re: CSN too old, ignoring - and therefore not syncing To: Gavin Henry <gavin.henry(a)gmail.com> On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: > Where did you read that those were needed anyway? If it was the admin > guide then I need to fix it ;-) > > Gavin. I have no idea where I found those at... I know it wasn't the (recent) admin guide. It may have been from around the 2.4.8 release, but that is long gone... Pat > > On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: > >> Try dropping nopresent and reloadhint relating to ITS5669. You only > >> need these two syncprov settings on an accesslog db. > >> > >> Gavin. > > > > Thanks, that did the job! > > > > Pat > > > >> > >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: > >> >> Can you post your config somewhere? > >> > > >> > > >> > allow bind_v2 > >> > > >> > include /etc/ldap/schema/core.schema > >> > include /etc/ldap/schema/cosine.schema > >> > include /etc/ldap/schema/nis.schema > >> > include /etc/ldap/schema/inetorgperson.schema > >> > include /etc/ldap/schema/samba.schema > >> > include /etc/ldap/schema/eduperson-200412.schema > >> > include /etc/ldap/schema/hdb.schema > >> > include /etc/ldap/schema/IWU.schema > >> > > >> > pidfile /var/run/slapd/slapd.pid > >> > argsfile /var/run/slapd/slapd.args > >> > > >> > modulepath /usr/lib/ldap > >> > moduleload back_hdb > >> > moduleload back_monitor > >> > moduleload memberof > >> > moduleload syncprov > >> > moduleload smbk5pwd > >> > > >> > tool-threads 2 > >> > sizelimit 500 > >> > idletimeout 7200 > >> > > >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt > >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt > >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key > >> > TLSVerifyClient allow > >> > > >> > localSSF 160 > >> > security ssf=1 update_ssf=128 simple_bind=112 > >> > sasl-secprops noanonymous > >> > > >> > access to dn.base="" by * read > >> > access to dn.base="cn=Subschema" by * read > >> > > >> > backend hdb > >> > database hdb > >> > > >> > overlay memberof > >> > overlay smbk5pwd > >> > overlay syncprov > >> > > >> > smbk5pwd-enable samba > >> > smbk5pwd-enable krb5 > >> > smbk5pwd-must-change 0 > >> > > >> > syncprov-checkpoint 100 10 > >> > syncprov-sessionlog 200 > >> > syncprov-nopresent TRUE > >> > syncprov-reloadhint TRUE > >> > > >> > suffix "dc=iwu,dc=edu" > >> > > >> > rootdn "cn=admin,dc=iwu,dc=edu" > >> > rootpw {redacted} > >> > > >> > authz-regexp "uidNumber=0\\\ > >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" > >> > "cn=ldapi,dc=iwu,dc=edu" > >> > authz-regexp "gidNumber=.*\\\ > >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" > >> > "cn=ldapi,dc=iwu,dc=edu" > >> > > >> > authz-regexp "uid=(.+),cn=.+,cn=auth" "uid=$1,ou=People,dc=iwu,dc=edu" > >> > > >> > directory "/var/lib/ldap/" > >> > > >> > dbconfig set_cachesize 0 62914560 0 > >> > dbconfig set_lk_max_objects 1500 > >> > dbconfig set_lk_max_locks 1500 > >> > dbconfig set_lk_max_lockers 1500 > >> > > >> > # Make sure to do a nightly slapcat > >> > dbconfig set_flags DB_LOG_AUTOREMOVE > >> > > >> > index objectClass eq,pres > >> > index default eq,sub,pres > >> > index mail eq,sub,pres > >> > index sn eq,sub,pres > >> > index cn eq,sub,pres > >> > index displayName eq,sub,pres > >> > index gecos eq,sub,pres > >> > index uid eq,sub,pres > >> > index memberUid eq,sub,pres > >> > index uidNumber eq,pres > >> > index gidNumber eq,pres > >> > index entryCSN eq,pres > >> > index entryUUID eq,pres > >> > index uniqueMember eq,pres > >> > index userPassword eq,pres > >> > index krb5PrincipalName eq,pres > >> > index krb5PrincipalRealm eq,pres > >> > index sambaDomainName eq,pres > >> > index sambaSID eq,pres > >> > index sambaPrimaryGroupSID eq,pres > >> > index sambaSIDList eq,pres > >> > > >> > lastmod on > >> > > >> > checkpoint 256 15 > >> > > >> > password-hash {SSHA} > >> > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write > >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write > >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read > >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key > >> > by anonymous auth > >> > by self write > >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write > >> > by users auth > >> > by * break > >> > > >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none > >> > > >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by * > >> > none > >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none > >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none > >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self read > >> > by * none > >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by self > >> > read by * none > >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by * > >> > none > >> > > >> > access to > >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by self > >> > read by * none > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName > >> > by self write > >> > by users read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber > >> > by self read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid > >> > by * none > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength > >> > by self read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" by * read > >> > > >> > serverID 1 > >> > > >> > syncrepl rid=2 > >> >
provider=ldap://ldap2.iwu.edu/
> >> > schemachecking=off > >> > searchbase="dc=iwu,dc=edu" > >> > scope=sub > >> > type=refreshAndPersist > >> > binddn="cn=mirror,dc=iwu,dc=edu" > >> > credentials={redacted} > >> > bindmethod=simple > >> > starttls=yes > >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt > >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key > >> > tls_cacert=/etc/ldap/ssl/IWU.crt > >> > tls_reqcert=try > >> > interval=00:00:00:30 > >> > retry="15 +" > >> > timeout=1 > >> > timelimit=unlimited > >> > sizelimit=unlimited > >> > > >> > mirrormode on > >> > > >> > ############################### > >> > database monitor > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > > >> > access to dn.exact="cn=Monitor" > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > >> > by * none > >> > > >> > access to dn.subtree="cn=Monitor" > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > >> > by * none > >> > > >> > > >> >> > >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > >> >> > Here is the quick and dirty what I am trying to do: > >> >> > > >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time > >> >> > synced > >> >> > to
pool.ntp.org
and each other (if they drift I would rather they > >> >> > sorta > >> >> > drift together, but pool should be keeping that in check). > >> >> > > >> >> > Right now I am just beating them up to see how 2.4.13 performs. (So > >> >> > far > >> >> > VERY well, minus this little problem) > >> >> > > >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm > >> >> > starting small). Debug gives me > >> >> > > >> >> > ber_scanf fmt (m}) ber: > >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 > >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 > >> >> > 30 .<rid=001,sid=00 > >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 > >> >> > 2,csn=2008122217 > >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 > >> >> > 4721.855904Z#000 > >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 > >> >> > 000#001#000000 > >> >> > do_syncrep2: > >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 > >> >> > do_syncrep2: rid=001 CSN too old, ignoring > >> >> > 20081222174721.855904Z#000000#001#000000 > >> >> > ldap_msgfree > >> >> > > >> >> > I am not exactly sure how it gotten to be "too old." The ldif I am > >> >> > importing is not the result of a slapcat or anything that would > >> >> > preserve > >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am > >> >> > loading > >> >> > one single file with ldapadd which, in my understanding, sets up the > >> >> > CSN > >> >> > and wouldn't let me import one anyway. > >> >> > > >> >> > Each server has no entries until I load the one, so there shouldn't > >> >> > be > >> >> > any weird stale CSNs causing this. They are "sync'ed" almost > >> >> > instantly > >> >> > after the one system is loaded - I just don't have everything. > >> >> > > >> >> > After a sync: > >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 > >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 > >> >> > > >> >> > Right now I can get them in sync with a slapcat/slapadd, but when the > >> >> > go > >> >> > into production I wont be able to say for certain which one is > >> >> > authoritative. That is the purpose of multi-master.... > >> >> > > >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32 > >> >> > bit > >> >> > > >> >> > Any ideas as to what I can do to stop this from happening? > >> >> > > >> >> > Pat > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> > > >> > > >> > > > > > -- Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
Adrien Futschik
15 years, 10 months
0
0
TLS issue (again)
by Olivier
I had to renew my openssl certificates and now my ldap tls negociation doesn't work anymore : $ ldapsearch -ZZ -D uid=guillard,ou=staff,ou=people,dc=example,dc=fr -W uid=guillard -h ldap2.th3.example.fr ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Unknown code ___f 20 Here are the server configuration relevant directives : olcTLSCACertificateFile /etc/openldap/cacerts/CA.crt olcTLSCertificateFile /etc/openldap/cacerts/server.crt olcTLSCertificateKeyFile /etc/openldap/cacerts/server.key olcTLSCipherSuite HIGH ( see at the very end of this mail : these certificates are correct since I have successfully proceed to openssl connexion tests). and here are logs collected on the server side when receiving ldapsearch request : daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7): daemon: epoll: listen=7 busy >>> slap_listener(ldap://ldap2.th3.example.fr:389) daemon: listen=7, new connection on 15 daemon: added 15r (active) listener=(nil) conn=1003 fd=15 ACCEPT from IP=10.10.86.93:41013 (IP=10.1.92.25:389) daemon: activity on 2 descriptors daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=zero connection_get(15) connection_get(15): got connid=1003 connection_read(15): checking for input on id=1003 ber_get_next ldap_read: want=8, got=8 0000: 30 1d 02 01 01 77 18 80 0....w.. ldap_read: want=23, got=23 0000: 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 36 .1.3.6.1.4.1.146 0010: 36 2e 32 30 30 33 37 6.20037 ber_get_next: tag 0x30 len 29 contents: ber_dump: buf=0x7f272017aa70 ptr=0x7f272017aa70 end=0x7f272017aa8d len=29 0000: 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 ...w...1.3.6.1.4 0010: 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .1.1466.20037 op tag 0x77, time 1325683329 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1003 op=0 do_extended ber_scanf fmt ({m) ber: ber_dump: buf=0x7f272017aa70 ptr=0x7f272017aa73 end=0x7f272017aa8d len=26 0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037 conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037 do_extended: oid=1.3.6.1.4.1.1466.20037 conn=1003 op=0 STARTTLS send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush2: 14 bytes to sd 15 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ conn=1003 op=0 RESULT oid= err=0 text= daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=zero connection_get(15) connection_get(15): got connid=1003 connection_read(15): checking for input on id=1003 tls_read: want=3, got=3 0000: 80 3a 01 .:. tls_read: want=57, got=57 0000: 03 01 00 21 00 00 00 10 00 00 35 00 00 04 00 00 ...!......5..... 0010: 05 00 00 2f 00 00 0a 00 00 09 00 00 64 00 00 62 .../........d..b 0020: 00 00 03 00 00 06 00 00 ff 70 1e 75 15 46 04 b3 .........p.u.F.. 0030: 16 ed d1 87 1c 77 58 06 48 .....wX.H tls_write: want=2157, written=2157 0000: 16 03 01 08 68 02 00 00 4d 03 01 4f 04 52 81 3c ....h...M..O.R.< 0010: c6 b8 b6 8a d8 4a 75 83 a7 fc 09 13 2c c8 d4 d4 .....Ju.....,... 0020: ce e7 12 73 80 bc 42 f6 f2 05 de 20 6c db 35 d1 ...s..B.... l.5. 0030: e0 2b bb 93 a4 c2 8c 82 df 51 58 0a 93 e6 c9 ff .+.......QX..... 0040: 10 0d 92 08 6c 96 3e f8 92 aa d8 83 00 35 00 00 ....l.>......5.. 0050: 05 ff 01 00 01 00 0b 00 06 d3 00 06 d0 00 02 e3 ................ 0060: 30 82 02 df 30 82 01 c7 02 09 00 a6 1d 1f 28 63 0...0.........(c 0070: 5e 6a 57 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 ^jW0...*.H...... 0080: 05 00 30 81 87 31 0b 30 09 06 03 55 04 06 13 02 ..0..1.0...U.... 0090: 66 72 31 0f 30 0d 06 03 55 04 08 0c 06 66 72 61 fr1.0...U....fra 00a0: 6e 63 65 31 11 30 0f 06 03 55 04 07 0c 08 6d 6f nce1.0...U....mo 00b0: 6e 74 69 67 6e 79 31 0e 30 0c 06 03 55 04 0a 0c ntigny1.0...U... 00c0: 05 61 66 6e 69 63 31 0d 30 0b 06 03 55 04 0b 0c .example1.0...U... 00d0: 04 6c 64 61 70 31 0d 30 0b 06 03 55 04 03 0c 04 .ldap1.0...U.... 00e0: 6c 64 61 70 31 26 30 24 06 09 2a 86 48 86 f7 0d ldap1&0$..*.H... 00f0: 01 09 01 16 17 6f 6c 69 76 69 65 72 2e 67 75 69 .....olivier.gui 0100: 6c 6c 61 72 64 40 6e 69 63 2e 66 72 30 1e 17 0d llard(a)example.fr0... 0110: 31 31 31 32 32 39 31 35 33 39 35 38 5a 17 0d 32 111229153958Z..2 0120: 31 30 37 32 39 31 35 33 39 35 38 5a 30 81 a2 31 10729153958Z0..1 0130: 0b 30 09 06 03 55 04 06 13 02 66 72 31 0f 30 0d .0...U....fr1.0. 0140: 06 03 55 04 08 0c 06 66 72 61 6e 63 65 31 11 30 ..U....france1.0 0150: 0f 06 03 55 04 07 0c 08 6d 6f 6e 74 69 67 6e 79 ...U....myplace 0160: 31 0e 30 0c 06 03 55 04 0a 0c 05 61 66 6e 69 63 1.0...U....example 0170: 31 0d 30 0b 06 03 55 04 0b 0c 04 6c 64 61 70 31 1.0...U....ldap1 0180: 28 30 26 06 03 55 04 03 0c 1f 6c 64 61 70 32 2e (0&..U....ldap2. 0190: 64 61 74 61 62 61 73 65 2e 70 72 69 76 65 2e 74 t 01a0: 68 33 2e 6e 69 63 2e 66 72 31 26 30 24 06 09 2a h3.example.fr1&0$..* 01b0: 86 48 86 f7 0d 01 09 01 16 17 4f 6c 69 76 69 65 .H........Olivie 01c0: 72 2e 47 75 69 6c 6c 61 72 64 40 6e 69 63 2e 66 r.Guillard(a)example.f 01d0: 72 30 5c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 r0\0...*.H...... 01e0: 05 00 03 4b 00 30 48 02 41 00 bf 72 68 cc 54 9d ...K.0H.A..rh.T. 01f0: 10 d3 8b c0 4a 1b 5c 90 d6 03 7a 41 5e 05 6f 8d ....J.\...zA^.o. 0200: cc 2d 61 31 7b 94 0f c2 f7 c1 51 8a 4f d5 59 89 .-a1{.....Q.O.Y. 0210: 51 79 87 3f fa c3 5f af 30 8c 87 f8 ca be bb 0b Qy.?.._.0....... 0220: 28 8c d5 4a 3a 73 b5 a9 e3 d9 02 03 01 00 01 30 (..J:s.........0 0230: 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82 ...*.H.......... 0240: 01 01 00 c0 3c 2a 0a d4 af 13 24 b5 2a 2b e3 cd ....<*....$.*+.. 0250: 0f 57 f6 86 99 e1 ae ba d7 b2 87 4e 02 a6 d6 a3 .W.........N.... 0260: 7d 9f 7b 89 03 61 ac b6 40 9e 93 ca 8d 3a d4 95 }.{..a..@....:.. 0270: 7a 48 e2 9a 01 2f ed 3d 2b c3 96 41 c0 58 39 cf zH.../.=+..A.X9. 0280: 52 a2 db 08 78 85 c4 85 17 08 d8 11 62 60 8e d0 R...x.......b`.. 0290: b5 61 71 fe 83 d5 94 9d f2 42 1d b5 56 bd fa 67 .aq......B..V..g 02a0: db 8e bf 09 af ef e3 b0 c8 0a f1 38 8b bf 59 75 ...........8..Yu 02b0: 6a 21 01 c0 0b 8c cf 87 20 d2 2f d9 89 a0 37 11 j!...... ./...7. 02c0: a0 62 6a a1 32 4b ff e4 cf 30 4c 8f 8e ef d2 51 .bj.2K...0L....Q 02d0: ec cc d1 fc 21 43 58 5e 09 40 8b bf ca bb fc 4f ....!CX^.@.....O 02e0: d1 d4 e9 cf 80 8f b1 af 72 d0 ff c1 d7 52 f3 4b ........r....R.K 02f0: e3 85 69 ef e9 36 6e 4d 54 13 d2 bd 3b 93 ad ed ..i..6nMT...;... 0300: 6e 36 cc 4f e6 b9 c5 01 1e 86 c8 88 aa de a6 7b n6.O...........{ 0310: c1 99 9a 3f c5 69 9e af e0 94 6e ba 51 5b ec 2a ...?.i....n.Q[.* 0320: 2c aa 09 ff 4a 27 15 96 ad 9f b0 5c f0 c4 9c 34 ,...J'.....\...4 0330: 53 32 03 1c d4 e2 dd b8 96 88 d2 5d b2 c6 e1 5e S2.........]...^ 0340: 32 ba 81 00 03 e7 30 82 03 e3 30 82 02 cb a0 03 2.....0...0..... 0350: 02 01 02 02 09 00 a1 67 1e 44 66 c6 f6 59 30 0d .......g.Df..Y0. 0360: 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 81 87 ..*.H........0.. 0370: 31 0b 30 09 06 03 55 04 06 13 02 66 72 31 0f 30 1.0...U....fr1.0 0380: 0d 06 03 55 04 08 0c 06 66 72 61 6e 63 65 31 11 ...U....france1. 0390: 30 0f 06 03 55 04 07 0c 08 6d 6f 6e 74 69 67 6e 0...U....montign 03a0: 79 31 0e 30 0c 06 03 55 04 0a 0c 05 61 66 6e 69 y1.0...U....afni 03b0: 63 31 0d 30 0b 06 03 55 04 0b 0c 04 6c 64 61 70 c1.0...U....ldap 03c0: 31 0d 30 0b 06 03 55 04 03 0c 04 6c 64 61 70 31 1.0...U....ldap1 03d0: 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 &0$..*.H........ 03e0: 6f 6c 69 76 69 65 72 2e 67 75 69 6c 6c 61 72 64 olivier.guillard 03f0: 40 6e 69 63 2e 66 72 30 1e 17 0d 31 31 31 32 32 @example.fr0...11122 0400: 39 31 34 31 33 35 35 5a 17 0d 33 31 31 32 32 34 9141355Z..311224 0410: 31 34 31 33 35 35 5a 30 81 87 31 0b 30 09 06 03 141355Z0..1.0... 0420: 55 04 06 13 02 66 72 31 0f 30 0d 06 03 55 04 08 U....fr1.0...U.. 0430: 0c 06 66 72 61 6e 63 65 31 11 30 0f 06 03 55 04 ..france1.0...U. 0440: 07 0c 08 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c 06 ...myplace1.0.. 0450: 03 55 04 0a 0c 05 61 66 6e 69 63 31 0d 30 0b 06 .U....example1.0.. 0460: 03 55 04 0b 0c 04 6c 64 61 70 31 0d 30 0b 06 03 .U....ldap1.0... 0470: 55 04 03 0c 04 6c 64 61 70 31 26 30 24 06 09 2a U....ldap1&0$..* 0480: 86 48 86 f7 0d 01 09 01 16 17 6f 6c 69 76 69 65 .H........olivie 0490: 72 2e 67 75 69 6c 6c 61 72 64 40 6e 69 63 2e 66 r.guillard(a)example.f 04a0: 72 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 r0.."0...*.H.... 04b0: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 .........0...... 04c0: 01 00 c8 90 e1 61 d2 28 38 aa 35 a9 21 5b f7 2b .....a.(8.5.![.+ 04d0: f2 ed 04 5c 73 03 c5 f8 f9 97 5a 53 3b 39 bf aa ...\s.....ZS;9.. 04e0: 20 b8 45 c1 92 2e 27 ea bf b1 78 57 f9 41 a3 b3 .E...'...xW.A.. 04f0: 23 11 fc 8d 79 ea 21 a9 01 c0 ce 01 27 e6 0f a6 #...y.!.....'... 0500: 13 8d 12 5c 72 bf ba 60 41 71 76 94 99 da 43 f7 ...\r..`Aqv...C. 0510: e0 f9 b4 2f e7 25 7c 36 4f e9 4f dc 18 26 a9 7c .../.%|6O.O..&.| 0520: ad 98 2a 9c 91 16 76 41 31 1e 5d dd 81 2a b9 38 ..*...vA1.]..*.8 0530: ec 91 5c 91 11 03 fb 14 7d 59 d5 49 6d 32 42 c7 ..\.....}Y.Im2B. 0540: 66 73 58 b0 fb 02 b4 a0 4d 3e e3 3c ab ff 8c 42 fsX.....M>.<...B 0550: 83 51 b5 51 b7 19 71 61 f8 39 5c b7 8d 1a 70 97 .Q.Q..qa.9\...p. 0560: 69 5d e6 47 9e 7e ae ec 5c 7c be 73 7b d0 df df i].G.~..\|.s{... 0570: a7 53 6d a8 d3 d3 f6 7e e6 2f 13 3e c5 80 e6 f2 .Sm....~./.>.... 0580: fe 2a cc d4 1e 4d 3d 6a bc b0 a9 fa a5 51 12 31 .*...M=j.....Q.1 0590: 0e 41 2d 7a 8a 52 de 66 bd 3b 0c ef fa 9b fe 82 .A-z.R.f.;...... 05a0: df ad 1c 7f d9 53 4b c0 db fe f3 e6 b9 3d ea 5d .....SK......=.] 05b0: 66 7f fb 14 41 b5 0a e7 70 11 4e 5d 80 69 04 bd f...A...p.N].i.. 05c0: 9e 97 02 03 01 00 01 a3 50 30 4e 30 1d 06 03 55 ........P0N0...U 05d0: 1d 0e 04 16 04 14 24 05 af 2a 63 a4 0b 0f ae a4 ......$..*c..... 05e0: e2 2c e9 13 40 5a 8b d7 a4 41 30 1f 06 03 55 1d .,..@Z...A0...U. 05f0: 23 04 18 30 16 80 14 24 05 af 2a 63 a4 0b 0f ae #..0...$..*c.... 0600: a4 e2 2c e9 13 40 5a 8b d7 a4 41 30 0c 06 03 55 ..,..@Z...A0...U 0610: 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 ....0....0...*.H 0620: 86 f7 0d 01 01 05 05 00 03 82 01 01 00 57 2d 0a .............W-. 0630: d5 88 d0 98 2b 9e f9 d7 bc e6 82 08 65 25 d9 65 ....+.......e%.e 0640: 84 98 e3 da a3 36 a1 6f 40 3b d0 d8 16 3d 48 06 .....6.o@;...=H. 0650: 6c ee 99 fd b6 4c f3 3b 10 50 bb 71 97 6e 4d e0 l....L.;.P.q.nM. 0660: 77 48 57 5b db d1 e6 ca c8 80 79 d0 f5 17 94 5d wHW[......y....] 0670: 11 93 07 74 8b 5c 4b b1 ad 45 1f 5a 2c d9 6e e8 ...t.\K..E.Z,.n. 0680: d4 7a e4 99 e7 ba 86 36 93 1d 4c 0e 9b 13 4d ef .z.....6..L...M. 0690: 25 72 7b ae b0 f1 95 c0 17 dc 4a c0 ed 04 b5 54 %r{.......J....T 06a0: 98 90 47 2f dc f0 1c 5a ca b0 2e 0d ee 58 14 e8 ..G/...Z.....X.. 06b0: 2c d0 cd a8 d9 2c ae 2f 65 81 89 70 af f9 d8 01 ,....,./e..p.... 06c0: 1b 14 ae 63 1d 90 af 3d 29 71 7d 74 4a e8 7a e5 ...c...=)q}tJ.z. 06d0: ed a0 fb 9b ce 1d 5a e2 82 7e c4 bc 97 88 e7 06 ......Z..~...... 06e0: 66 86 77 23 85 29 2c b1 28 72 8c af a5 51 96 b1 f.w#.),.(r...Q.. 06f0: d5 dc 51 62 bd 2d e6 8f 4c 22 24 4e e1 c6 a3 64 ..Qb.-..L"$N...d 0700: 40 fc e9 d8 6d b1 48 d8 80 10 3a 6a bc 35 06 d9 @...m.H...:j.5.. 0710: 4c e8 4c e6 66 82 9d fd a9 a2 9f 3e 13 37 c0 52 L.L.f......>.7.R 0720: 3f c3 15 e1 3e 9c 05 67 b2 11 0d 38 a4 0d 00 01 ?...>..g...8.... 0730: 38 02 01 02 01 33 00 8a 30 81 87 31 0b 30 09 06 8....3..0..1.0.. 0740: 03 55 04 06 13 02 66 72 31 0f 30 0d 06 03 55 04 .U....fr1.0...U. 0750: 08 0c 06 66 72 61 6e 63 65 31 11 30 0f 06 03 55 ...france1.0...U 0760: 04 07 0c 08 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c ....myplace1.0. 0770: 06 03 55 04 0a 0c 05 61 66 6e 69 63 31 0d 30 0b ..U....example1.0. 0780: 06 03 55 04 0b 0c 04 6c 64 61 70 31 0d 30 0b 06 ..U....ldap1.0.. 0790: 03 55 04 03 0c 04 6c 64 61 70 31 26 30 24 06 09 .U....ldap1&0$.. 07a0: 2a 86 48 86 f7 0d 01 09 01 16 17 6f 6c 69 76 69 *.H........olivi 07b0: 65 72 2e 67 75 69 6c 6c 61 72 64 40 6e 69 63 2e er.guillard@example. 07c0: 66 72 00 a5 30 81 a2 31 0b 30 09 06 03 55 04 06 fr..0..1.0...U.. 07d0: 13 02 66 72 31 0f 30 0d 06 03 55 04 08 0c 06 66 ..fr1.0...U....f 07e0: 72 61 6e 63 65 31 11 30 0f 06 03 55 04 07 0c 08 rance1.0...U.... 07f0: 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c 06 03 55 04 myplace1.0...U. 0800: 0a 0c 05 61 66 6e 69 63 31 0d 30 0b 06 03 55 04 ...example1.0...U. 0810: 0b 0c 04 6c 64 61 70 31 28 30 26 06 03 55 04 03 ...ldap1(0&..U.. 0820: 0c 1f 6c 64 61 70 32 2e 64 61 74 61 62 61 73 65 ..ldap2. 0830: 2e 70 72 69 76 65 2e 74 68 33 2e 6e 69 63 2e 66 .th3.example.fr 0840: 72 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 1&0$..*.H....... 0850: 16 17 4f 6c 69 76 69 65 72 2e 47 75 69 6c 6c 61 .Olivier.Guilla 0860: 72 64 40 6e 69 63 2e 66 72 0e 00 00 00 rd(a)example.fr.... tls_read: want=5 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 15r daemon: read active on 15 daemon: epoll: listen=7 active_threads=0 tvp=zero connection_get(15) connection_get(15): got connid=1003 connection_read(15): checking for input on id=1003 tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 30 .0 TLS: error: accept - force handshake failure: errno 11 - moznss error -12195 TLS: can't accept: TLS error -12195:Unknown code ___P 93. connection_read(15): TLS accept failure error=-1 id=1003, closing connection_closing: readying conn=1003 sd=15 for close connection_close: conn=1003 sd=15 daemon: removing 15 conn=1003 fd=15 closed (TLS negotiation failure) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero ^Cdaemon: shutdown requested and initiated. daemon: closing 7 connection_closing: readying conn=1000 sd=13 for close connection_close: conn=1000 sd=13 daemon: removing 13 conn=1000 fd=13 closed (slapd shutdown) As far as I can see it doesn't looks like [root@ldap2 cacerts]# openssl s_server -accept 5555 -key /etc/openldap/cacerts/server.key -cert /etc/openldap/cacerts/server.crt -state Using default temp DH parameters ACCEPT SSL_accept:before/accept initialization SSL_accept:SSLv3 read client hello A SSL_accept:SSLv3 write server hello A SSL_accept:SSLv3 write certificate A SSL_accept:SSLv3 write key exchange A SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:SSLv3 read client key exchange A SSL_accept:SSLv3 read finished A SSL_accept:SSLv3 write session ticket A SSL_accept:SSLv3 write change cipher spec A SSL_accept:SSLv3 write finished A SSL_accept:SSLv3 flush data -----BEGIN SSL SESSION PARAMETERS----- MFoCAQECAgMBBAIAOQQABDB88nXC0TcyHgrQcZ+51a/16Nw874VzV1cEEkOMwfSy VCIJ8jOiylXmk2gHkAK7y6OhBgIETwRP56IEAgIBLKQGBAQBAAAAqwMEAQE= -----END SSL SESSION PARAMETERS----- Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-SHA:CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 CIPHER is DHE-RSA-AES256-SHA Secure Renegotiation IS supported ERROR shutting down SSL CONNECTION CLOSED ACCEPT [guillard@fouine ~]$ openssl s_client -CAfile /etc/openldap/cacerts/CA.crt -connect ldap2.th3.example.fr:5555 CONNECTED(00000003) depth=1 C = fr, ST = france, L = myplace, O = example, OU = ldap, CN = ldap, emailAddress = olivier.guillard(a)example.fr verify return:1 depth=0 C = fr, ST = france, L = myplace, O = example, OU = ldap, CN = ldap2.th3.example.fr, emailAddress = Olivier.Guillard(a)example.fr verify return:1 --- Certificate chain 0 s:/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap2.th3.example.fr/emailAddress=Olivier.Guillard@example.fr i:/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap/emailAddress=olivier.guillard@example.fr --- Server certificate -----BEGIN CERTIFICATE----- MIIC3zCCAccCCQCmHR8oY15qVzANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMC ZnIxDzANBgNVBAgMBmZyYW5jZTERMA8GA1UEBwwIbW9udGlnbnkxDjAMBgNVBAoM BWFmbmljMQ0wCwYDVQQLDARsZGFwMQ0wCwYDVQQDDARsZGFwMSYwJAYJKoZIhvcN AQkBFhdvbG24KJJD7GJVBIYTIVHTFJCGFDHGFXGRFCYTDFYTDjkxNTM5NThaFw0y MTA3MjkxNTM5NThaMIGiMQswCQYDVQQGEwJmcjEPMA0GA1UECAwGZnJhbmNlMREw DwYDVQQHDAhtb250aWdueTEOMAwGA1UECgwFYWZuaWMxDTALBgNVBAsMBGxkYXAx KDAmBgNVBAMMH2xkYXAyLmRhdGFiYXNlLnByaXZlLnRoMy5uaWMuZnIxJjAkBgkq hkiG9w0BCQEWFNBIHGJ4UTFHGXCYTDCYXDYCYTFCUGCUTTFUYFUJKoZIhvcNAQEB BQADSwAwSAJBAL9yaMxUnRDTi8BKG1yQ1gN6QV4Fb43MLWExe5QPwvfBUYpP1VmJ UXmHP/rDX68wjIf4yr67CyiM1Uo6c7Wp49kCAwEAATANBgkqhkiG9w0BAQUFAAOC AQEAwDwqCtSvEyS1KivjzQ9X9oaZ4a6617KHTgKm1qN9n3uJA2GstkCek8qNOtSV ekjimgEv7T0rw5ZBwFg5z1Ki2wh4hcSFFwjYEWJgjtC1YXH+g9WUnfJCHbVWvfpn 246NBVJHJHVJVJJKVJHVJHVJKHVJHVJHVJHVJHVJHVJHVJHVJHVJHVJHVJHV79JR 7MzR/CFDWF4JQIu/yrv8T9HU6c+Aj7GvctD/wddS80vjhWnv6TZuTVQT0r07k63t bjbMT+a5xQEehsiIqt6me8GZmj/FaZ6v4JRuulFb7Cosqgn/SicVlq2fsFzwxJw0 UzIDHNTi3biWiNJdssbhXjK6gQ== -----END CERTIFICATE----- subject=/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap2.th3.example.fr/emailAddress=Olivier.Guillard(a)example.fr issuer=/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap/emailAddress=olivier.guillard(a)example.fr --- No client certificate CA names sent --- SSL handshake has read 1265 bytes and written 247 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 512 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: DBCDE5CD6EB4D7FF8C38DD1557CA90EDBEDDCB27600CFA4D1FD9D58388A11EBE Session-ID-ctx: Master-Key: 7CF275C2D137321E0AD0719FB9D5AFF5E8DC3CEF857357570412438CC1F4B2542209F233A2CA55E69368079002BBCBA3 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - c2 bb 20 23 85 0a cf b0-bc b2 6d cd 4b d2 32 0e .. #......m.K.2. 0010 - 6f 51 29 7f 3a 44 c3 95-76 c2 c6 23 e5 8d 98 3c oQ).:D..v..#...< 0020 - 7a b9 eb 6b 8e d1 c5 c4-57 74 26 34 4c db ec fe z..k....Wt&4L... 0030 - a9 3b 77 12 fb 74 67 fb-57 f1 8f 2a 71 d3 a6 ae .;w..tg.W..*q... 0040 - 17 48 9e bf 7d 94 1f c3-d4 02 6e 7f 27 07 f4 d6 .H..}.....n.'... 0050 - 98 6f 24 6c f9 63 b7 4c-cd ce d8 85 e5 be 3e fd .o$l.c.L......>. 0060 - 65 a2 1b 36 cc 26 76 3b-d3 f6 cf e1 f9 a7 c3 c2 e..6.&v;........ 0070 - 2f fe 8f 3c 7c d1 0f 58-43 be d7 a5 64 69 04 91 /..<|..XC...di.. 0080 - cb 68 08 82 fe 8d 9d 4e-1b 0f 96 27 59 5e d8 76 .h.....N...'Y^.v 0090 - be 44 01 6d 53 2e 9e 67-22 07 35 d1 6f a4 80 e1 .D.mS..g".5.o... Compression: 1 (zlib compression) Start Time: 1325682663 Timeout : 300 (sec) Verify return code: 0 (ok) --- ^C
12 years, 10 months
0
0
syncrepl problems
by Bram Cymet
Hi, I am trying to set up a syncrepl consumer. I have done this a number of times without any problem. The consumer seems to be connecting via TLS to the producer and authenticating but the consumer directory never gets populated. Here is the log from the producer: Nov 22 19:19:57 anubis slapd[24088]: slap_listener_activate(7): Nov 22 19:19:57 anubis slapd[24088]: >>> slap_listener(ldap://) Nov 22 19:19:57 anubis slapd[24088]: conn=1026 fd=15 ACCEPT from IP=172.20.150.141:38831 (IP=0.0.0.0:389) Nov 22 19:19:57 anubis slapd[24088]: connection_get(15) Nov 22 19:19:57 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:57 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:57 anubis slapd[24088]: op tag 0x77, time 1290471597 Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 do_extended Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Nov 22 19:19:57 anubis slapd[24088]: do_extended: oid=1.3.6.1.4.1.1466.20037 Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 STARTTLS Nov 22 19:19:57 anubis slapd[24088]: send_ldap_extended: err=0 oid= len=0 Nov 22 19:19:57 anubis slapd[24088]: send_ldap_response: msgid=1 tag=120 err=0 Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 RESULT oid= err=0 text= Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): unable to get TLS client DN, error=49 id=1026 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 TLS established tls_ssf=256 ssf=256 Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: op tag 0x60, time 1290471598 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 do_bind Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal: <uid=syncrepl,ou=system,dc=ls,dc=cbn>, <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128 Nov 22 19:19:58 anubis slapd[24088]: do_bind: version=3 dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128 Nov 22 19:19:58 anubis slapd[24088]: ==> hdb_bind: dn: uid=syncrepl,ou=system,dc=ls,dc=cbn Nov 22 19:19:58 anubis slapd[24088]: bdb_dn2entry("uid=syncrepl,ou=system,dc=ls,dc=cbn") Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: result not in cache (userPassword) Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access to "uid=syncrepl,ou=system,dc=ls,dc=cbn" "userPassword" requested Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [2] attr userPassword Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry "uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0) Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: uid=syncrepl,ou=system,dc=ls,dc=cbn Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: * Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying +0 (break) Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: =0 Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [3] attr userPassword Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry "uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0) Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: self Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: * Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying auth(=xd) (stop) Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: auth(=xd) Nov 22 19:19:58 anubis slapd[24088]: => slap_access_allowed: auth access granted by auth(=xd) Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access granted by auth(=xd) Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" mech=SIMPLE ssf=0 Nov 22 19:19:58 anubis slapd[24088]: do_bind: v3 bind: "uid=syncrepl,ou=system,dc=ls,dc=cbn" to "uid=syncrepl,ou=system,dc=ls,dc=cbn" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=1 p=3 Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 matched="" text="" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=2 tag=97 err=0 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 RESULT tag=97 err=0 text= Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: op tag 0x63, time 1290471598 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 do_search Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal: <dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal: <dc=ls,dc=cbn>, <dc=ls,dc=cbn> Nov 22 19:19:58 anubis slapd[24088]: SRCH "dc=ls,dc=cbn" 2 0 Nov 22 19:19:58 anubis slapd[24088]: 0 0 0 Nov 22 19:19:58 anubis slapd[24088]: filter: (objectClass=*) Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls: oid="1.3.6.1.4.1.4203.1.9.1.1" (noncritical) Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (critical) Nov 22 19:19:58 anubis slapd[24088]: <= get_ctrls: n=2 rc=0 err="" Nov 22 19:19:58 anubis slapd[24088]: attrs: Nov 22 19:19:58 anubis slapd[24088]: * Nov 22 19:19:58 anubis slapd[24088]: + Nov 22 19:19:58 anubis slapd[24088]: Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH base="dc=ls,dc=cbn" scope=2 deref=0 filter="(objectClass=*)" Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH attr=* + Nov 22 19:19:58 anubis slapd[24088]: ==> limits_get: conn=1026 op=2 self="uid=syncrepl,ou=system,dc=ls,dc=cbn" this="dc=ls,dc=cbn" Nov 22 19:19:58 anubis slapd[24088]: <== limits_get: type=DN match=EXACT dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=2 p=3 Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 matched="" text="" Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=3 tag=101 err=0 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for input on id=1026 Nov 22 19:19:58 anubis slapd[24088]: op tag 0x42, time 1290471598 Nov 22 19:19:58 anubis slapd[24088]: ber_get_next on fd 15 failed errno=0 (Success) Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 do_unbind Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 UNBIND Nov 22 19:19:58 anubis slapd[24088]: connection_close: conn=1026 sd=15 Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 closed Here is the log from the consumer: Nov 22 18:22:49 mgaauth1 slapd[12587]: daemon: shutdown requested and initiated. Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: waiting for 0 operations/tasks to finish Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: initiated Nov 22 18:22:49 mgaauth1 slapd[12587]: ====> bdb_cache_release_all Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd destroy: freeing system resources. Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=001 Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=002 Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd stopped. Nov 22 18:22:52 mgaauth1 slapd[12638]: @(#) $OpenLDAP: slapd 2.4.20 (Jun 16 2010 10:21:06) $ abuild@anonymi:/usr/src/packages/BUILD/openldap-2.4.20/servers/slapd Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn=schema objectClass: olcSchemaConfig cn: schema structuralObjectClass: olcSchemaConfig entryUUID: 1a05f3b8-8ade-102f-8d02-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.437126Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=schema> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=schema>, <cn=schema> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn=schema) -> 0x7ff49ab19758 Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={0}core objectClass: olcSchemaConfig cn: {0}core olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{32768} ) olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f amily) name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two- letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 S INGLE-VALUE ) olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc ality which this object resides in' SUP name ) olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2 256: state or province which this object resides in' SUP name ) olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 : organization this object belongs to' SUP name ) olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC ' RFC2256: organizational unit this object belongs to' SUP name ) olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ) olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15{40} ) olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{40} ) olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.22 ) olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.36{15} ) olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256 : international ISDN number' EQUALITY numericStringMatch SUBSTR numericString SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d estination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256 : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU E ) olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: pr esentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.43 SINGLE-VALUE ) olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC 2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a gro up' SUP distinguishedName ) olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob ject)' SUP distinguishedName ) olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ) olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.8 ) olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.8 ) olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256 : X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.9 ) olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC22 56: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.9 ) olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X .509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 0 ) olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir st name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s ome or all of names, but not the surname(s).' SUP name ) olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na me qualifier indicating a generation' SUP name ) olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X .500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.6 ) olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifi er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: en hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: pr otocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.42 ) olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .34 ) olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' S UP name ) olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ) olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbo x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR ca seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {49}( 0.9.234 Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={0}core> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={0}core>, <cn={0}core> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={0}core) -> 0x7ff49ab19758 Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={1}cosine objectClass: olcSchemaConfig cn: {1}cosine olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15{256} ) olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 ) olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.50 ) olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.12 ) olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.50 ) olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .50 ) olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15{256} ) olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN GLE-VALUE ) olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 23 ) olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 ) olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep hone Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={1}cosine> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={1}cosine>, <cn={1}cosine> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={1}cosine) -> 0x7ff49ab19758 Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif" Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={2}inetorgperson objectClass: olcSchemaConfig cn: {2}inetorgperson olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF C2798: numerically identifies an employee within an organization' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.5 ) olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.5 ) olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) structuralObjectClass: olcSchemaConfig entryUUID: 1a06766c-8ade-102f-8d05-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.440473Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={2}inetorgperson> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={2}inetorgperson>, <cn={2}inetorgperson> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={2}inetorgperson) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={3}rfc2307bis objectClass: olcSchemaConfig cn: {3}rfc2307bis olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 ) olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr oup triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service p ort number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE ) olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Servi ce protocol name' SUP name ) olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP pro tocol number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC nu mber' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 addre sses as a dotted decimal omitting leading zeros or IPv6 addresses as de fined in RFC2373' SUP name ) olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw ork as a dotted decimal, eg. 192.168, omitting leading zeros' SUP name SINGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm ask as a dotted decimal, eg. 255.255.255.0, omitting leading zeros' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' EQUALI TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp aramd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 ) olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a A generic NIS map' SUP name ) olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic N IS entry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {25}( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE ) olcAttributeTypes: {26}( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE ) olcAttributeTypes: {27}( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {28}( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automo unt Map Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {29}( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {30}( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Au tomount information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY D ESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNu mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid MAY ( userPassword $ description $ shadowLastChange $ shadowMin $ shadowMax $ shado wWarning $ shadowInactive $ shadowExpire $ shadowFlag ) ) olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY DES C 'Abstraction of a group of accounts' MUST gidNumber MAY ( userPassword $ me mberUid $ description ) ) olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL DES C 'Abstraction an Internet Protocol service. Maps an IP port and protoc ol (such as tcp or udp) to one or more names; the distinguished value o f the cn attribute denotes the services canonical name' MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description ) olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL DE SC 'Abstraction of an IP protocol. Maps a protocol number to one or mor e names. The distinguished value of the cn attribute denotes the protoc ols canonical name' MUST ( cn $ ipProtocolNumber ) MAY description ) olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL DESC ' Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedur e Call (RPC) binding. This class maps an ONC RPC number to a name. The distinguished value of the cn attribute denotes the RPC services can onical name' MUST ( cn $ oncRpcNumber ) MAY description ) olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY DESC 'A bstraction of a host, an IP device. The distinguished value of the cn a ttribute denotes the hosts canonical name. Device SHOULD be used as a s tructural class' MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ descript ion $ manager ) ) olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL DES C 'Abstraction of a network. The distinguished value of the cn attribut e denotes the networks canonical name' MUST ipNetworkNumber MAY ( cn $ ipNetm askNumber $ l $ description $ manager ) ) olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL D ESC 'Abstraction of a netgroup. May refer to other netgroups' MUST cn MAY ( n isNetgroupTriple $ memberNisNetgroup $ description ) ) olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL DESC ' A generic abstraction of a NIS map' MUST nisMapName MAY description ) olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL D ESC 'An entry in a NIS map' MUST ( cn $ nisMapE Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={3}rfc2307bis> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={3}rfc2307bis>, <cn={3}rfc2307bis> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={3}rfc2307bis) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={4}yast.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={4}yast objectClass: olcSchemaConfig cn: {4}yast olcObjectIdentifier: {0}SUSE 1.3.6.1.4.1.7057 olcObjectIdentifier: {1}SUSE.YaST SUSE:10.1 olcObjectIdentifier: {2}SUSE.YaST.ModuleConfig SUSE:10.1.2 olcObjectIdentifier: {3}SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1 olcObjectIdentifier: {4}SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2 olcAttributeTypes: {0}( SUSE.YaST.ModuleConfig.Attr:2 NAME ( 'suseDefaultBase' ) DESC 'Base DN where new Objects should be created by default' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {1}( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId ' ) DESC 'Next unused unique ID, can be used to generate directory wide uniqe IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {2}( SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' ) DESC 'lower Border for Unique IDs' EQUALITY integerMatch ORDERING integerO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {3}( SUSE.YaST.ModuleConfig.Attr:5 NAME ( 'suseMaxUniqueId' ) DESC 'upper Border for Unique IDs' EQUALITY integerMatch ORDERING integerO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTempl ate' ) DESC 'The DN of a template that should be used by default' EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {5}( SUSE.YaST.ModuleConfig.Attr:7 NAME ( 'suseSearchFilter ' ) DESC 'Search filter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE ) olcAttributeTypes: {6}( SUSE.YaST.ModuleConfig.Attr:11 NAME ( 'suseDefaultValu e' ) DESC 'an Attribute-Value-Assertions to define defaults for specific Attr ibutes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {7}( SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttri bute' ) DESC 'AttributeType that should be used as the RDN' EQUALITY caseIgno reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {8}( SUSE.YaST.ModuleConfig.Attr:15 NAME ( 'suseSecondaryGr oup' ) DESC 'seconday group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {9}( SUSE.YaST.ModuleConfig.Attr:16 NAME ( 'suseMinPassword Length' ) DESC 'minimum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE ) olcAttributeTypes: {10}( SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswor dLength' ) DESC 'maximum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA LUE ) olcAttributeTypes: {11}( SUSE.YaST.ModuleConfig.Attr:18 NAME ( 'susePasswordHa sh' ) DESC 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {12}( SUSE.YaST.ModuleConfig.Attr:19 NAME ( 'suseSkelDir' ) DESC '' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}( SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' ) DESC 'plugin to use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {14}( SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribu te' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {15}( SUSE.YaST.ModuleConfig.Attr:22 NAME ( 'suseImapServer ' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {16}( SUSE.YaST.ModuleConfig.Attr:23 NAME ( 'suseImapAdmin' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {17}( SUSE.YaST.ModuleConfig.Attr:24 NAME ( 'suseImapDefaul tQuota' ) DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {18}( SUSE.YaST.ModuleConfig.Attr:25 NAME ( 'suseImapUseSsl ' ) DESC '' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.7 SINGLE-VALUE ) olcObjectClasses: {0}( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfigurati on' SUP top STRUCTURAL DESC 'Contains configuration of Management Modu les' MUST ( cn ) MAY ( suseDefaultBase )) olcObjectClasses: {1}( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfiguration ' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user m anagement tools' MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute )) olcObjectClasses: {2}( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate' SUP top STRUCTURAL DESC 'Base Class for Object-Templates' MUST ( cn ) M AY ( susePlugin $ suseDefaultValue $ suseNamingAttribute )) olcObjectClasses: {3}( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'User object template' MUST ( cn ) MAY ( suseSecondaryGroup )) olcObjectClasses: {4}( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'Group object template' MUST ( cn )) olcObjectClasses: {5}( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfiguratio n' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user management tools' MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUni queId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribut e )) olcObjectClasses: {6}( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of CA manage ment tools') olcObjectClasses: {7}( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of mail se rver management tools') olcObjectClasses: {8}( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfiguratio n' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of DHCP server management tools') olcObjectClasses: {9}( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfiguratio n' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of IMAP user management tools' MUST ( suseImapServer $ suseImapAdmin $ suseImap DefaultQuota $ suseImapUseSsl )) structuralObjectClass: olcSchemaConfig entryUUID: 1a06ad4e-8ade-102f-8d07-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.441878Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={4}yast> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={4}yast>, <cn={4}yast> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={4}yast) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={5}kerberos.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={5}kerberos objectClass: olcSchemaConfig cn: {5}kerberos olcAttributeTypes:: ezB9KCAyLjE2Ljg0MC4xLjExMzcxOS4xLjMwMS40LjEuMSAgICAgICAgIC AgICAgIE5BTUUgJ2tyYlByaW5jaXBhbE5hbWUnICAgICAgICAgICAgICAgRVFVQUxJVFkgY2FzZUV 4YWN0SUE1TWF0Y2ggCVNVQlNUUiBjYXNlRXhhY3RTdWJzdHJpbmdzTWF0Y2ggICAgICAgICAgICAg ICBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYp olcAttributeTypes: {1}( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanoni calName' EQUALITY caseExactIA5Match SUBSTR caseEx actSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) olcAttributeTypes: {2}( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbP rincipalType' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {3}( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbU PEnabled' DESC 'Boolean' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE) olcAttributeTypes: {4}( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbP rincipalExpiration' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {5}( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbT icketFlags' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {6}( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbM axTicketLife' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {7}( 2.16.840.1.113719.1.301.4.10.1 NAME 'krb MaxRenewableAge' EQUALITY integerMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {8}( 2.16.840.1.113719.1.301.4.14.1 NAME 'krb RealmReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {9}( 2.16.840.1.113719.1.301.4.15.1 NAME 'krb LdapServers' EQUALITY caseIgnoreMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {10}( 2.16.840.1.113719.1.301.4.17.1 NAME 'kr bKdcServers' EQUALITY distinguishedNameMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {11}( 2.16.840.1.113719.1.301.4.18.1 NAME 'kr bPwdServers' EQUALITY distinguishedNameMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {12}( 2.16.840.1.113719.1.301.4.24.1 NAME 'kr bHostServer' EQUALITY caseExactIA5Match SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {13}( 2.16.840.1.113719.1.301.4.25.1 NAME 'kr bSearchScope' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {14}( 2.16.840.1.113719.1.301.4.26.1 NAME 'kr bPrincipalReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {15}( 2.16.840.1.113719.1.301.4.28.1 NAME 'kr bPrincNamingAttr' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) olcAttributeTypes: {16}( 2.16.840.1.113719.1.301.4.29.1 NAME 'kr bAdmServers' EQUALITY distinguishedNameMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {17}( 2.16.840.1.113719.1.301.4.30.1 NAME 'kr bMaxPwdLife' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {18}( 2.16.840.1.113719.1.301.4.31.1 NAME 'kr bMinPwdLife' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {19}( 2.16.840.1.113719.1.301.4.32.1 NAME 'kr bPwdMinDiffChars' EQUALITY integerMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {20}( 2.16.840.1.113719.1.301.4.33.1 NAME 'kr bPwdMinLength' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {21}( 2.16.840.1.113719.1.301.4.34.1 NAME 'kr bPwdHistoryLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {22}( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMax Failure' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {23}( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFai lureCountInterval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {24}( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLoc koutDuration' EQUALITY integerMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: {25}( 2.16.840.1.113719.1.301.4.36.1 NAME 'kr bPwdPolicyReference' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) olcAttributeTypes: {26}( 2.16.840.1.113719.1.301.4.37.1 NAME 'kr bPasswordExpiration' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {27}( 2.16.840.1.113719.1.301.4.39.1 NAME 'kr bPrincipalKey' EQUALITY octetStringMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.40) olcAttributeTypes: {28}( 2.16.840.1.113719.1.301.4.40.1 NAME 'kr bTicketPolicyReference' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) olcAttributeTypes: {29}( 2.16.840.1.113719.1.301.4.41.1 NAME 'kr bSubTrees' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {30}( 2.16.840.1.113719.1.301.4.42.1 NAME 'kr bDefaultEncSaltTypes' EQUALITY caseIgnoreMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {31}( 2.16.840.1.113719.1.301.4.43.1 NAME 'kr bSupportedEncSaltTypes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {32}( 2.16.840.1.113719.1.301.4.44.1 NAME 'kr bPwdHistory' EQUALITY octetStringMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.40) olcAttributeTypes: {33}( 2.16.840.1.113719.1.301.4.45.1 NAME 'kr bLastPwdChange' EQUALITY generalizedTimeMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {34}( 2.16.840.1.113719.1.301.4.46.1 NAME 'kr bMKey' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.40) olcAttributeTypes: {35}( 2.16.840.1.113719.1.301.4.47.1 NAME 'kr bPrincipalAliases' EQUALITY caseExactIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {36}( 2.16.840.1.113719.1.301.4.48.1 NAME 'kr bLastSuccessfulAuth' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {37}( 2.16.840.1.113719.1.301.4.49.1 NAME 'kr bLastFailedAuth' EQUALITY generalizedTimeMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) olcAttributeTypes: {38}( 2.16.840.1.113719.1.301.4.50.1 NAME 'kr bLo Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={5}kerberos> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={5}kerberos>, <cn={5}kerberos> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={5}kerberos) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={6}uidnext.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={6}uidnext objectClass: olcSchemaConfig cn: {6}uidnext olcObjectClasses: {0}( 1.1.2.2.1.30 NAME 'uidnext' SUP top STRUCTURAL MUST ( cn $ uidNumber )) structuralObjectClass: olcSchemaConfig entryUUID: 189d1db6-8adf-102f-87a7-a13f60af0032 creatorsName: cn=config createTimestamp: 20101122235057Z entryCSN: 20101122235057.569075Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122235057Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={6}uidnext> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn={6}uidnext>, <cn={6}uidnext> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={6}uidnext) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig olcDatabase: {-1}frontend olcAccess: {0}to dn.base="" by * read olcAccess: {1}to dn.base="cn=Subschema" by * read structuralObjectClass: olcDatabaseConfig entryUUID: 1a06c66c-8ade-102f-8d08-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.442520Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcDatabase={-1}frontend> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcDatabase={-1}frontend>, <olcDatabase={-1}frontend> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcDatabase={-1}frontend) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="uid=syncrepl,ou=system,dc=ls,dc=cbn" read by * break olcLimits: {0}dn.exact="uid=syncrepl,ou=system,dc=ls,dc=cbn" size.soft=unlimit ed olcRootDN: cn=config olcRootPW:: e1NTSEF9K3hqNDB5T2U1ZGtyTU45aWVrMGhpSlFMMFVGUlFVNWFXZz09 olcSecurity: simple_bind=128 ssf=71 olcSyncrepl: {0}rid=1 provider="ldap://mgaauth1.ni.ls.cbn/" searchbase="cn=con fig" type="refreshAndPersist" retry="120 +" starttls=critical tls_reqcert=dem and bindmethod="simple" binddn="uid=syncrepl,ou=system,dc=ls,dc=cbn" credenti als="I9BpLVmLdOaL" olcUpdateRef: ldap://mgaauth1.ni.ls.cbn/ structuralObjectClass: olcDatabaseConfig entryUUID: 1a06cd10-8ade-102f-8d09-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.442690Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcDatabase={0}config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcDatabase={0}config>, <olcDatabase={0}config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcDatabase={0}config) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=config>, <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=config>, <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcOverlay={0}syncprov objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 10 structuralObjectClass: olcSyncProvConfig entryUUID: 1a06d9fe-8ade-102f-8d0a-5da984889200 creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: 20101122234350.443021Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101122234350Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcOverlay={0}syncprov> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcOverlay={0}syncprov>, <olcOverlay={0}syncprov> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcOverlay={0}syncprov) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif" Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=ls,dc=cbn olcAccess: {0}to attrs=userPassword by self write by * auth olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to attrs=userPKCS12 by self read by * none olcAccess: {3}to * by * read olcRootDN: cn=admin,dc=ls,dc=cbn olcRootPW:: e1NTSEF9TkJSVVEyR0FGMlNQN1dsbFh3eS9GK2t5MFBST1UxaEpWQT09 olcUpdateRef: ldap://anubis.ls.cbn/ olcDbCacheSize: 10000 olcDbCheckpoint: 1024 5 olcDbConfig: {0}set_cachesize 0 15000000 1 olcDbConfig: {1}set_lg_regionmax 262144 olcDbConfig: {2}set_lg_bsize 2097152 olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE olcDbIDLcacheSize: 30000 olcDbIndex: objectclass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: member eq olcDbIndex: memberUid eq olcDbIndex: mail eq olcDbIndex: cn eq,sub olcDbIndex: displayName eq,sub olcDbIndex: uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: givenName eq,sub olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq structuralObjectClass: olcHdbConfig entryUUID: 65b86196-8adf-102f-87a8-a13f60af0032 creatorsName: cn=config createTimestamp: 20101122235306Z olcSyncrepl: {0}rid=2 provider="ldap://anubis.ls.cbn/" searchbase="dc=ls,dc=cb n" type="refreshOnly" retry="120 +" interval="00:00:01:00" starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,ou=system,dc=ls,d c=cbn" credentials="lieguYwHee" entryCSN: 20101123001649.251496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20101123001649Z " Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <olcDatabase={1}hdb> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <olcDatabase={1}hdb>, <olcDatabase={1}hdb> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(olcDatabase={1}hdb) -> 0x7ff49ab19758 Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <dc=ls,dc=cbn>, <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: hdb_db_init: Initializing HDB database Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <dc=ls,dc=cbn>, <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: <cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <uid=syncrepl,ou=system,dc=ls,dc=cbn> Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: conn=-1 op=0 p=0 Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema> Nov 22 18:22:53 mgaauth1 slapd[12638]: matching_rule_use_init Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.804 (integerBitOrMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.803 (integerBitAndMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $ automountInformation $ suseNamingAttribute $ susePasswordHash $ suseSkelDir $ krbPrincipalName $ krbCanonicalName $ krbHostServer $ krbPrincipalAliases $ krbAllowedToDelegateTo ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $ automountInformation $ suseNamingAttribute $ susePasswordHash $ suseSkelDir $ krbPrincipalName $ krbCanonicalName $ krbHostServer $ krbPrincipalAliases $ krbAllowedToDelegateTo ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.39 (certificateListMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.38 (certificateListExactMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.35 (certificateMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.34 (certificateExactMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.30 (objectIdentifierFirstComponentMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.29 (integerFirstComponentMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.27 (generalizedTimeMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime $ krbPrincipalExpiration $ krbPasswordExpiration $ krbLastPwdChange $ krbLastSuccessfulAuth $ krbLastFailedAuth ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.24 (protocolInformationMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.23 (uniqueMemberMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.22 (presentationAddressMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.20 (telephoneNumberMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.17 (octetStringMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey $ pwdHistory $ nisPublicKey $ nisSecretKey $ krbPrincipalKey $ krbPwdHistory $ krbMKey $ krbExtraData ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.16 (bitStringMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.14 (integerMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbLoginFailedCount ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.13 (booleanMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $ olcDbNoUndefFilter $ olcAccessLogSuccess $ olcDDSstate $ olcMemberOfRefInt $ pwdReset $ olcPPolicyHashCleartext $ olcPPolicyForwardUpdates $ olcPPolicyUseLockout $ olcPcachePersist $ olcPcacheValidate $ olcPcacheOffline $ olcRetcodeInDir $ olcRwmNormalizeMapped $ olcRwmDropUnrequested $ olcSpNoPresent $ olcSpReloadHint $ olcTranslucentStrict $ olcTranslucentNoGlue $ olcTranslucentBindLocal $ olcTranslucentPwModLocal $ olcUniqueStrict $ suseImapUseSsl $ krbUPEnabled ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.11 (caseIgnoreListMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.8 (numericStringMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.7 (caseExactSubstringsMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.6 (caseExactOrderingMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.5 (caseExactMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin $ krbLdapServers $ krbPrincNamingAttr $ krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.4 (caseIgnoreSubstringsMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.3 (caseIgnoreOrderingMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.2 (caseIgnoreMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin $ krbLdapServers $ krbPrincNamingAttr $ krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.36.79672281.1.13.3 (rdnMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.1 (distinguishedNameMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcRelay $ olcAccessLogDB $ memberOf $ olcMemberOfDN $ pwdPolicySubentry $ olcPPolicyDefault $ olcRefintNothing $ olcRefintModifiersName $ olcRetcodeParent $ olcUniqueBase $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect $ suseDefaultBase $ suseDefaultTemplate $ suseSecondaryGroup $ krbRealmReferences $ krbKdcServers $ krbPwdServers $ krbPrincipalReferences $ krbAdmServers $ krbPwdPolicyReference $ krbTicketPolicyReference $ krbSubTrees $ krbObjectReferences $ krbPrincContainerRef ) ) Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.0 (objectIdentifierMatch): Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd startup: initiated. Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting "cn=config" Nov 22 18:22:53 mgaauth1 slapd[12651]: config_back_db_open Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: conn=-1 op=0 p=0 Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting "dc=ls,dc=cbn" Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: "dc=ls,dc=cbn" Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: database "dc=ls,dc=cbn": dbenv_open(/var/lib/ldap). Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_monitor_db_open: monitoring disabled; configure monitor database to enable Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd starting Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrepl rid=002 Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: ndn: "dc=ls,dc=cbn" Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: oc: "(null)", at: "contextCSN" Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_dn2entry("dc=ls,dc=cbn") Nov 22 18:22:53 mgaauth1 slapd[12651]: => hdb_dn2id("dc=ls,dc=cbn") Nov 22 18:22:53 mgaauth1 slapd[12651]: <= hdb_dn2id: got id=0x1 Nov 22 18:22:53 mgaauth1 slapd[12651]: entry_decode: "" Nov 22 18:22:53 mgaauth1 slapd[12651]: <= entry_decode() Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_entry_get: rc=0 Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrep2 rid=002 Nov 22 18:22:53 mgaauth1 slapd[12651]: do_syncrep2: rid=002 LDAP_RES_SEARCH_RESULT Nov 22 18:22:54 mgaauth1 slapd[12651]: slap_listener_activate(7): Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> slap_listener(ldap://) Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 ACCEPT from IP=127.0.0.1:33205 (IP=0.0.0.0:389) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for input on id=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x60, time 1290471774 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 do_bind Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <> Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <> Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 BIND dn="" method=128 Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: version=3 dn="" method=128 Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 op=0 p=3 Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=1 tag=97 err=0 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 RESULT tag=97 err=0 text= Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: v3 anonymous bind Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for input on id=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x63, time 1290471774 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 do_search Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <> Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <> Nov 22 18:22:54 mgaauth1 slapd[12651]: SRCH "" 0 0 Nov 22 18:22:54 mgaauth1 slapd[12651]: 0 0 0 Nov 22 18:22:54 mgaauth1 slapd[12651]: filter: (objectClass=*) Nov 22 18:22:54 mgaauth1 slapd[12651]: attrs: Nov 22 18:22:54 mgaauth1 slapd[12651]: Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Nov 22 18:22:54 mgaauth1 slapd[12651]: => send_search_entry: conn 1000 dn="" Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 ENTRY dn="" Nov 22 18:22:54 mgaauth1 slapd[12651]: <= send_search_entry: conn 1000 exit. Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 op=1 p=3 Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0 matched="" text="" Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=2 tag=101 err=0 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got connid=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking for input on id=1000 Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x42, time 1290471774 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 do_unbind Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 UNBIND Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_close: conn=1000 sd=13 Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 closed Any idea what could be going on? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752
13 years, 11 months
0
0
errors when trying to modify olcAttributeTypes
by Alexander 'Leo' Bergolth
Hi! I'd like to slightly change the attribute definition of olcDbConfig by modifying olcAttributeTypes in cn=schema,cn=config with openldap-2.4.16. I tried to apply the modification using two different ways, both failing with different errors: 1) Delete the old attribute value and adding the new one: --------------------------------------------------------- $ ldapmodify -xvW -h bach-s49 -D cn=Manager,cn=config -f cn-schema-olcAttributeTypes-add-del.ldif ldap_initialize( ldap://bach-s49 ) Enter LDAP Password: delete olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' ) add olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String EQUALITY CaseExactIA5Match X-ORDERED 'VALUES' ) modifying entry "cn=schema,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional info: olcAttributeTypes: Duplicate attributeType: "" Apache DirectoryStudio shows a little bit more info: #!ERROR [LDAP: error code 80 - olcAttributeTypes: Duplicate attributeType: "?? 6.1.4.1.4203.1.12.2.3.2.1.3"] dn: cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF IG configuration directives' EQUALITY caseExactIA5Match SYNTAX OMsIA5String X -ORDERED 'VALUES' ) - delete: olcAttributeTypes olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF IG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' ) - 2) Replace all olcAttributeTypes-attributes: -------------------------------------------- $ ldapmodify -xvW -h bach-s49 -D cn=Manager,cn=config -f cn-schema-olcAttributeTypes-repl.ldif ldap_initialize( ldap://bach-s49 ) Enter LDAP Password: replace olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: structural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change sequence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syncrepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the largest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation ) ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation ) ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation ) ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4512: features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'monitor context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'config context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administrative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE directoryOperation ) ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtree specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE directoryOperation ) ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT structure rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation ) ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation ) ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation ) ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation ) ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation ) ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation ) ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation ) ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation ) ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL entry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RFC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation ) ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common name(s) for which the entity is known by' SUP name ) ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related object' SUP distinguishedName ) ( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control List' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check ACLs against content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' ) ( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' ) ( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX OMsDN SINGLE-VALUE ) ( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI ) ( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' ) ( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI SINGLE-VALUE ) ( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' ) ( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE ) ( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE ) ( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY distinguishedNameMatch SYNTAX OMsDN ) ( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX OMsDirectoryString ) ( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN SINGLE-VALUE ) ( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI EQUALITY caseIgnoreMatch ) ( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE ) ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'monitored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monitor managed info' SUP name ) ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'monitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAddress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAddress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'name of overlays defined for a given database' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/write status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DESC 'name of restricted operation for a given database' SUP managedInfo ) ( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtocol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsReceived' DESC 'monitor number of operations received by the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExecuting' DESC 'monitor number of operations in execution within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPending' DESC 'monitor number of pending operations within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCompleted' DESC 'monitor number of operations completed within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' DESC 'number of times connection_get() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' DESC 'number of times connection_read() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' DESC 'number of times connection_write() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListener' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDomain' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartTime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivityTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC 'TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE dSAOperation ) ( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' DESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) ( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number of extra entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry cache size in entries' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database checkpoint interval in kbytes and minutes' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable database checksum validation' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname of file containing the DB encryption key' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB encryption key' SYNTAX OMsOctetString SINGLE-VALUE ) ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' ) ( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable synchronous database writes' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString ) ( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN cache size' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL cache size in IDLs' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute index parameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index attributes one at a time' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock detection algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix permissions of database files' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth of search stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for shared memory region' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgOvAt:3.2 NAME 'olcChainCacheURI' DESC 'Enables caching of URIs not present in configuration' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgOvAt:3.3 NAME 'olcChainMaxReferralDepth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgOvAt:3.4 NAME 'olcChainReturnError' DESC 'Errors are returned instead of the original referral' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:0.14 NAME 'olcDbURI' DESC 'URI (list) for remote DSA' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.1 NAME 'olcDbStartTLS' DESC 'StartTLS' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.2 NAME 'olcDbACLAuthcDn' DESC 'Remote ACL administrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VALUE ) ( OLcfgDbAt:3.3 NAME 'olcDbACLPasswd' DESC 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.4 NAME 'olcDbACLBind' DESC 'Remote ACL administrative identity auth bind configuration' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.5 NAME 'olcDbIDAssertAuthcDn' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VALUE ) ( OLcfgDbAt:3.6 NAME 'olcDbIDAssertPasswd' DESC 'Remote Identity Assertion administrative identity credentials' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.7 NAME 'olcDbIDAssertBind' DESC 'Remote Identity Assertion administrative identity auth bind configuration' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.8 NAME 'olcDbIDAssertMode' DESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.9 NAME 'olcDbIDAssertAuthzFrom' DESC 'Remote Identity Assertion authz rules' SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) ( OLcfgDbAt:3.10 NAME 'olcDbRebindAsUser' DESC 'Rebind as user' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:3.11 NAME 'olcDbChaseReferrals' DESC 'Chase referrals' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:3.12 NAME 'olcDbTFSupport' DESC 'Absolute filters support' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.13 NAME 'olcDbProxyWhoAmI' DESC 'Proxy whoAmI exop' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:3.14 NAME 'olcDbTimeout' DESC 'Per-operation timeouts' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.15 NAME 'olcDbIdleTimeout' DESC 'connection idle timeout' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.16 NAME 'olcDbConnTtl' DESC 'connection ttl' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.17 NAME 'olcDbNetworkTimeout' DESC 'connection network timeout' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.18 NAME 'olcDbProtocolVersion' DESC 'protocol version' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:3.19 NAME 'olcDbSingleConn' DESC 'cache a single connection per identity' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:3.20 NAME 'olcDbCancel' DESC 'abandon/ignore/exop operations when appropriate' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.21 NAME 'olcDbQuarantine' DESC 'Quarantine database if connection fails and retry according to rule' SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:3.22 NAME 'olcDbUseTemporaryConn' DESC 'Use temporary connections if the cached one is busy' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:3.23 NAME 'olcDbConnectionPoolMax' DESC 'Max size of privileged connections pool' SYNTAX OMsInteger SINGLE-VALUE ) ( OLcfgDbAt:3.25 NAME 'olcDbNoRefs' DESC 'Do not return search reference responses' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:3.26 NAME 'olcDbNoUndefFilter' DESC 'Do not propagate undefined search filters' SYNTAX OMsBoolean SINGLE-VALUE ) ( OLcfgDbAt:5.1 NAME 'olcRelay' DESC 'Relay DN' SYNTAX OMsDN SINGLE-VALUE ) ( OLcfgDbAt:7.1 NAME 'olcDbSocketPath' DESC 'Pathname for Unix domain socket' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE-VALUE ) ( OLcfgDbAt:7.2 NAME 'olcDbSocketExtensions' DESC 'binddn, peername, or ssf' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) ( olmBDBAttributes:1 NAME 'olmBDBEntryCache' DESC 'Number of items in Entry Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( olmBDBAttributes:2 NAME 'olmBDBDNCache' DESC 'Number of items in DN Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( olmBDBAttributes:3 NAME 'olmBDBIDLCache' DESC 'Number of items in IDL Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) ( olmBDBAttributes:4 NAME 'olmDbDirectory' DESC 'Path name of the directory where the database environment resides' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) modifying entry "cn=schema,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) The corresponding ldif-files and the original cn=schema,cn=config entry can be found at
http://leo.kloburg.at/tmp/openldap-olcattributetypes/
Any hints? Thanks, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
15 years, 2 months
0
0
← Previous
1
...
76
77
78
79
80
Next →
Jump to page:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
Results per page:
10
25
50
100
200