openldap-technical search results for query "starttls"

openldap-technical@openldap.org

800 messages

Re: CSN too old, ignoring - and therefore not syncing

by Gavin Henry

Config? On 24/12/2008, Adrien Futschik <adrien.futschik(a)atosorigin.com> wrote: > I'm facing a similar problem. > I'm testing N-way multimaster replication with OpenLDAP 2.4.13. > > I'm able to successfully import data into an instance and have my two > masters to sync correctly but then when I try to add a new entry in one of > the two masters, I'm getting strange messages : > > let's say we have m1 & m2 (m1 & m2 are on the same server): > I initial import data into m1, it is successfully imported into m2 (at least > it looks like it). > Then I'm trying to add an entry on m2 > (cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr). I'm > getting strange message on m1 & m2 : > > m1 log :(repetitively) > [...] > Entry ou=administrateurs,o=gazdefrance,c=fr CSN > 20081224125950.481561Z#000000#001#000000 older or equal to ctx > 20081224125950.481561Z#000000#001#000000 > Entry cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > changed by peer, ignored > syncprov_search_response: > cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 > do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT > [...] > > > m2 log : (repetitively) > [...] > master where I added an entry : > do_syncrep2: rid=004 LDAP_RES_INTERMEDIATE - SYNC_ID_SET > do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT > do_syncrep2: > cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 > [...] > > Is this a bug ? Am-I doing something wrong ? > > If I add the same entry to m1 and not m2 I get the following messages : > > on m2 : > syncrepl_entry: rid=004 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) > syncrepl_entry: rid=004 be_search (0) > syncrepl_entry: rid=004 > cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > <= bdb_equality_candidates: (entryCSN) not indexed > <= bdb_inequality_candidates: (entryCSN) not indexed > <= bdb_inequality_candidates: (entryCSN) not indexed > syncprov_search_response: > cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 > syncrepl_entry: rid=004 be_add (0) > do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT > do_syncrep2: > cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 > <= bdb_inequality_candidates: (entryCSN) not indexed > nonpresent_callback: rid=004 present UUID > 96268508-6609-102d-9d8e-9742e72db399, dn c=fr > nonpresent_callback: rid=004 present UUID > 962af700-6609-102d-9d8f-9742e72db399, dn o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962bd698-6609-102d-9d90-9742e72db399, dn ou=personnes,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962c00b4-6609-102d-9d91-9742e72db399, dn ou=appli,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962c2634-6609-102d-9d92-9742e72db399, dn ou=groupes,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962ca492-6609-102d-9d93-9742e72db399, dn ou=administrateurs,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962cce90-6609-102d-9d94-9742e72db399, dn o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962d7138-6609-102d-9d95-9742e72db399, dn ou=personnes,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962d96f4-6609-102d-9d96-9742e72db399, dn ou=appli,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962deafa-6609-102d-9d97-9742e72db399, dn ou=groupes,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962ef026-6609-102d-9d98-9742e72db399, dn ou=administrateurs,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962f156a-6609-102d-9d99-9742e72db399, dn o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 962fca8c-6609-102d-9d9a-9742e72db399, dn ou=personnes,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 962fef76-6609-102d-9d9b-9742e72db399, dn ou=appli,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 9630106e-6609-102d-9d9c-9742e72db399, dn ou=groupes,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 9630bfa0-6609-102d-9d9d-9742e72db399, dn > ou=administrateurs,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > ae0e93d6-6609-102d-9d9e-9742e72db399, dn > cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > slap_queue_csn: queing 0x843fef0 20081224132238.790862Z#000000#001#000000 > slap_graduate_commit_csn: removing 0x83d6410 > 20081224132238.790862Z#000000#001#000000 > > on m1 : > slap_queue_csn: queing 0x1df3860 20081224132238.790862Z#000000#001#000000 > slap_graduate_commit_csn: removing 0x9703700 > 20081224132238.790862Z#000000#001#000000 > <= bdb_equality_candidates: (entryCSN) not indexed > <= bdb_inequality_candidates: (entryCSN) not indexed > Entry ou=administrateurs,o=gazdefrance,c=fr CSN > 20081224132158.749532Z#000000#001#000000 older or equal to ctx > 20081224132158.749532Z#000000#001#000000 > syncprov_search_response: > cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 > do_syncrep2: rid=005 LDAP_RES_INTERMEDIATE - SYNC_ID_SET > do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT > do_syncrep2: > cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 > > Here is the entry I'm adding : > > dn: cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf, c=fr > objectclass: top > objectclass: person > objectclass: organizationalPerson > objectclass: inetorgPerson > objectclass: ditPerson > cn: adrien-externe.futschik(a)edfgdf.fr > sn: Futschik > givenName: Adrien > uid: adrien-externe.futschik(a)edfgdf.fr > mail: adrien-externe.futschik(a)edfgdf.fr > telephonenumber: 0123456789 > userpassword: {SSHA}GuU6CMRoOxp9EA1ANafzuRUXADKlBA0r > allowedServices: appli20 > > pretty simple isn't it ? What's going wrong ? > > Adrien > > ======================================== > Message date : Dec 23 2008, 07:39 PM > From : "Gavin Henry" <gavin.henry(a)gmail.com> > To : openldap-technical(a)openldap.org > Copy to : > Subject : Fwd: CSN too old, ignoring - and therefore not syncing > > ---------- Forwarded message ---------- > From: Pat Riehecky <prieheck(a)iwu.edu> > Date: Tue, 23 Dec 2008 12:34:33 -0600 > Subject: Re: CSN too old, ignoring - and therefore not syncing > To: Gavin Henry <gavin.henry(a)gmail.com> > > On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: > > Where did you read that those were needed anyway? If it was the admin > > guide then I need to fix it ;-) > > > > Gavin. > > I have no idea where I found those at... I know it wasn't the (recent) > admin guide. It may have been from around the 2.4.8 release, but that > is long gone... > > Pat > > > > > On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: > > >> Try dropping nopresent and reloadhint relating to ITS5669. You only > > >> need these two syncprov settings on an accesslog db. > > >> > > >> Gavin. > > > > > > Thanks, that did the job! > > > > > > Pat > > > > > >> > > >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: > > >> >> Can you post your config somewhere? > > >> > > > >> > > > >> > allow bind_v2 > > >> > > > >> > include /etc/ldap/schema/core.schema > > >> > include /etc/ldap/schema/cosine.schema > > >> > include /etc/ldap/schema/nis.schema > > >> > include /etc/ldap/schema/inetorgperson.schema > > >> > include /etc/ldap/schema/samba.schema > > >> > include /etc/ldap/schema/eduperson-200412.schema > > >> > include /etc/ldap/schema/hdb.schema > > >> > include /etc/ldap/schema/IWU.schema > > >> > > > >> > pidfile /var/run/slapd/slapd.pid > > >> > argsfile /var/run/slapd/slapd.args > > >> > > > >> > modulepath /usr/lib/ldap > > >> > moduleload back_hdb > > >> > moduleload back_monitor > > >> > moduleload memberof > > >> > moduleload syncprov > > >> > moduleload smbk5pwd > > >> > > > >> > tool-threads 2 > > >> > sizelimit 500 > > >> > idletimeout 7200 > > >> > > > >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt > > >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt > > >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key > > >> > TLSVerifyClient allow > > >> > > > >> > localSSF 160 > > >> > security ssf=1 update_ssf=128 simple_bind=112 > > >> > sasl-secprops noanonymous > > >> > > > >> > access to dn.base="" by * read > > >> > access to dn.base="cn=Subschema" by * read > > >> > > > >> > backend hdb > > >> > database hdb > > >> > > > >> > overlay memberof > > >> > overlay smbk5pwd > > >> > overlay syncprov > > >> > > > >> > smbk5pwd-enable samba > > >> > smbk5pwd-enable krb5 > > >> > smbk5pwd-must-change 0 > > >> > > > >> > syncprov-checkpoint 100 10 > > >> > syncprov-sessionlog 200 > > >> > syncprov-nopresent TRUE > > >> > syncprov-reloadhint TRUE > > >> > > > >> > suffix "dc=iwu,dc=edu" > > >> > > > >> > rootdn "cn=admin,dc=iwu,dc=edu" > > >> > rootpw {redacted} > > >> > > > >> > authz-regexp "uidNumber=0\\\ > > >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" > > >> > "cn=ldapi,dc=iwu,dc=edu" > > >> > authz-regexp "gidNumber=.*\\\ > > >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" > > >> > "cn=ldapi,dc=iwu,dc=edu" > > >> > > > >> > authz-regexp "uid=(.+),cn=.+,cn=auth" > "uid=$1,ou=People,dc=iwu,dc=edu" > > >> > > > >> > directory "/var/lib/ldap/" > > >> > > > >> > dbconfig set_cachesize 0 62914560 0 > > >> > dbconfig set_lk_max_objects 1500 > > >> > dbconfig set_lk_max_locks 1500 > > >> > dbconfig set_lk_max_lockers 1500 > > >> > > > >> > # Make sure to do a nightly slapcat > > >> > dbconfig set_flags DB_LOG_AUTOREMOVE > > >> > > > >> > index objectClass eq,pres > > >> > index default eq,sub,pres > > >> > index mail eq,sub,pres > > >> > index sn eq,sub,pres > > >> > index cn eq,sub,pres > > >> > index displayName eq,sub,pres > > >> > index gecos eq,sub,pres > > >> > index uid eq,sub,pres > > >> > index memberUid eq,sub,pres > > >> > index uidNumber eq,pres > > >> > index gidNumber eq,pres > > >> > index entryCSN eq,pres > > >> > index entryUUID eq,pres > > >> > index uniqueMember eq,pres > > >> > index userPassword eq,pres > > >> > index krb5PrincipalName eq,pres > > >> > index krb5PrincipalRealm eq,pres > > >> > index sambaDomainName eq,pres > > >> > index sambaSID eq,pres > > >> > index sambaPrimaryGroupSID eq,pres > > >> > index sambaSIDList eq,pres > > >> > > > >> > lastmod on > > >> > > > >> > checkpoint 256 15 > > >> > > > >> > password-hash {SSHA} > > >> > > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write > > >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write > > >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read > > >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key > > >> > by anonymous auth > > >> > by self write > > >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write > > >> > by users auth > > >> > by * break > > >> > > > >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none > > >> > > > >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read > by * > > >> > none > > >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none > > >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none > > >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self > read > > >> > by * none > > >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by > self > > >> > read by * none > > >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read > by * > > >> > none > > >> > > > >> > access to > > >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by > self > > >> > read by * none > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName > > >> > by self write > > >> > by users read > > >> > by anonymous none > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber > > >> > by self read > > >> > by anonymous none > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid > > >> > by * none > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength > > >> > by self read > > >> > by anonymous none > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" by * read > > >> > > > >> > serverID 1 > > >> > > > >> > syncrepl rid=2 > > >> > provider=ldap://ldap2.iwu.edu/ > > >> > schemachecking=off > > >> > searchbase="dc=iwu,dc=edu" > > >> > scope=sub > > >> > type=refreshAndPersist > > >> > binddn="cn=mirror,dc=iwu,dc=edu" > > >> > credentials={redacted} > > >> > bindmethod=simple > > >> > starttls=yes > > >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt > > >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key > > >> > tls_cacert=/etc/ldap/ssl/IWU.crt > > >> > tls_reqcert=try > > >> > interval=00:00:00:30 > > >> > retry="15 +" > > >> > timeout=1 > > >> > timelimit=unlimited > > >> > sizelimit=unlimited > > >> > > > >> > mirrormode on > > >> > > > >> > ############################### > > >> > database monitor > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > > > >> > access to dn.exact="cn=Monitor" > > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > > >> > by * none > > >> > > > >> > access to dn.subtree="cn=Monitor" > > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > > >> > by * none > > >> > > > >> > > > >> >> > > >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > >> >> > Here is the quick and dirty what I am trying to do: > > >> >> > > > >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time > > >> >> > synced > > >> >> > to pool.ntp.org and each other (if they drift I would rather they > > >> >> > sorta > > >> >> > drift together, but pool should be keeping that in check). > > >> >> > > > >> >> > Right now I am just beating them up to see how 2.4.13 performs. > (So > > >> >> > far > > >> >> > VERY well, minus this little problem) > > >> >> > > > >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm > > >> >> > starting small). Debug gives me > > >> >> > > > >> >> > ber_scanf fmt (m}) ber: > > >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 > > >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 > > >> >> > 30 .<rid=001,sid=00 > > >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 > > >> >> > 2,csn=2008122217 > > >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 > > >> >> > 4721.855904Z#000 > > >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 > > >> >> > 000#001#000000 > > >> >> > do_syncrep2: > > >> >> > > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 > > >> >> > do_syncrep2: rid=001 CSN too old, ignoring > > >> >> > 20081222174721.855904Z#000000#001#000000 > > >> >> > ldap_msgfree > > >> >> > > > >> >> > I am not exactly sure how it gotten to be "too old." The ldif I > am > > >> >> > importing is not the result of a slapcat or anything that would > > >> >> > preserve > > >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am > > >> >> > loading > > >> >> > one single file with ldapadd which, in my understanding, sets up > the > > >> >> > CSN > > >> >> > and wouldn't let me import one anyway. > > >> >> > > > >> >> > Each server has no entries until I load the one, so there > shouldn't > > >> >> > be > > >> >> > any weird stale CSNs causing this. They are "sync'ed" almost > > >> >> > instantly > > >> >> > after the one system is loaded - I just don't have everything. > > >> >> > > > >> >> > After a sync: > > >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 > > >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 > > >> >> > > > >> >> > Right now I can get them in sync with a slapcat/slapadd, but when > the > > >> >> > go > > >> >> > into production I wont be able to say for certain which one is > > >> >> > authoritative. That is the purpose of multi-master.... > > >> >> > > > >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux > 32 > > >> >> > bit > > >> >> > > > >> >> > Any ideas as to what I can do to stop this from happening? > > >> >> > > > >> >> > Pat > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > >> > > > >> > > > >> > > > > > > > > > > > -- > Sent from my mobile device > > http://www.suretecsystems.com/services/openldap/ > > > > > Adrien Futschik > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/

15 years, 11 months

Re: TLS issue (again)

by Rich Megginson

On 01/04/2012 07:32 AM, Olivier wrote: > I had to renew my openssl certificates and now my ldap tls negociation > doesn't work anymore : Please describe the exact steps you used to "renew" your certificates, update files, etc. Did you use the exact same CA? Is this a self-signed CA + ssl server cert? > $ ldapsearch -ZZ -D uid=guillard,ou=staff,ou=people,dc=example,dc=fr > -W uid=guillard -h ldap2.th3.example.fr > ldap_start_tls: Connect error (-11) > additional info: TLS error -8172:Unknown code ___f 20 > > Here are the server configuration relevant directives : > > olcTLSCACertificateFile /etc/openldap/cacerts/CA.crt > olcTLSCertificateFile /etc/openldap/cacerts/server.crt > olcTLSCertificateKeyFile /etc/openldap/cacerts/server.key > olcTLSCipherSuite HIGH > > ( see at the very end of this mail : these certificates are correct since I have > successfully proceed to openssl connexion tests). > > and here are logs collected on the server side when receiving ldapsearch > request : > > daemon: activity on 1 descriptor > daemon: activity on: > slap_listener_activate(7): > daemon: epoll: listen=7 busy >>>> slap_listener(ldap://ldap2.th3.example.fr:389) > daemon: listen=7, new connection on 15 > daemon: added 15r (active) listener=(nil) > conn=1003 fd=15 ACCEPT from IP=10.10.86.93:41013 (IP=10.1.92.25:389) > daemon: activity on 2 descriptors > daemon: activity on: 15r > daemon: read active on 15 > daemon: epoll: listen=7 active_threads=0 tvp=zero > connection_get(15) > connection_get(15): got connid=1003 > connection_read(15): checking for input on id=1003 > ber_get_next > ldap_read: want=8, got=8 > 0000: 30 1d 02 01 01 77 18 80 0....w.. > ldap_read: want=23, got=23 > 0000: 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 36 .1.3.6.1.4.1.146 > 0010: 36 2e 32 30 30 33 37 6.20037 > ber_get_next: tag 0x30 len 29 contents: > ber_dump: buf=0x7f272017aa70 ptr=0x7f272017aa70 end=0x7f272017aa8d len=29 > 0000: 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 ...w...1.3.6.1.4 > 0010: 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .1.1466.20037 > op tag 0x77, time 1325683329 > ber_get_next > ldap_read: want=8 error=Resource temporarily unavailable > conn=1003 op=0 do_extended > ber_scanf fmt ({m) ber: > ber_dump: buf=0x7f272017aa70 ptr=0x7f272017aa73 end=0x7f272017aa8d len=26 > 0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. > 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037 > conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037 > do_extended: oid=1.3.6.1.4.1.1466.20037 > conn=1003 op=0 STARTTLS > send_ldap_extended: err=0 oid= len=0 > send_ldap_response: msgid=1 tag=120 err=0 > ber_flush2: 14 bytes to sd 15 > 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ > ldap_write: want=14, written=14 > 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ > conn=1003 op=0 RESULT oid= err=0 text= > daemon: activity on 1 descriptor > daemon: activity on: > daemon: epoll: listen=7 active_threads=0 tvp=zero > daemon: activity on 1 descriptor > daemon: activity on: 15r > daemon: read active on 15 > daemon: epoll: listen=7 active_threads=0 tvp=zero > connection_get(15) > connection_get(15): got connid=1003 > connection_read(15): checking for input on id=1003 > tls_read: want=3, got=3 > 0000: 80 3a 01 .:. > tls_read: want=57, got=57 > 0000: 03 01 00 21 00 00 00 10 00 00 35 00 00 04 00 00 ...!......5..... > 0010: 05 00 00 2f 00 00 0a 00 00 09 00 00 64 00 00 62 .../........d..b > 0020: 00 00 03 00 00 06 00 00 ff 70 1e 75 15 46 04 b3 .........p.u.F.. > 0030: 16 ed d1 87 1c 77 58 06 48 .....wX.H > tls_write: want=2157, written=2157 > 0000: 16 03 01 08 68 02 00 00 4d 03 01 4f 04 52 81 3c ....h...M..O.R.< > 0010: c6 b8 b6 8a d8 4a 75 83 a7 fc 09 13 2c c8 d4 d4 .....Ju.....,... > 0020: ce e7 12 73 80 bc 42 f6 f2 05 de 20 6c db 35 d1 ...s..B.... l.5. > 0030: e0 2b bb 93 a4 c2 8c 82 df 51 58 0a 93 e6 c9 ff .+.......QX..... > 0040: 10 0d 92 08 6c 96 3e f8 92 aa d8 83 00 35 00 00 ....l.>......5.. > 0050: 05 ff 01 00 01 00 0b 00 06 d3 00 06 d0 00 02 e3 ................ > 0060: 30 82 02 df 30 82 01 c7 02 09 00 a6 1d 1f 28 63 0...0.........(c > 0070: 5e 6a 57 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 ^jW0...*.H...... > 0080: 05 00 30 81 87 31 0b 30 09 06 03 55 04 06 13 02 ..0..1.0...U.... > 0090: 66 72 31 0f 30 0d 06 03 55 04 08 0c 06 66 72 61 fr1.0...U....fra > 00a0: 6e 63 65 31 11 30 0f 06 03 55 04 07 0c 08 6d 6f nce1.0...U....mo > 00b0: 6e 74 69 67 6e 79 31 0e 30 0c 06 03 55 04 0a 0c ntigny1.0...U... > 00c0: 05 61 66 6e 69 63 31 0d 30 0b 06 03 55 04 0b 0c .example1.0...U... > 00d0: 04 6c 64 61 70 31 0d 30 0b 06 03 55 04 03 0c 04 .ldap1.0...U.... > 00e0: 6c 64 61 70 31 26 30 24 06 09 2a 86 48 86 f7 0d ldap1&0$..*.H... > 00f0: 01 09 01 16 17 6f 6c 69 76 69 65 72 2e 67 75 69 .....olivier.gui > 0100: 6c 6c 61 72 64 40 6e 69 63 2e 66 72 30 1e 17 0d > llard(a)example.fr0... > 0110: 31 31 31 32 32 39 31 35 33 39 35 38 5a 17 0d 32 111229153958Z..2 > 0120: 31 30 37 32 39 31 35 33 39 35 38 5a 30 81 a2 31 10729153958Z0..1 > 0130: 0b 30 09 06 03 55 04 06 13 02 66 72 31 0f 30 0d .0...U....fr1.0. > 0140: 06 03 55 04 08 0c 06 66 72 61 6e 63 65 31 11 30 ..U....france1.0 > 0150: 0f 06 03 55 04 07 0c 08 6d 6f 6e 74 69 67 6e 79 ...U....myplace > 0160: 31 0e 30 0c 06 03 55 04 0a 0c 05 61 66 6e 69 63 1.0...U....example > 0170: 31 0d 30 0b 06 03 55 04 0b 0c 04 6c 64 61 70 31 1.0...U....ldap1 > 0180: 28 30 26 06 03 55 04 03 0c 1f 6c 64 61 70 32 2e (0&..U....ldap2. > 0190: 64 61 74 61 62 61 73 65 2e 70 72 69 76 65 2e 74 t > 01a0: 68 33 2e 6e 69 63 2e 66 72 31 26 30 24 06 09 2a > h3.example.fr1&0$..* > 01b0: 86 48 86 f7 0d 01 09 01 16 17 4f 6c 69 76 69 65 .H........Olivie > 01c0: 72 2e 47 75 69 6c 6c 61 72 64 40 6e 69 63 2e 66 > r.Guillard(a)example.f > 01d0: 72 30 5c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 r0\0...*.H...... > 01e0: 05 00 03 4b 00 30 48 02 41 00 bf 72 68 cc 54 9d ...K.0H.A..rh.T. > 01f0: 10 d3 8b c0 4a 1b 5c 90 d6 03 7a 41 5e 05 6f 8d ....J.\...zA^.o. > 0200: cc 2d 61 31 7b 94 0f c2 f7 c1 51 8a 4f d5 59 89 .-a1{.....Q.O.Y. > 0210: 51 79 87 3f fa c3 5f af 30 8c 87 f8 ca be bb 0b Qy.?.._.0....... > 0220: 28 8c d5 4a 3a 73 b5 a9 e3 d9 02 03 01 00 01 30 (..J:s.........0 > 0230: 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82 ...*.H.......... > 0240: 01 01 00 c0 3c 2a 0a d4 af 13 24 b5 2a 2b e3 cd ....<*....$.*+.. > 0250: 0f 57 f6 86 99 e1 ae ba d7 b2 87 4e 02 a6 d6 a3 .W.........N.... > 0260: 7d 9f 7b 89 03 61 ac b6 40 9e 93 ca 8d 3a d4 95 }.{..a..@....:.. > 0270: 7a 48 e2 9a 01 2f ed 3d 2b c3 96 41 c0 58 39 cf zH.../.=+..A.X9. > 0280: 52 a2 db 08 78 85 c4 85 17 08 d8 11 62 60 8e d0 R...x.......b`.. > 0290: b5 61 71 fe 83 d5 94 9d f2 42 1d b5 56 bd fa 67 .aq......B..V..g > 02a0: db 8e bf 09 af ef e3 b0 c8 0a f1 38 8b bf 59 75 ...........8..Yu > 02b0: 6a 21 01 c0 0b 8c cf 87 20 d2 2f d9 89 a0 37 11 j!...... ./...7. > 02c0: a0 62 6a a1 32 4b ff e4 cf 30 4c 8f 8e ef d2 51 .bj.2K...0L....Q > 02d0: ec cc d1 fc 21 43 58 5e 09 40 8b bf ca bb fc 4f ....!CX^.@.....O > 02e0: d1 d4 e9 cf 80 8f b1 af 72 d0 ff c1 d7 52 f3 4b ........r....R.K > 02f0: e3 85 69 ef e9 36 6e 4d 54 13 d2 bd 3b 93 ad ed ..i..6nMT...;... > 0300: 6e 36 cc 4f e6 b9 c5 01 1e 86 c8 88 aa de a6 7b n6.O...........{ > 0310: c1 99 9a 3f c5 69 9e af e0 94 6e ba 51 5b ec 2a ...?.i....n.Q[.* > 0320: 2c aa 09 ff 4a 27 15 96 ad 9f b0 5c f0 c4 9c 34 ,...J'.....\...4 > 0330: 53 32 03 1c d4 e2 dd b8 96 88 d2 5d b2 c6 e1 5e S2.........]...^ > 0340: 32 ba 81 00 03 e7 30 82 03 e3 30 82 02 cb a0 03 2.....0...0..... > 0350: 02 01 02 02 09 00 a1 67 1e 44 66 c6 f6 59 30 0d .......g.Df..Y0. > 0360: 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 81 87 ..*.H........0.. > 0370: 31 0b 30 09 06 03 55 04 06 13 02 66 72 31 0f 30 1.0...U....fr1.0 > 0380: 0d 06 03 55 04 08 0c 06 66 72 61 6e 63 65 31 11 ...U....france1. > 0390: 30 0f 06 03 55 04 07 0c 08 6d 6f 6e 74 69 67 6e 0...U....montign > 03a0: 79 31 0e 30 0c 06 03 55 04 0a 0c 05 61 66 6e 69 y1.0...U....afni > 03b0: 63 31 0d 30 0b 06 03 55 04 0b 0c 04 6c 64 61 70 c1.0...U....ldap > 03c0: 31 0d 30 0b 06 03 55 04 03 0c 04 6c 64 61 70 31 1.0...U....ldap1 > 03d0: 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17&0$..*.H........ > 03e0: 6f 6c 69 76 69 65 72 2e 67 75 69 6c 6c 61 72 64 olivier.guillard > 03f0: 40 6e 69 63 2e 66 72 30 1e 17 0d 31 31 31 32 32 > @example.fr0...11122 > 0400: 39 31 34 31 33 35 35 5a 17 0d 33 31 31 32 32 34 9141355Z..311224 > 0410: 31 34 31 33 35 35 5a 30 81 87 31 0b 30 09 06 03 141355Z0..1.0... > 0420: 55 04 06 13 02 66 72 31 0f 30 0d 06 03 55 04 08 U....fr1.0...U.. > 0430: 0c 06 66 72 61 6e 63 65 31 11 30 0f 06 03 55 04 ..france1.0...U. > 0440: 07 0c 08 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c 06 ...myplace1.0.. > 0450: 03 55 04 0a 0c 05 61 66 6e 69 63 31 0d 30 0b 06 .U....example1.0.. > 0460: 03 55 04 0b 0c 04 6c 64 61 70 31 0d 30 0b 06 03 .U....ldap1.0... > 0470: 55 04 03 0c 04 6c 64 61 70 31 26 30 24 06 09 2a U....ldap1&0$..* > 0480: 86 48 86 f7 0d 01 09 01 16 17 6f 6c 69 76 69 65 .H........olivie > 0490: 72 2e 67 75 69 6c 6c 61 72 64 40 6e 69 63 2e 66 > r.guillard(a)example.f > 04a0: 72 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 r0.."0...*.H.... > 04b0: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 .........0...... > 04c0: 01 00 c8 90 e1 61 d2 28 38 aa 35 a9 21 5b f7 2b .....a.(8.5.![.+ > 04d0: f2 ed 04 5c 73 03 c5 f8 f9 97 5a 53 3b 39 bf aa ...\s.....ZS;9.. > 04e0: 20 b8 45 c1 92 2e 27 ea bf b1 78 57 f9 41 a3 b3 .E...'...xW.A.. > 04f0: 23 11 fc 8d 79 ea 21 a9 01 c0 ce 01 27 e6 0f a6 #...y.!.....'... > 0500: 13 8d 12 5c 72 bf ba 60 41 71 76 94 99 da 43 f7 ...\r..`Aqv...C. > 0510: e0 f9 b4 2f e7 25 7c 36 4f e9 4f dc 18 26 a9 7c .../.%|6O.O..&.| > 0520: ad 98 2a 9c 91 16 76 41 31 1e 5d dd 81 2a b9 38 ..*...vA1.]..*.8 > 0530: ec 91 5c 91 11 03 fb 14 7d 59 d5 49 6d 32 42 c7 ..\.....}Y.Im2B. > 0540: 66 73 58 b0 fb 02 b4 a0 4d 3e e3 3c ab ff 8c 42 fsX.....M>.<...B > 0550: 83 51 b5 51 b7 19 71 61 f8 39 5c b7 8d 1a 70 97 .Q.Q..qa.9\...p. > 0560: 69 5d e6 47 9e 7e ae ec 5c 7c be 73 7b d0 df df i].G.~..\|.s{... > 0570: a7 53 6d a8 d3 d3 f6 7e e6 2f 13 3e c5 80 e6 f2 .Sm....~./.>.... > 0580: fe 2a cc d4 1e 4d 3d 6a bc b0 a9 fa a5 51 12 31 .*...M=j.....Q.1 > 0590: 0e 41 2d 7a 8a 52 de 66 bd 3b 0c ef fa 9b fe 82 .A-z.R.f.;...... > 05a0: df ad 1c 7f d9 53 4b c0 db fe f3 e6 b9 3d ea 5d .....SK......=.] > 05b0: 66 7f fb 14 41 b5 0a e7 70 11 4e 5d 80 69 04 bd f...A...p.N].i.. > 05c0: 9e 97 02 03 01 00 01 a3 50 30 4e 30 1d 06 03 55 ........P0N0...U > 05d0: 1d 0e 04 16 04 14 24 05 af 2a 63 a4 0b 0f ae a4 ......$..*c..... > 05e0: e2 2c e9 13 40 5a 8b d7 a4 41 30 1f 06 03 55 1d .,..@Z...A0...U. > 05f0: 23 04 18 30 16 80 14 24 05 af 2a 63 a4 0b 0f ae #..0...$..*c.... > 0600: a4 e2 2c e9 13 40 5a 8b d7 a4 41 30 0c 06 03 55 ..,..@Z...A0...U > 0610: 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 ....0....0...*.H > 0620: 86 f7 0d 01 01 05 05 00 03 82 01 01 00 57 2d 0a .............W-. > 0630: d5 88 d0 98 2b 9e f9 d7 bc e6 82 08 65 25 d9 65 ....+.......e%.e > 0640: 84 98 e3 da a3 36 a1 6f 40 3b d0 d8 16 3d 48 06 .....6.o@;...=H. > 0650: 6c ee 99 fd b6 4c f3 3b 10 50 bb 71 97 6e 4d e0 l....L.;.P.q.nM. > 0660: 77 48 57 5b db d1 e6 ca c8 80 79 d0 f5 17 94 5d wHW[......y....] > 0670: 11 93 07 74 8b 5c 4b b1 ad 45 1f 5a 2c d9 6e e8 ...t.\K..E.Z,.n. > 0680: d4 7a e4 99 e7 ba 86 36 93 1d 4c 0e 9b 13 4d ef .z.....6..L...M. > 0690: 25 72 7b ae b0 f1 95 c0 17 dc 4a c0 ed 04 b5 54 %r{.......J....T > 06a0: 98 90 47 2f dc f0 1c 5a ca b0 2e 0d ee 58 14 e8 ..G/...Z.....X.. > 06b0: 2c d0 cd a8 d9 2c ae 2f 65 81 89 70 af f9 d8 01 ,....,./e..p.... > 06c0: 1b 14 ae 63 1d 90 af 3d 29 71 7d 74 4a e8 7a e5 ...c...=)q}tJ.z. > 06d0: ed a0 fb 9b ce 1d 5a e2 82 7e c4 bc 97 88 e7 06 ......Z..~...... > 06e0: 66 86 77 23 85 29 2c b1 28 72 8c af a5 51 96 b1 f.w#.),.(r...Q.. > 06f0: d5 dc 51 62 bd 2d e6 8f 4c 22 24 4e e1 c6 a3 64 ..Qb.-..L"$N...d > 0700: 40 fc e9 d8 6d b1 48 d8 80 10 3a 6a bc 35 06 d9 @...m.H...:j.5.. > 0710: 4c e8 4c e6 66 82 9d fd a9 a2 9f 3e 13 37 c0 52 L.L.f......>.7.R > 0720: 3f c3 15 e1 3e 9c 05 67 b2 11 0d 38 a4 0d 00 01 ?...>..g...8.... > 0730: 38 02 01 02 01 33 00 8a 30 81 87 31 0b 30 09 06 8....3..0..1.0.. > 0740: 03 55 04 06 13 02 66 72 31 0f 30 0d 06 03 55 04 .U....fr1.0...U. > 0750: 08 0c 06 66 72 61 6e 63 65 31 11 30 0f 06 03 55 ...france1.0...U > 0760: 04 07 0c 08 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c ....myplace1.0. > 0770: 06 03 55 04 0a 0c 05 61 66 6e 69 63 31 0d 30 0b ..U....example1.0. > 0780: 06 03 55 04 0b 0c 04 6c 64 61 70 31 0d 30 0b 06 ..U....ldap1.0.. > 0790: 03 55 04 03 0c 04 6c 64 61 70 31 26 30 24 06 09 .U....ldap1&0$.. > 07a0: 2a 86 48 86 f7 0d 01 09 01 16 17 6f 6c 69 76 69 *.H........olivi > 07b0: 65 72 2e 67 75 69 6c 6c 61 72 64 40 6e 69 63 2e > er.guillard@example. > 07c0: 66 72 00 a5 30 81 a2 31 0b 30 09 06 03 55 04 06 fr..0..1.0...U.. > 07d0: 13 02 66 72 31 0f 30 0d 06 03 55 04 08 0c 06 66 ..fr1.0...U....f > 07e0: 72 61 6e 63 65 31 11 30 0f 06 03 55 04 07 0c 08 rance1.0...U.... > 07f0: 6d 6f 6e 74 69 67 6e 79 31 0e 30 0c 06 03 55 04 myplace1.0...U. > 0800: 0a 0c 05 61 66 6e 69 63 31 0d 30 0b 06 03 55 04 ...example1.0...U. > 0810: 0b 0c 04 6c 64 61 70 31 28 30 26 06 03 55 04 03 ...ldap1(0&..U.. > 0820: 0c 1f 6c 64 61 70 32 2e 64 61 74 61 62 61 73 65 ..ldap2. > 0830: 2e 70 72 69 76 65 2e 74 68 33 2e 6e 69 63 2e 66 .th3.example.fr > 0840: 72 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 1&0$..*.H....... > 0850: 16 17 4f 6c 69 76 69 65 72 2e 47 75 69 6c 6c 61 .Olivier.Guilla > 0860: 72 64 40 6e 69 63 2e 66 72 0e 00 00 00 > rd(a)example.fr.... > tls_read: want=5 error=Resource temporarily unavailable > daemon: activity on 1 descriptor > daemon: activity on: > daemon: epoll: listen=7 active_threads=0 tvp=zero > daemon: activity on 1 descriptor > daemon: activity on: 15r > daemon: read active on 15 > daemon: epoll: listen=7 active_threads=0 tvp=zero > connection_get(15) > connection_get(15): got connid=1003 > connection_read(15): checking for input on id=1003 > tls_read: want=5, got=5 > 0000: 15 03 01 00 02 ..... > tls_read: want=2, got=2 > 0000: 02 30 .0 > TLS: error: accept - force handshake failure: errno 11 - moznss error -12195 > TLS: can't accept: TLS error -12195:Unknown code ___P 93. > connection_read(15): TLS accept failure error=-1 id=1003, closing > connection_closing: readying conn=1003 sd=15 for close > connection_close: conn=1003 sd=15 > daemon: removing 15 > conn=1003 fd=15 closed (TLS negotiation failure) > daemon: activity on 1 descriptor > daemon: activity on: > daemon: epoll: listen=7 active_threads=0 tvp=zero > ^Cdaemon: shutdown requested and initiated. > daemon: closing 7 > connection_closing: readying conn=1000 sd=13 for close > connection_close: conn=1000 sd=13 > daemon: removing 13 > conn=1000 fd=13 closed (slapd shutdown) > > > > As far as I can see it doesn't looks like > > [root@ldap2 cacerts]# openssl s_server -accept 5555 -key > /etc/openldap/cacerts/server.key -cert > /etc/openldap/cacerts/server.crt -state > Using default temp DH parameters > ACCEPT > SSL_accept:before/accept initialization > SSL_accept:SSLv3 read client hello A > SSL_accept:SSLv3 write server hello A > SSL_accept:SSLv3 write certificate A > SSL_accept:SSLv3 write key exchange A > SSL_accept:SSLv3 write server done A > SSL_accept:SSLv3 flush data > SSL_accept:SSLv3 read client key exchange A > SSL_accept:SSLv3 read finished A > SSL_accept:SSLv3 write session ticket A > SSL_accept:SSLv3 write change cipher spec A > SSL_accept:SSLv3 write finished A > SSL_accept:SSLv3 flush data > -----BEGIN SSL SESSION PARAMETERS----- > MFoCAQECAgMBBAIAOQQABDB88nXC0TcyHgrQcZ+51a/16Nw874VzV1cEEkOMwfSy > VCIJ8jOiylXmk2gHkAK7y6OhBgIETwRP56IEAgIBLKQGBAQBAAAAqwMEAQE= > -----END SSL SESSION PARAMETERS----- > Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-SHA:CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 > CIPHER is DHE-RSA-AES256-SHA > Secure Renegotiation IS supported > ERROR > shutting down SSL > CONNECTION CLOSED > ACCEPT > > [guillard@fouine ~]$ openssl s_client -CAfile > /etc/openldap/cacerts/CA.crt -connect ldap2.th3.example.fr:5555 > CONNECTED(00000003) > depth=1 C = fr, ST = france, L = myplace, O = example, OU = ldap, CN = > ldap, emailAddress = olivier.guillard(a)example.fr > verify return:1 > depth=0 C = fr, ST = france, L = myplace, O = example, OU = ldap, CN = > ldap2.th3.example.fr, emailAddress = Olivier.Guillard(a)example.fr > verify return:1 > --- > Certificate chain > 0 s:/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap2.th3.example.fr/emailAddress=Olivier.Guillard@example.fr > i:/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap/emailAddress=olivier.guillard@example.fr > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIC3zCCAccCCQCmHR8oY15qVzANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMC > ZnIxDzANBgNVBAgMBmZyYW5jZTERMA8GA1UEBwwIbW9udGlnbnkxDjAMBgNVBAoM > BWFmbmljMQ0wCwYDVQQLDARsZGFwMQ0wCwYDVQQDDARsZGFwMSYwJAYJKoZIhvcN > AQkBFhdvbG24KJJD7GJVBIYTIVHTFJCGFDHGFXGRFCYTDFYTDjkxNTM5NThaFw0y > MTA3MjkxNTM5NThaMIGiMQswCQYDVQQGEwJmcjEPMA0GA1UECAwGZnJhbmNlMREw > DwYDVQQHDAhtb250aWdueTEOMAwGA1UECgwFYWZuaWMxDTALBgNVBAsMBGxkYXAx > KDAmBgNVBAMMH2xkYXAyLmRhdGFiYXNlLnByaXZlLnRoMy5uaWMuZnIxJjAkBgkq > hkiG9w0BCQEWFNBIHGJ4UTFHGXCYTDCYXDYCYTFCUGCUTTFUYFUJKoZIhvcNAQEB > BQADSwAwSAJBAL9yaMxUnRDTi8BKG1yQ1gN6QV4Fb43MLWExe5QPwvfBUYpP1VmJ > UXmHP/rDX68wjIf4yr67CyiM1Uo6c7Wp49kCAwEAATANBgkqhkiG9w0BAQUFAAOC > AQEAwDwqCtSvEyS1KivjzQ9X9oaZ4a6617KHTgKm1qN9n3uJA2GstkCek8qNOtSV > ekjimgEv7T0rw5ZBwFg5z1Ki2wh4hcSFFwjYEWJgjtC1YXH+g9WUnfJCHbVWvfpn > 246NBVJHJHVJVJJKVJHVJHVJKHVJHVJHVJHVJHVJHVJHVJHVJHVJHVJHVJHV79JR > 7MzR/CFDWF4JQIu/yrv8T9HU6c+Aj7GvctD/wddS80vjhWnv6TZuTVQT0r07k63t > bjbMT+a5xQEehsiIqt6me8GZmj/FaZ6v4JRuulFb7Cosqgn/SicVlq2fsFzwxJw0 > UzIDHNTi3biWiNJdssbhXjK6gQ== > -----END CERTIFICATE----- > subject=/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap2.th3.example.fr/emailAddress=Olivier.Guillard(a)example.fr > issuer=/C=fr/ST=france/L=myplace/O=example/OU=ldap/CN=ldap/emailAddress=olivier.guillard(a)example.fr > --- > No client certificate CA names sent > --- > SSL handshake has read 1265 bytes and written 247 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 512 bit > Secure Renegotiation IS supported > Compression: zlib compression > Expansion: zlib compression > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: DBCDE5CD6EB4D7FF8C38DD1557CA90EDBEDDCB27600CFA4D1FD9D58388A11EBE > Session-ID-ctx: > Master-Key: > 7CF275C2D137321E0AD0719FB9D5AFF5E8DC3CEF857357570412438CC1F4B2542209F233A2CA55E69368079002BBCBA3 > Key-Arg : None > Krb5 Principal: None > PSK identity: None > PSK identity hint: None > TLS session ticket: > 0000 - c2 bb 20 23 85 0a cf b0-bc b2 6d cd 4b d2 32 0e .. #......m.K.2. > 0010 - 6f 51 29 7f 3a 44 c3 95-76 c2 c6 23 e5 8d 98 3c oQ).:D..v..#...< > 0020 - 7a b9 eb 6b 8e d1 c5 c4-57 74 26 34 4c db ec fe z..k....Wt&4L... > 0030 - a9 3b 77 12 fb 74 67 fb-57 f1 8f 2a 71 d3 a6 ae .;w..tg.W..*q... > 0040 - 17 48 9e bf 7d 94 1f c3-d4 02 6e 7f 27 07 f4 d6 .H..}.....n.'... > 0050 - 98 6f 24 6c f9 63 b7 4c-cd ce d8 85 e5 be 3e fd .o$l.c.L......>. > 0060 - 65 a2 1b 36 cc 26 76 3b-d3 f6 cf e1 f9 a7 c3 c2 e..6.&v;........ > 0070 - 2f fe 8f 3c 7c d1 0f 58-43 be d7 a5 64 69 04 91 /..<|..XC...di.. > 0080 - cb 68 08 82 fe 8d 9d 4e-1b 0f 96 27 59 5e d8 76 .h.....N...'Y^.v > 0090 - be 44 01 6d 53 2e 9e 67-22 07 35 d1 6f a4 80 e1 .D.mS..g".5.o... > > Compression: 1 (zlib compression) > Start Time: 1325682663 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > ^C >

12 years, 10 months

Re: TLS handshake failure

by Daniel Qian

On 11-08-09 2:45 PM, Rich Megginson wrote: > On 08/09/2011 12:43 PM, Daniel Qian wrote: >> On 11-08-09 2:12 PM, Rich Megginson wrote: >>> On 08/09/2011 11:59 AM, Daniel Qian wrote: >>>> On 11-08-09 12:55 PM, Rich Megginson wrote: >>>>> On 08/09/2011 10:15 AM, Daniel Qian wrote: >>>>>> On 11-08-09 11:21 AM, Rich Megginson wrote: >>>>>>> On 08/09/2011 09:07 AM, Daniel Qian wrote: >>>>>>>> On 11-08-09 10:49 AM, Rich Megginson wrote: >>>>>>>>> On 08/09/2011 08:33 AM, Daniel Qian wrote: >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I have slapd 2.4.24 and everything works without TLS. but if >>>>>>>>>> I add a -Z option to the ldapsearch command I get this: >>>>>>>>>> >>>>>>>>>> [root@ldaprov1 cacerts]# ldapsearch -x -LLL -b cn=config -D >>>>>>>>>> cn=admin,cn=config -wxxxxxxx -Z -H ldap://ldaprov1.prod >>>>>>>>>> cn=config >>>>>>>>>> ldap_start_tls: Connect error (-11) >>>>>>>>>> ldap_result: Can't contact LDAP server (-1) >>>>>>>>>> >>>>>>>>>> slapd.log shows something like this : connection_read(16): >>>>>>>>>> TLS accept failure error=-1 id=1006, closing >>>>>>>>>> >>>>>>>>>> Output from openssl debug: >>>>>>>>>> >>>>>>>>>> [root@ldaprov1 cacerts]# openssl s_client -connect >>>>>>>>>> hostname:389 -showcerts -state -CAfile cacert.pem >>>>>>>>>> CONNECTED(00000003) >>>>>>>>>> SSL_connect:before/connect initialization >>>>>>>>>> SSL_connect:SSLv2/v3 write client hello A >>>>>>>>>> 140225133647680:error:140790E5:SSL routines:SSL23_WRITE:ssl >>>>>>>>>> handshake failure:s23_lib.c:177: >>>>>>>>>> --- >>>>>>>>>> no peer certificate available >>>>>>>>>> --- >>>>>>>>>> No client certificate CA names sent >>>>>>>>>> --- >>>>>>>>>> SSL handshake has read 0 bytes and written 113 bytes >>>>>>>>>> --- >>>>>>>>>> New, (NONE), Cipher is (NONE) >>>>>>>>>> Secure Renegotiation IS NOT supported >>>>>>>>>> Compression: NONE >>>>>>>>>> Expansion: NONE >>>>>>>>>> --- >>>>>>>>>> >>>>>>>>>> The configurations are as follow (same command as above but >>>>>>>>>> without the -Z option): >>>>>>>>>> >>>>>>>>>> [root@ldaprov1 cacerts]# ldapsearch -x -LLL -b cn=config -D >>>>>>>>>> cn=admin,cn=config -wxxxxxx -H ldap://hostname cn=config >>>>>>>>>> dn: cn=config >>>>>>>>>> objectClass: olcGlobal >>>>>>>>>> cn: config >>>>>>>>>> olcConfigFile: /etc/openldap/slapd.conf >>>>>>>>>> olcConfigDir: /etc/openldap/slapd.d >>>>>>>>>> olcAllows: bind_v2 >>>>>>>>>> olcArgsFile: /var/run/openldap/slapd.args >>>>>>>>>> olcAttributeOptions: lang- >>>>>>>>>> olcAuthzPolicy: none >>>>>>>>>> olcConcurrency: 0 >>>>>>>>>> olcConnMaxPending: 100 >>>>>>>>>> olcConnMaxPendingAuth: 1000 >>>>>>>>>> olcGentleHUP: FALSE >>>>>>>>>> olcIdleTimeout: 0 >>>>>>>>>> olcIndexSubstrIfMaxLen: 4 >>>>>>>>>> olcIndexSubstrIfMinLen: 2 >>>>>>>>>> olcIndexSubstrAnyLen: 4 >>>>>>>>>> olcIndexSubstrAnyStep: 2 >>>>>>>>>> olcIndexIntLen: 4 >>>>>>>>>> olcLocalSSF: 71 >>>>>>>>>> olcLogLevel: 9 >>>>>>>>>> olcPidFile: /var/run/openldap/slapd.pid >>>>>>>>>> olcReadOnly: FALSE >>>>>>>>>> olcReverseLookup: FALSE >>>>>>>>>> olcSaslSecProps: noplain,noanonymous >>>>>>>>>> olcSockbufMaxIncoming: 262143 >>>>>>>>>> olcSockbufMaxIncomingAuth: 16777215 >>>>>>>>>> olcThreads: 16 >>>>>>>>>> olcTLSCACertificateFile: /etc/openldap/cacerts/cacert.pem >>>>>>>>>> olcTLSCertificateFile: /etc/openldap/cacerts/ldaprov1.crt >>>>>>>>>> olcTLSCertificateKeyFile: /etc/openldap/cacerts/ldaprov1.key >>>>>>>>>> olcTLSVerifyClient: never >>>>>>>>>> olcToolThreads: 1 >>>>>>>>>> olcWriteTimeout: 0 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I verified the ldap user can read all the TLS files and they >>>>>>>>>> are setup fine >>>>>>>>>> >>>>>>>>>> [root@ldaprov1 cacerts]# openssl verify -purpose sslserver >>>>>>>>>> -CAfile cacert.pem ldaprov1.crt >>>>>>>>>> ldaprov1.crt: OK >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Anyone can tell me what I am missing here? >>>>>>>>> No, but we're missing >>>>>>>>> 1) platform >>>>>>>>> 2) tls implementation (openssl, moznss, gnutls) >>>>>>>>> 3) output of ldapsearch -x -d 1 -Z ...... rest of arguments ..... >>>>>>>>> >>>>>>>> >>>>>>>> Its Fedora 15 >>>>>>>> >>>>>>>> ldd /usr/sbin/slapd >>>>>>>> linux-vdso.so.1 => (0x00007fff76fff000) >>>>>>>> libltdl.so.7 => /usr/lib64/libltdl.so.7 >>>>>>>> (0x00007f0f29fcd000) >>>>>>>> libdb-4.8.so => /lib64/libdb-4.8.so (0x00007f0f29c53000) >>>>>>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 >>>>>>>> (0x00007f0f29a38000) >>>>>>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f0f29801000) >>>>>>>> libresolv.so.2 => /lib64/libresolv.so.2 >>>>>>>> (0x00007f0f295e6000) >>>>>>>> libssl3.so => /usr/lib64/libssl3.so (0x00007f0f293b0000) >>>>>>>> libsmime3.so => /usr/lib64/libsmime3.so >>>>>>>> (0x00007f0f29183000) >>>>>>>> libnss3.so => /usr/lib64/libnss3.so (0x00007f0f28e4b000) >>>>>>>> libnssutil3.so => /usr/lib64/libnssutil3.so >>>>>>>> (0x00007f0f28c2b000) >>>>>>>> libplds4.so => /lib64/libplds4.so (0x00007f0f28a28000) >>>>>>>> libplc4.so => /lib64/libplc4.so (0x00007f0f28824000) >>>>>>>> libnspr4.so => /lib64/libnspr4.so (0x00007f0f285e6000) >>>>>>>> libpthread.so.0 => /lib64/libpthread.so.0 >>>>>>>> (0x00007f0f283cb000) >>>>>>>> libc.so.6 => /lib64/libc.so.6 (0x00007f0f28032000) >>>>>>>> libdl.so.2 => /lib64/libdl.so.2 (0x00007f0f27e2d000) >>>>>>>> libfreebl3.so => /lib64/libfreebl3.so (0x00007f0f27bcc000) >>>>>>>> libz.so.1 => /lib64/libz.so.1 (0x00007f0f279b5000) >>>>>>>> /lib64/ld-linux-x86-64.so.2 (0x00007f0f2a66a000) >>>>>>>> >>>>>>>> >>>>>>>> the ldapsearch -d 1 option tells me a lot more: >>>>>>>> ..... >>>>>>>> ldap_msgfree >>>>>>>> TLS: file ldaprov1.crt does not end in [.0] - does not appear >>>>>>>> to be a CA certificate directory file with a properly hashed >>>>>>>> file name - skipping. >>>>>>>> TLS: file cacert.pem does not end in [.0] - does not appear to >>>>>>>> be a CA certificate directory file with a properly hashed file >>>>>>>> name - skipping. >>>>>>>> TLS: file ldaprov1.key does not end in [.0] - does not appear >>>>>>>> to be a CA certificate directory file with a properly hashed >>>>>>>> file name - skipping. >>>>>>>> ..... >>>>>>>> >>>>>>>> I tell slapd to look for specific files but how come it is >>>>>>>> still checking in a directory? >>>>>>> I don't know. What does /etc/openldap/ldap.conf say? Do you >>>>>>> have a ~/.ldaprc or ~/ldaprc for the user "ldap"? >>>>>> >>>>>> So even for slapd the setting TLS_CACERTDIR in >>>>>> /etc/openldap/ldap.conf takes precedence over >>>>>> olcTLSCACertificateFile in cn=config? I set >>>>>> /etc/openldap/ldap.conf for client only and did not mean it for >>>>>> slapd. >>>>> I don't know. Can someone confirm that this is how it works when >>>>> using openssl or gnutls for crypto? That is, I don't think this >>>>> problem is specific to moznss. >>>>>> >>>>>> Now after I removed it from /etc/openldap/ldap.conf, ldapsearch >>>>>> -d 1 is indicating the CA certificate not valid: >>>>>> >>>>>> TLS: certificate [CA certificate details omitted here...] is not >>>>>> valid - error -8172:Unknown code ___f 20. >>>>>> error -8172:Unknown code ___f 20. >>>>>> tls_write: want=7, written=7 >>>>>> 0000: 15 03 01 00 02 02 30 ......0 >>>>>> TLS: error: connect - force handshake failure: errno 21 - moznss >>>>>> error -8172 >>>>>> TLS: can't connect: TLS error -8172:Unknown code ___f 20. >>>>>> ldap_err2string >>>>>> ldap_start_tls: Connect error (-11) >>>>>> additional info: TLS error -8172:Unknown code ___f 20 >>>>>> >>>>>> Does this mean all the certificates I created on the same server >>>>>> with openssl can not be used by modnss in slapd? I never delt >>>>>> with modnss before >>>>> 20 means SEC_ERROR_UNTRUSTED_ISSUER >>>>> >>>>> Can you provide the entire log leading up to this point? you can >>>>> paste it to fpaste.org if you don't want to spam the list with too >>>>> much information. >>>>> >>>>> Yes, openldap with moznss should work _exactly_ like openldap with >>>>> openssl. If this is something that was working before this is a >>>>> bug that needs to be fixed asap. >>>> >>>> I ran the same ldapsearch command from a Centos box which has >>>> openssl and the error messages says this : >>>> >>>> TLS certificate verification: Error, self signed certificate in >>>> certificate chain >>>> >>>> which is not true. I have separate CA certificate and server >>>> certificate. The server certificate is signed by the CA certificate. >>> openssl seems to be complaining about the CA certificate: >>> # >>> TLS certificate verification: depth: 1, err: 19, subject: >>> /C=CA/ST=Ontario/L=Toronto/O=Epic Media Group/OU=IT/CN=Epic Media >>> Group root CA/emailAddress=sysadmin(a)theepicmediagroup.com, issuer: >>> /C=CA/ST=Ontario/L=Toronto/O=Epic Media Group/OU=IT/CN=Epic Media >>> Group root CA/emailAddress=sysadmin(a)theepicmediagroup.com >>> # >>> TLS certificate verification: Error, self signed certificate in >>> certificate chain >>> >>> Note that the subject: is the same as the issuer: - that is, it is a >>> self signed certificate (self issued). >>> >>> But I'm not sure if this is the real problem. >> >> That certificate it is complaining about is actually the ROOT CA. But >> I have another server certificate specified by >> "olcTLSCertificateFile: /etc/ssl/certs/ldaprov1.crt" in cn=config and >> its subject and issuer are shown below: >> >> certs]# openssl x509 -noout -issuer -subject -in >> /etc/ssl/certs/ldaprov1.crt >> issuer= /C=CA/ST=Ontario/L=Toronto/O=Epic Media Group/OU=IT/CN=Epic >> Media Group root CA/emailAddress=sysadmin(a)theepicmediagroup.com >> subject= /C=CA/ST=Ontario/L=Toronto/O=Epic Media >> Group/OU=IT/CN=ldaprov1.prod/emailAddress=sysadmin(a)theepicmediagroup.com >> >> Its that the client can't seem to get it for some reasons. >>> # >>> TLS trace: SSL3 alert write:fatal:unknown CA >>> >>> Do you have the CA cert on the client machine? >> >> I put the same CA cert on the client machine, both in >> /etc/ldap.conf(/etc/nss_ldap.conf on Fedora now) and >> /etc/openldap/ldap.conf >> >>>> >>>> Seems the server certificate defined in olcTLSCertificateFile never >>>> gets recognized by the client. >>>> >>>> Centos openssl output pasted - http://fpaste.org/7Hju/ >>>> Fedora moznss output pasted - http://fpaste.org/aE19/ >>> >>> If you remove TLS_CACERTDIR from /etc/openldap/ldap.conf and then >>> specify >>> olcTLSCACertificateFile: /etc/openldap/cacerts/cacert.pem >>> olcTLSCertificateFile: /etc/openldap/cacerts/ldaprov1.crt >>> olcTLSCertificateKeyFile: /etc/openldap/cacerts/ldaprov1.key >>> >> That is what I have been doing, or trying to do the whole time. Note >> the last three lines from the current configuration as shown below >> from the Centos client: >> >> .prod:/etc/openldap/cacerts]# ldapsearch -x -LLL -b cn=config -D >> cn=admin,cn=config -wtesting123 -H ldap://ldaprov1.prod cn=config >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> olcConfigFile: /etc/openldap/slapd.conf >> olcConfigDir: /etc/openldap/slapd.d >> olcAllows: bind_v2 >> olcArgsFile: /var/run/openldap/slapd.args >> olcAttributeOptions: lang- >> olcAuthzPolicy: none >> olcConcurrency: 0 >> olcConnMaxPending: 100 >> olcConnMaxPendingAuth: 1000 >> olcGentleHUP: FALSE >> olcIdleTimeout: 0 >> olcIndexSubstrIfMaxLen: 4 >> olcIndexSubstrIfMinLen: 2 >> olcIndexSubstrAnyLen: 4 >> olcIndexSubstrAnyStep: 2 >> olcIndexIntLen: 4 >> olcLocalSSF: 71 >> olcLogLevel: 9 >> olcPidFile: /var/run/openldap/slapd.pid >> olcReadOnly: FALSE >> olcReverseLookup: FALSE >> olcSaslSecProps: noplain,noanonymous >> olcSockbufMaxIncoming: 262143 >> olcSockbufMaxIncomingAuth: 16777215 >> olcThreads: 16 >> olcTLSVerifyClient: never >> olcToolThreads: 1 >> olcWriteTimeout: 0 >> olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem >> olcTLSCertificateFile: /etc/ssl/certs/ldaprov1.crt >> olcTLSCertificateKeyFile: /etc/ssl/certs/ldaprov1.key > try starting slapd with -d 1 got the following from the log: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: slap_listener_activate(7): Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 busy Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: >>> slap_listener(ldap:///) Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: listen=7, new connection on 14 Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: 14r Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: read active on 14 Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: added 14r (active) listener=(nil) Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14) Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14): got connid=1003 Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): checking for input on id=1003 Aug 9 19:27:27 ldaprov2 slapd[28972]: op tag 0x77, time 1312932447 Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 do_extended Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Aug 9 19:27:27 ldaprov2 slapd[28972]: do_extended: oid=1.3.6.1.4.1.1466.20037 Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 STARTTLS Aug 9 19:27:27 ldaprov2 slapd[28972]: send_ldap_extended: err=0 oid= len=0 Aug 9 19:27:27 ldaprov2 slapd[28972]: send_ldap_response: msgid=1 tag=120 err=0 Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 RESULT oid= err=0 text= Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 fd=14 ACCEPT from IP=10.10.2.44:54439 (IP=0.0.0.0:389) Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: 14r Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: read active on 14 Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14) Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14): got connid=1003 Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): checking for input on id=1003 Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: 14r Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: read active on 14 Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14) Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14): got connid=1003 Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): checking for input on id=1003 Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): TLS accept failure error=-1 id=1003, closing Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_closing: readying conn=1003 sd=14 for close Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: Aug 9 19:27:27 ldaprov2 slapd[28972]: Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 active_threads=0 tvp=zero Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_close: conn=1003 sd=14 Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: removing 14 Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 fd=14 closed (TLS negotiation failure)

13 years, 3 months

Re: syncrepl problems

by Bram Cymet

On 11/22/2010 07:24 PM, Bram Cymet wrote: > Hi, > > I am trying to set up a syncrepl consumer. I have done this a number > of times without any problem. > > The consumer seems to be connecting via TLS to the producer and > authenticating but the consumer directory never gets populated. > > Here is the log from the producer: > > Nov 22 19:19:57 anubis slapd[24088]: slap_listener_activate(7): > Nov 22 19:19:57 anubis slapd[24088]: >>> slap_listener(ldap://) > Nov 22 19:19:57 anubis slapd[24088]: conn=1026 fd=15 ACCEPT from > IP=172.20.150.141:38831 (IP=0.0.0.0:389) > Nov 22 19:19:57 anubis slapd[24088]: connection_get(15) > Nov 22 19:19:57 anubis slapd[24088]: connection_get(15): got connid=1026 > Nov 22 19:19:57 anubis slapd[24088]: connection_read(15): checking for > input on id=1026 > Nov 22 19:19:57 anubis slapd[24088]: op tag 0x77, time 1290471597 > Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 do_extended > Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 EXT > oid=1.3.6.1.4.1.1466.20037 > Nov 22 19:19:57 anubis slapd[24088]: do_extended: > oid=1.3.6.1.4.1.1466.20037 > Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 STARTTLS > Nov 22 19:19:57 anubis slapd[24088]: send_ldap_extended: err=0 oid= len=0 > Nov 22 19:19:57 anubis slapd[24088]: send_ldap_response: msgid=1 > tag=120 err=0 > Nov 22 19:19:57 anubis slapd[24088]: conn=1026 op=0 RESULT oid= err=0 > text= > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 > Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for > input on id=1026 > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 > Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for > input on id=1026 > Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): unable to > get TLS client DN, error=49 id=1026 > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 TLS established > tls_ssf=256 ssf=256 > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 > Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for > input on id=1026 > Nov 22 19:19:58 anubis slapd[24088]: op tag 0x60, time 1290471598 > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 do_bind > Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal: > <uid=syncrepl,ou=system,dc=ls,dc=cbn>, > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND > dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128 > Nov 22 19:19:58 anubis slapd[24088]: do_bind: version=3 > dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" method=128 > Nov 22 19:19:58 anubis slapd[24088]: ==> hdb_bind: dn: > uid=syncrepl,ou=system,dc=ls,dc=cbn > Nov 22 19:19:58 anubis slapd[24088]: > bdb_dn2entry("uid=syncrepl,ou=system,dc=ls,dc=cbn") > Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: result not in > cache (userPassword) > Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access to > "uid=syncrepl,ou=system,dc=ls,dc=cbn" "userPassword" requested > Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [2] attr userPassword > Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry > "uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested > Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0) > Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: > uid=syncrepl,ou=system,dc=ls,dc=cbn > Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: * > Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying +0 (break) > Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: =0 > Nov 22 19:19:58 anubis slapd[24088]: => acl_get: [3] attr userPassword > Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: access to entry > "uid=syncrepl,ou=system,dc=ls,dc=cbn", attr "userPassword" requested > Nov 22 19:19:58 anubis slapd[24088]: => acl_mask: to value by "", (=0) > Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: self > Nov 22 19:19:58 anubis slapd[24088]: <= check a_dn_pat: * > Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] applying > auth(=xd) (stop) > Nov 22 19:19:58 anubis slapd[24088]: <= acl_mask: [2] mask: auth(=xd) > Nov 22 19:19:58 anubis slapd[24088]: => slap_access_allowed: auth > access granted by auth(=xd) > Nov 22 19:19:58 anubis slapd[24088]: => access_allowed: auth access > granted by auth(=xd) > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 BIND > dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" mech=SIMPLE ssf=0 > Nov 22 19:19:58 anubis slapd[24088]: do_bind: v3 bind: > "uid=syncrepl,ou=system,dc=ls,dc=cbn" to > "uid=syncrepl,ou=system,dc=ls,dc=cbn" > Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=1 p=3 > Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 > matched="" text="" > Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=2 > tag=97 err=0 > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=1 RESULT tag=97 > err=0 text= > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 > Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for > input on id=1026 > Nov 22 19:19:58 anubis slapd[24088]: op tag 0x63, time 1290471598 > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 do_search > Nov 22 19:19:58 anubis slapd[24088]: >>> dnPrettyNormal: <dc=ls,dc=cbn> > Nov 22 19:19:58 anubis slapd[24088]: <<< dnPrettyNormal: > <dc=ls,dc=cbn>, <dc=ls,dc=cbn> > Nov 22 19:19:58 anubis slapd[24088]: SRCH "dc=ls,dc=cbn" 2 0 > Nov 22 19:19:58 anubis slapd[24088]: 0 0 0 > Nov 22 19:19:58 anubis slapd[24088]: filter: (objectClass=*) > Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls > Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls: > oid="1.3.6.1.4.1.4203.1.9.1.1" (noncritical) > Nov 22 19:19:58 anubis slapd[24088]: => get_ctrls: > oid="2.16.840.1.113730.3.4.2" (critical) > Nov 22 19:19:58 anubis slapd[24088]: <= get_ctrls: n=2 rc=0 err="" > Nov 22 19:19:58 anubis slapd[24088]: attrs: > Nov 22 19:19:58 anubis slapd[24088]: * > Nov 22 19:19:58 anubis slapd[24088]: + > Nov 22 19:19:58 anubis slapd[24088]: > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH > base="dc=ls,dc=cbn" scope=2 deref=0 filter="(objectClass=*)" > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SRCH attr=* + > Nov 22 19:19:58 anubis slapd[24088]: ==> limits_get: conn=1026 op=2 > self="uid=syncrepl,ou=system,dc=ls,dc=cbn" this="dc=ls,dc=cbn" > Nov 22 19:19:58 anubis slapd[24088]: <== limits_get: type=DN > match=EXACT dn="uid=syncrepl,ou=system,dc=ls,dc=cbn" > Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: conn=1026 op=2 p=3 > Nov 22 19:19:58 anubis slapd[24088]: send_ldap_result: err=0 > matched="" text="" > Nov 22 19:19:58 anubis slapd[24088]: send_ldap_response: msgid=3 > tag=101 err=0 > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=2 SEARCH RESULT > tag=101 err=0 nentries=0 text= > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15) > Nov 22 19:19:58 anubis slapd[24088]: connection_get(15): got connid=1026 > Nov 22 19:19:58 anubis slapd[24088]: connection_read(15): checking for > input on id=1026 > Nov 22 19:19:58 anubis slapd[24088]: op tag 0x42, time 1290471598 > Nov 22 19:19:58 anubis slapd[24088]: ber_get_next on fd 15 failed > errno=0 (Success) > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 do_unbind > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 op=3 UNBIND > Nov 22 19:19:58 anubis slapd[24088]: connection_close: conn=1026 sd=15 > Nov 22 19:19:58 anubis slapd[24088]: conn=1026 fd=15 closed > > Here is the log from the consumer: > > Nov 22 18:22:49 mgaauth1 slapd[12587]: daemon: shutdown requested and > initiated. > Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: waiting for 0 > operations/tasks to finish > Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd shutdown: initiated > Nov 22 18:22:49 mgaauth1 slapd[12587]: ====> bdb_cache_release_all > Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd destroy: freeing system > resources. > Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=001 > Nov 22 18:22:49 mgaauth1 slapd[12587]: syncinfo_free: rid=002 > Nov 22 18:22:49 mgaauth1 slapd[12587]: slapd stopped. > Nov 22 18:22:52 mgaauth1 slapd[12638]: @(#) $OpenLDAP: slapd 2.4.20 > (Jun 16 2010 10:21:06) $ > abuild@anonymi:/usr/src/packages/BUILD/openldap-2.4.20/servers/slapd > Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed > errno=97 (Address family not supported by protocol) > Nov 22 18:22:52 mgaauth1 slapd[12638]: daemon: IPv6 socket() failed > errno=97 (Address family not supported by protocol) > Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/cn=schema.ldif" > Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn=schema > objectClass: olcSchemaConfig cn: schema structuralObjectClass: > olcSchemaConfig entryUUID: 1a05f3b8-8ade-102f-8d02-5da984889200 > creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: > 20101122234350.437126Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101122234350Z " > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=schema> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn=schema>, <cn=schema> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn=schema) -> > 0x7ff49ab19758 > Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif" > Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={0}core > objectClass: olcSchemaConfig cn: {0}core olcAttributeTypes: {0}( > 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno wledge > information' EQUALITY caseIgnoreMatch SYNTAX > 1.3.6.1.4.1.1466.115.121. 1.15{32768} ) olcAttributeTypes: {1}( > 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f amily) name(s) > for which the entity is known by' SUP name ) olcAttributeTypes: {2}( > 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb er of the > entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S > YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) olcAttributeTypes: {3}( > 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two- letter > ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 > S INGLE-VALUE ) olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' > 'localityName' ) DESC 'RFC2256: loc ality which this object resides > in' SUP name ) olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' > 'stateOrProvinceName' ) DESC 'RFC2 256: state or province which this > object resides in' SUP name ) olcAttributeTypes: {6}( 2.5.4.9 NAME ( > 'street' 'streetAddress' ) DESC 'RFC225 6: street address of this > object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {7}( > 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 : organization > this object belongs to' SUP name ) olcAttributeTypes: {8}( 2.5.4.11 > NAME ( 'ou' 'organizationalUnitName' ) DESC ' RFC2256: organizational > unit this object belongs to' SUP name ) olcAttributeTypes: {9}( > 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the > entity' SUP name ) olcAttributeTypes: {10}( 2.5.4.14 NAME > 'searchGuide' DESC 'RFC2256: search gui de, deprecated by > enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) > olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC > 'RFC2256: busin ess category' EQUALITY caseIgnoreMatch SUBSTR > caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{128} > ) olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC > 'RFC2256: postal a ddress' EQUALITY caseIgnoreListMatch SUBSTR > caseIgnoreListSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.41 ) > olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: > postal code ' EQUALITY caseIgnoreMatch SUBSTR > caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15{40} ) > olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: > Post Off ice Box' EQUALITY caseIgnoreMatch SUBSTR > caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{40} ) > olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' > DESC 'RFC2 256: Physical Delivery Office Name' EQUALITY > caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {16}( 2.5.4.20 > NAME 'telephoneNumber' DESC 'RFC2256: Teleph one Number' EQUALITY > telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.50{32} ) olcAttributeTypes: {17}( 2.5.4.21 > NAME 'telexNumber' DESC 'RFC2256: Telex Numb er' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.52 ) olcAttributeTypes: {18}( 2.5.4.22 NAME > 'teletexTerminalIdentifier' DESC 'RFC22 56: Teletex Terminal > Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) olcAttributeTypes: > {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE SC > 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX > 1.3.6.1.4.1.1466.115.12 1.1.22 ) olcAttributeTypes: {20}( 2.5.4.24 > NAME 'x121Address' DESC 'RFC2256: X.121 Addr ess' EQUALITY > numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1 > .3.6.1.4.1.1466.115.121.1.36{15} ) olcAttributeTypes: {21}( 2.5.4.25 > NAME 'internationaliSDNNumber' DESC 'RFC2256 : international ISDN > number' EQUALITY numericStringMatch SUBSTR numericString > SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) > olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC > 'RFC2256: regi stered postal address' SUP postalAddress SYNTAX > 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {23}( 2.5.4.27 > NAME 'destinationIndicator' DESC 'RFC2256: d estination indicator' > EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.44{128} ) olcAttributeTypes: {24}( 2.5.4.28 > NAME 'preferredDeliveryMethod' DESC 'RFC2256 : preferred delivery > method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU E ) > olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC > 'RFC2256: pr esentation address' EQUALITY presentationAddressMatch > SYNTAX 1.3.6.1.4.1.1466 .115.121.1.43 SINGLE-VALUE ) > olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' > DESC 'RFC 2256: supported application context' EQUALITY > objectIdentifierMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.38 ) > olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member > of a gro up' SUP distinguishedName ) olcAttributeTypes: {28}( > 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob ject)' SUP > distinguishedName ) olcAttributeTypes: {29}( 2.5.4.33 NAME > 'roleOccupant' DESC 'RFC2256: occupant of role' SUP > distinguishedName ) olcAttributeTypes: {30}( 2.5.4.36 NAME > 'userCertificate' DESC 'RFC2256: X.509 user certificate, use > ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1. > 4.1.1466.115.121.1.8 ) olcAttributeTypes: {31}( 2.5.4.37 NAME > 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' > EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.8 ) > olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC > 'RFC2256 : X.509 authority revocation list, use ;binary' SYNTAX > 1.3.6.1.4.1.1466.115.1 21.1.9 ) olcAttributeTypes: {33}( 2.5.4.39 > NAME 'certificateRevocationList' DESC 'RFC22 56: X.509 certificate > revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.9 ) > olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC > 'RFC2256: X .509 cross certificate pair, use ;binary' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.1 0 ) olcAttributeTypes: {35}( 2.5.4.42 > NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir st name(s) for which the > entity is known by' SUP name ) olcAttributeTypes: {36}( 2.5.4.43 NAME > 'initials' DESC 'RFC2256: initials of s ome or all of names, but not > the surname(s).' SUP name ) olcAttributeTypes: {37}( 2.5.4.44 NAME > 'generationQualifier' DESC 'RFC2256: na me qualifier indicating a > generation' SUP name ) olcAttributeTypes: {38}( 2.5.4.45 NAME > 'x500UniqueIdentifier' DESC 'RFC2256: X .500 unique identifier' > EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.6 ) > olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN > qualifi er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch > SUBSTR caseIgno reSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.44 ) olcAttributeTypes: {40}( 2.5.4.47 NAME > 'enhancedSearchGuide' DESC 'RFC2256: en hanced search guide' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.21 ) olcAttributeTypes: {41}( 2.5.4.48 NAME > 'protocolInformation' DESC 'RFC2256: pr otocol information' EQUALITY > protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.42 ) > olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: > unique me mber of a group' EQUALITY uniqueMemberMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1 .34 ) olcAttributeTypes: {43}( 2.5.4.51 > NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY > caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {44}( > 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su pported > algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) olcAttributeTypes: > {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de lta > revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) > olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name > of DMD' S UP name ) olcAttributeTypes: {47}( 2.5.4.65 NAME > 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ) > olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' > 'rfc822Mailbo x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY > caseIgnoreIA5Match SUBSTR ca seIgnoreIA5SubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {49}( 0.9.234 > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={0}core> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn={0}core>, <cn={0}core> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={0}core) -> > 0x7ff49ab19758 > Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif" > Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: cn={1}cosine > objectClass: olcSchemaConfig cn: {1}cosine olcAttributeTypes: {0}( > 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY > caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. > 1466.115.121.1.15{256} ) olcAttributeTypes: {1}( > 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g eneral > information' EQUALITY caseIgnoreMatch SUBSTR > caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} > ) olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' > 'favouriteDri nk' ) DESC 'RFC1274: favorite drink' EQUALITY > caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {3}( > 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 274: room > number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S > YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {4}( > 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 > fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) olcAttributeTypes: > {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 74: > category of user' EQUALITY caseIgnoreMatch SUBSTR > caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} > ) olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC > 'RFC1274: h ost computer' EQUALITY caseIgnoreMatch SUBSTR > caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{256} > ) olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' > DESC 'RFC127 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX > 1.3.6.1.4.1.1466.115 .121.1.12 ) olcAttributeTypes: {8}( > 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D ESC 'RFC1274: > unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR > caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME > 'documentTitle' DESC ' RFC1274: title of document' EQUALITY > caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {10}( > 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES C 'RFC1274: > version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu > bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME > 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY > distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 ) > olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME > 'documentLocation' DE SC 'RFC1274: location of document original' > EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {13}( > 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe lephoneNumber' > ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb > erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121 .1.50 ) olcAttributeTypes: {14}( > 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 1274: DN of > secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 > 6.115.121.1.12 ) olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 > NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) > olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' > EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' > EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' > EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' > EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' > EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' > EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME > 'associatedName' DESC 'RFC1274: DN of entry associated with domain' > EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 > ) olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME > 'homePostalAddress' D ESC 'RFC1274: home postal address' EQUALITY > caseIgnoreListMatch SUBSTR caseIg noreListSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {24}( > 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274: > personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring > sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: > {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel > ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY > telephoneNum berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.12 1.1.50 ) olcAttributeTypes: {26}( > 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep honeNumber' ) > DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber Match > SUBSTR telephoneNumberSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1 .50 ) olcAttributeTypes: {27}( > 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount ryName' ) DESC > 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS TR > caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME > 'uniqueIdentifier' DE SC 'RFC1274: unique identifer' EQUALITY > caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15{256} ) > olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME > 'organizationalStatus ' DESC 'RFC1274: organizational status' > EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {30}( > 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' RFC1274: Janet > mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst > ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) > olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME > 'mailPreferenceOption ' DESC 'RFC1274: mail preference option' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 ) olcAttributeTypes: {32}( > 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' RFC1274: name > of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin > gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: > {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF C1274: > DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) > olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME > 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.13 SIN GLE-VALUE ) olcAttributeTypes: > {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit y' DESC > 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. > 13 SINGLE-VALUE ) olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 > NAME 'subtreeMaximumQualit y' DESC 'RFC1274: Subtree Maximun Quality' > SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) > olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME > 'personalSignature' D ESC 'RFC1274: Personal Signature (G3 fax)' > SYNTAX 1.3.6.1.4.1.1466.115.121.1. 23 ) olcAttributeTypes: {38}( > 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R FC1274: DIT > Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 > .115.121.1.12 ) olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 > NAME 'audio' DESC 'RFC1274 : audio (u-law)' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.4{25000} ) olcAttributeTypes: {40}( > 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D ESC 'RFC1274: > publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno > reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' > 'newPilo tPerson' ) SUP person STRUCTURAL MAY ( userid $ > textEncodedORAddress $ rfc822 Mailbox $ favouriteDrink $ roomNumber $ > userClass $ homeTelephoneNumber $ hom ePostalAddress $ secretary $ > personalTitle $ preferredDeliveryMethod $ busine ssCategory $ > janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep hone > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={1}cosine> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn={1}cosine>, <cn={1}cosine> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <= str2entry(cn={1}cosine) -> > 0x7ff49ab19758 > Nov 22 18:22:52 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: > "/etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif" > Nov 22 18:22:52 mgaauth1 slapd[12638]: => str2entry: "dn: > cn={2}inetorgperson objectClass: olcSchemaConfig cn: {2}inetorgperson > olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC > 'RFC279 8: vehicle license or registration plate' EQUALITY > caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( > 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' RFC2798: > identifies a department within an organization' EQUALITY caseIgnoreM > atch SUBSTR caseIgnoreSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}( > 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 2798: > preferred name to be used when displaying entries' EQUALITY > caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) olcAttributeTypes: {3}( > 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF C2798: > numerically identifies an employee within an organization' EQUALITY > ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) olcAttributeTypes: {4}( > 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 798: type of > employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn > oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' > DESC 'RFC2 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) > olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME > 'preferredLanguage' DESC 'RFC2798: preferred written or spoken > language for a person' EQUALITY caseIg noreMatch SUBSTR > caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 > SINGLE-VALUE ) olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME > 'userSMIMECertificate' D ESC 'RFC2798: PKCS#7 SignedData used to > support S/MIME' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.5 ) > olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' > DESC 'RFC2 798: personal identity information, a PKCS #12 PFX' SYNTAX > 1.3.6.1.4.1.1466.1 15.121.1.5 ) olcObjectClasses: {0}( > 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 798: Internet > Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( > audio $ businessCategory $ carLicense $ departmentNumber $ displayName > $ em ployeeNumber $ employeeType $ givenName $ homePhone $ > homePostalAddress $ ini tials $ jpegPhoto $ labeledURI $ mail $ > manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid > $ userCertificate $ x500uniqueIdentifier $ pre ferredLanguage $ > userSMIMECertificate $ userPKCS12 ) ) structuralObjectClass: > olcSchemaConfig entryUUID: 1a06766c-8ade-102f-8d05-5da984889200 > creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: > 20101122234350.440473Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101122234350Z " > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <cn={2}inetorgperson> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn={2}inetorgperson>, <cn={2}inetorgperson> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:52 mgaauth1 slapd[12638]: <= > str2entry(cn={2}inetorgperson) -> 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: > cn={3}rfc2307bis objectClass: olcSchemaConfig cn: {3}rfc2307bis > olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS > field; th e common name' EQUALITY caseIgnoreIA5Match SUBSTR > caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME > 'homeDirectory' DESC 'The absolut e path to the home directory' > EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 > SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME > 'loginShell' DESC 'The path to th e login shell' EQUALITY > caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE > ) olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' > EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 > SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME > 'shadowMin' EQUALITY integerMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( > 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( > 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM atch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( > 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer Match SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( > 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM atch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}( > 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat ch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( > 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI A5Match SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {11}( > 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca seExactIA5Match > SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 > 5.121.1.26 ) olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME > 'nisNetgroupTriple' DESC 'Netgr oup triple' EQUALITY > caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC > 'Service p ort number' EQUALITY integerMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE ) olcAttributeTypes: > {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Servi ce > protocol name' SUP name ) olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 > NAME 'ipProtocolNumber' DESC 'IP pro tocol number' EQUALITY > integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE ) > olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC > 'ONC RPC nu mber' EQUALITY integerMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: > {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 addre sses as a > dotted decimal omitting leading zeros or IPv6 addresses as de > fined in RFC2373' SUP name ) olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 > NAME 'ipNetworkNumber' DESC 'IP netw ork as a dotted decimal, eg. > 192.168, omitting leading zeros' SUP name SINGLE-VALUE ) > olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC > 'IP netm ask as a dotted decimal, eg. 255.255.255.0, omitting > leading zeros' EQU ALITY caseIgnoreIA5Match SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {20}( > 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address in maximal, > colon separated hex notation, eg. 00:00:92:90:ee:e2' EQUALI TY > caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC > 'rpc.bootp aramd parameter' EQUALITY caseExactIA5Match SYNTAX > 1.3.6.1.4.1.1466.115.121.1 .26 ) olcAttributeTypes: {22}( > 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam e' EQUALITY > caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name > of a A generic NIS map' SUP name ) olcAttributeTypes: {24}( > 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic N IS entry' > EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTA X > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {25}( > 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public key' EQUALITY > octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE ) > olcAttributeTypes: {26}( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC > 'NIS secret key' EQUALITY octetStringMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V ALUE ) olcAttributeTypes: > {27}( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' E QUALITY > caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) > olcAttributeTypes: {28}( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC > 'automo unt Map Name' EQUALITY caseExactIA5Match SUBSTR > caseExactIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 > SINGLE-VALUE ) olcAttributeTypes: {29}( 1.3.6.1.1.1.1.32 NAME > 'automountKey' DESC 'Automount Key value' EQUALITY caseExactIA5Match > SUBSTR caseExactIA5SubstringsMatch SYNT AX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {30}( > 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Au tomount > information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrings > Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) > olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top > AUXILIARY D ESC 'Abstraction of an account with POSIX attributes' > MUST ( cn $ uid $ uidNu mber $ gidNumber $ homeDirectory ) MAY ( > userPassword $ loginShell $ gecos $ description ) ) > olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top > AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid > MAY ( userPassword $ description $ shadowLastChange $ > shadowMin $ shadowMax $ shado wWarning $ shadowInactive $ > shadowExpire $ shadowFlag ) ) olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 > NAME 'posixGroup' SUP top AUXILIARY DES C 'Abstraction of a group of > accounts' MUST gidNumber MAY ( userPassword $ me mberUid $ > description ) ) olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME > 'ipService' SUP top STRUCTURAL DES C 'Abstraction an Internet > Protocol service. Maps an IP port and protoc ol (such as tcp or > udp) to one or more names; the distinguished value o f > the cn attribute denotes the services canonical name' MUST ( > cn $ ipServicePort $ ipServiceProtocol ) MAY description ) > olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top > STRUCTURAL DE SC 'Abstraction of an IP protocol. Maps a protocol > number to one or mor e names. The distinguished value of the > cn attribute denotes the protoc ols canonical name' MUST ( cn $ > ipProtocolNumber ) MAY description ) olcObjectClasses: {5}( > 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL DESC ' Abstraction > of an Open Network Computing (ONC) [RFC1057] Remote Procedur e > Call (RPC) binding. This class maps an ONC RPC number to a > name. The distinguished value of the cn attribute denotes > the RPC services can onical name' MUST ( cn $ oncRpcNumber ) MAY > description ) olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP > top AUXILIARY DESC 'A bstraction of a host, an IP device. The > distinguished value of the cn a ttribute denotes the hosts > canonical name. Device SHOULD be used as a s tructural class' > MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ descript ion $ > manager ) ) olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' > SUP top STRUCTURAL DES C 'Abstraction of a network. The distinguished > value of the cn attribut e denotes the networks canonical name' > MUST ipNetworkNumber MAY ( cn $ ipNetm askNumber $ l $ description $ > manager ) ) olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' > SUP top STRUCTURAL D ESC 'Abstraction of a netgroup. May refer to > other netgroups' MUST cn MAY ( n isNetgroupTriple $ memberNisNetgroup > $ description ) ) olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' > SUP top STRUCTURAL DESC ' A generic abstraction of a NIS map' MUST > nisMapName MAY description ) olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 > NAME 'nisObject' SUP top STRUCTURAL D ESC 'An entry in a NIS map' > MUST ( cn $ nisMapE > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <cn={3}rfc2307bis> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn={3}rfc2307bis>, <cn={3}rfc2307bis> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={3}rfc2307bis) > -> 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={4}yast.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: cn={4}yast > objectClass: olcSchemaConfig cn: {4}yast olcObjectIdentifier: {0}SUSE > 1.3.6.1.4.1.7057 olcObjectIdentifier: {1}SUSE.YaST SUSE:10.1 > olcObjectIdentifier: {2}SUSE.YaST.ModuleConfig SUSE:10.1.2 > olcObjectIdentifier: {3}SUSE.YaST.ModuleConfig.OC > SUSE.YaST.ModuleConfig:1 olcObjectIdentifier: > {4}SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2 > olcAttributeTypes: {0}( SUSE.YaST.ModuleConfig.Attr:2 NAME ( > 'suseDefaultBase' ) DESC 'Base DN where new Objects should be > created by default' EQUALITY dis tinguishedNameMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: > {1}( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId ' ) DESC > 'Next unused unique ID, can be used to generate directory wide uniqe > IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX > 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {2}( > SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' ) DESC 'lower > Border for Unique IDs' EQUALITY integerMatch ORDERING integerO > rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) > olcAttributeTypes: {3}( SUSE.YaST.ModuleConfig.Attr:5 NAME ( > 'suseMaxUniqueId' ) DESC 'upper Border for Unique IDs' EQUALITY > integerMatch ORDERING integerO rderingMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( > SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTempl ate' ) DESC > 'The DN of a template that should be used by default' EQUALITY di > stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 > SINGLE-VALUE ) olcAttributeTypes: {5}( SUSE.YaST.ModuleConfig.Attr:7 > NAME ( 'suseSearchFilter ' ) DESC 'Search filter to localize Objects' > SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE ) > olcAttributeTypes: {6}( SUSE.YaST.ModuleConfig.Attr:11 NAME ( > 'suseDefaultValu e' ) DESC 'an Attribute-Value-Assertions to define > defaults for specific Attr ibutes' EQUALITY caseIgnoreMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {7}( > SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttri bute' ) DESC > 'AttributeType that should be used as the RDN' EQUALITY caseIgno > reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) > olcAttributeTypes: {8}( SUSE.YaST.ModuleConfig.Attr:15 NAME ( > 'suseSecondaryGr oup' ) DESC 'seconday group DN' EQUALITY > distinguishedNameMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.12 ) > olcAttributeTypes: {9}( SUSE.YaST.ModuleConfig.Attr:16 NAME ( > 'suseMinPassword Length' ) DESC 'minimum Password length for new > users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE ) olcAttributeTypes: > {10}( SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswor dLength' > ) DESC 'maximum Password length for new users' EQUALITY integerMatch > ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 > SINGLE-VA LUE ) olcAttributeTypes: {11}( > SUSE.YaST.ModuleConfig.Attr:18 NAME ( 'susePasswordHa sh' ) DESC > 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYN > TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) > olcAttributeTypes: {12}( SUSE.YaST.ModuleConfig.Attr:19 NAME ( > 'suseSkelDir' ) DESC '' EQUALITY caseExactIA5Match SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}( > SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' ) DESC 'plugin to > use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTA X > 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {14}( > SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribu te' ) DESC '' > EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > olcAttributeTypes: {15}( SUSE.YaST.ModuleConfig.Attr:22 NAME ( > 'suseImapServer ' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) > olcAttributeTypes: {16}( SUSE.YaST.ModuleConfig.Attr:23 NAME ( > 'suseImapAdmin' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) > olcAttributeTypes: {17}( SUSE.YaST.ModuleConfig.Attr:24 NAME ( > 'suseImapDefaul tQuota' ) DESC '' EQUALITY integerMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) > olcAttributeTypes: {18}( SUSE.YaST.ModuleConfig.Attr:25 NAME ( > 'suseImapUseSsl ' ) DESC '' EQUALITY booleanMatch SYNTAX > 1.3.6.1.4.1.1466.115.121 .1.7 SINGLE-VALUE ) olcObjectClasses: > {0}( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfigurati > on' SUP top STRUCTURAL DESC 'Contains configuration of > Management Modu les' MUST ( cn ) MAY ( suseDefaultBase )) > olcObjectClasses: {1}( SUSE.YaST.ModuleConfig.OC:3 NAME > 'suseUserConfiguration ' SUP suseModuleConfiguration > STRUCTURAL DESC 'Configuration of user m anagement tools' MAY ( > suseMinPasswordLength $ suseMaxPasswordLength $ > susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId > $ suseMaxUniqueId $ suseDefaultTemplate $ > suseSearchFilter $ suseMapAttribute )) > olcObjectClasses: {2}( SUSE.YaST.ModuleConfig.OC:4 NAME > 'suseObjectTemplate' SUP top STRUCTURAL DESC 'Base Class for > Object-Templates' MUST ( cn ) M AY ( susePlugin $ suseDefaultValue $ > suseNamingAttribute )) olcObjectClasses: {3}( > SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate' SUP > suseObjectTemplate STRUCTURAL DESC 'User object template' MUST ( cn > ) MAY ( suseSecondaryGroup )) olcObjectClasses: {4}( > SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate' SUP > suseObjectTemplate STRUCTURAL DESC 'Group object template' MUST ( cn > )) olcObjectClasses: {5}( SUSE.YaST.ModuleConfig.OC:7 NAME > 'suseGroupConfiguratio n' SUP suseModuleConfiguration > STRUCTURAL DESC 'Configuration of user management tools' MAY ( > suseNextUniqueId $ suseMinUniqueId $ suseMaxUni queId $ > suseDefaultTemplate $ suseSearchFilter $ suseMapAttribut e )) > olcObjectClasses: {6}( SUSE.YaST.ModuleConfig.OC:8 NAME > 'suseCaConfiguration' SUP suseModuleConfiguration STRUCTURAL > DESC 'Configuration of CA manage ment tools') olcObjectClasses: {7}( > SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguration' SUP > suseModuleConfiguration STRUCTURAL DESC 'Configuration of mail se > rver management tools') olcObjectClasses: {8}( > SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfiguratio n' SUP > suseModuleConfiguration STRUCTURAL DESC 'Configuration of DHCP > server management tools') olcObjectClasses: {9}( > SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfiguratio n' SUP > suseModuleConfiguration STRUCTURAL DESC 'Configuration of IMAP user > management tools' MUST ( suseImapServer $ suseImapAdmin $ > suseImap DefaultQuota $ suseImapUseSsl )) > structuralObjectClass: olcSchemaConfig entryUUID: > 1a06ad4e-8ade-102f-8d07-5da984889200 creatorsName: cn=config > createTimestamp: 20101122234350Z entryCSN: > 20101122234350.441878Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101122234350Z " > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn={4}yast> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn={4}yast>, <cn={4}yast> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={4}yast) -> > 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={5}kerberos.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: > cn={5}kerberos objectClass: olcSchemaConfig cn: {5}kerberos > olcAttributeTypes:: > ezB9KCAyLjE2Ljg0MC4xLjExMzcxOS4xLjMwMS40LjEuMSAgICAgICAgIC > AgICAgIE5BTUUgJ2tyYlByaW5jaXBhbE5hbWUnICAgICAgICAgICAgICAgRVFVQUxJVFkgY2FzZUV > 4YWN0SUE1TWF0Y2ggCVNVQlNUUiBjYXNlRXhhY3RTdWJzdHJpbmdzTWF0Y2ggICAgICAgICAgICAg > ICBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYp > olcAttributeTypes: {1}( 1.2.840.113554.1.4.1.6.1 NAME > 'krbCanoni calName' EQUALITY > caseExactIA5Match SUBSTR caseEx > actSubstringsMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) > olcAttributeTypes: {2}( 2.16.840.1.113719.1.301.4.3.1 > NAME 'krbP rincipalType' EQUALITY > integerMatch SYNTAX 1.3.6. > 1.4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: > {3}( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbU > PEnabled' DESC 'Boolean' SYNTAX > 1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE) > olcAttributeTypes: {4}( 2.16.840.1.113719.1.301.4.6.1 > NAME 'krbP rincipalExpiration' EQUALITY > generalizedTimeMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) > olcAttributeTypes: {5}( 2.16.840.1.113719.1.301.4.8.1 > NAME 'krbT icketFlags' EQUALITY > integerMatch SYNTAX 1.3.6.1. > 4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: > {6}( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbM > axTicketLife' EQUALITY integerMatch SYNTAX > 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {7}( 2.16.840.1.113719.1.301.4.10.1 > NAME 'krb MaxRenewableAge' EQUALITY > integerMatch SYNTAX 1.3 > .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {8}( 2.16.840.1.113719.1.301.4.14.1 > NAME 'krb RealmReferences' EQUALITY > distinguishedNameMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {9}( > 2.16.840.1.113719.1.301.4.15.1 NAME 'krb > LdapServers' EQUALITY caseIgnoreMatch > SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15) olcAttributeTypes: {10}( > 2.16.840.1.113719.1.301.4.17.1 NAME 'kr > bKdcServers' EQUALITY > distinguishedNameMatch SYNT AX > 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {11}( > 2.16.840.1.113719.1.301.4.18.1 NAME 'kr > bPwdServers' EQUALITY > distinguishedNameMatch SYNT AX > 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {12}( > 2.16.840.1.113719.1.301.4.24.1 NAME 'kr > bHostServer' EQUALITY caseExactIA5Match > SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {13}( > 2.16.840.1.113719.1.301.4.25.1 NAME 'kr > bSearchScope' EQUALITY integerMatch SYNTAX > 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {14}( 2.16.840.1.113719.1.301.4.26.1 > NAME 'kr bPrincipalReferences' EQUALITY > distinguishedNameMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {15}( > 2.16.840.1.113719.1.301.4.28.1 NAME 'kr > bPrincNamingAttr' EQUALITY caseIgnoreMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) > olcAttributeTypes: {16}( 2.16.840.1.113719.1.301.4.29.1 > NAME 'kr bAdmServers' EQUALITY > distinguishedNameMatch SYNT AX > 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {17}( > 2.16.840.1.113719.1.301.4.30.1 NAME 'kr > bMaxPwdLife' EQUALITY integerMatch SYNTAX > 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {18}( 2.16.840.1.113719.1.301.4.31.1 > NAME 'kr bMinPwdLife' EQUALITY > integerMatch SYNTAX 1.3.6.1 > .4.1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: > {19}( 2.16.840.1.113719.1.301.4.32.1 NAME 'kr > bPwdMinDiffChars' EQUALITY integerMatch > SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {20}( 2.16.840.1.113719.1.301.4.33.1 > NAME 'kr bPwdMinLength' EQUALITY > integerMatch SYNTAX 1.3. > 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {21}( 2.16.840.1.113719.1.301.4.34.1 > NAME 'kr bPwdHistoryLength' EQUALITY > integerMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {22}( 1.3.6.1.4.1.5322.21.2.1 NAME > 'krbPwdMax Failure' EQUALITY > integerMatch SYNTAX 1.3.6.1.4. > 1.1466.115.121.1.27 SINGLE-VALUE) olcAttributeTypes: > {23}( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFai > lureCountInterval' EQUALITY integerMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {24}( 1.3.6.1.4.1.5322.21.2.3 NAME > 'krbPwdLoc koutDuration' EQUALITY > integerMatch SYNTAX 1.3.6 > .1.4.1.1466.115.121.1.27 SINGLE-VALUE) > olcAttributeTypes: {25}( 2.16.840.1.113719.1.301.4.36.1 > NAME 'kr bPwdPolicyReference' EQUALITY > distinguishedNameMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) > olcAttributeTypes: {26}( 2.16.840.1.113719.1.301.4.37.1 > NAME 'kr bPasswordExpiration' EQUALITY > generalizedTimeMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) > olcAttributeTypes: {27}( 2.16.840.1.113719.1.301.4.39.1 > NAME 'kr bPrincipalKey' EQUALITY > octetStringMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.40) > olcAttributeTypes: {28}( 2.16.840.1.113719.1.301.4.40.1 > NAME 'kr bTicketPolicyReference' EQUALITY > distinguishedNameMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) > olcAttributeTypes: {29}( 2.16.840.1.113719.1.301.4.41.1 > NAME 'kr bSubTrees' EQUALITY > distinguishedNameMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.12) olcAttributeTypes: {30}( > 2.16.840.1.113719.1.301.4.42.1 NAME 'kr > bDefaultEncSaltTypes' EQUALITY > caseIgnoreMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15) > olcAttributeTypes: {31}( 2.16.840.1.113719.1.301.4.43.1 > NAME 'kr bSupportedEncSaltTypes' EQUALITY > caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) > olcAttributeTypes: {32}( 2.16.840.1.113719.1.301.4.44.1 > NAME 'kr bPwdHistory' EQUALITY > octetStringMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.40) > olcAttributeTypes: {33}( 2.16.840.1.113719.1.301.4.45.1 > NAME 'kr bLastPwdChange' EQUALITY > generalizedTimeMatch SYN TAX > 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) > olcAttributeTypes: {34}( 2.16.840.1.113719.1.301.4.46.1 > NAME 'kr bMKey' EQUALITY octetStringMatch > SYNTAX 1.3.6.1.4 .1.1466.115.121.1.40) olcAttributeTypes: {35}( > 2.16.840.1.113719.1.301.4.47.1 NAME 'kr > bPrincipalAliases' EQUALITY > caseExactIA5Match SYN TAX > 1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {36}( > 2.16.840.1.113719.1.301.4.48.1 NAME 'kr > bLastSuccessfulAuth' EQUALITY > generalizedTimeMatch SYNTAX > 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) > olcAttributeTypes: {37}( 2.16.840.1.113719.1.301.4.49.1 > NAME 'kr bLastFailedAuth' EQUALITY > generalizedTimeMatch SY NTAX > 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) > olcAttributeTypes: {38}( 2.16.840.1.113719.1.301.4.50.1 > NAME 'kr bLo > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <cn={5}kerberos> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn={5}kerberos>, <cn={5}kerberos> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={5}kerberos) -> > 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={6}uidnext.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: > cn={6}uidnext objectClass: olcSchemaConfig cn: {6}uidnext > olcObjectClasses: {0}( 1.1.2.2.1.30 NAME 'uidnext' SUP top > STRUCTURAL MUST ( cn $ uidNumber )) structuralObjectClass: > olcSchemaConfig entryUUID: 189d1db6-8adf-102f-87a7-a13f60af0032 > creatorsName: cn=config createTimestamp: 20101122235057Z entryCSN: > 20101122235057.569075Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101122235057Z " > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <cn={6}uidnext> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn={6}uidnext>, <cn={6}uidnext> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= str2entry(cn={6}uidnext) -> > 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: > olcDatabase={-1}frontend objectClass: olcDatabaseConfig olcDatabase: > {-1}frontend olcAccess: {0}to dn.base="" by * read olcAccess: {1}to > dn.base="cn=Subschema" by * read structuralObjectClass: > olcDatabaseConfig entryUUID: 1a06c66c-8ade-102f-8d08-5da984889200 > creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: > 20101122234350.442520Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101122234350Z " > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <olcDatabase={-1}frontend> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <olcDatabase={-1}frontend>, <olcDatabase={-1}frontend> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= > str2entry(olcDatabase={-1}frontend) -> 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema> > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: > olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: > {0}config olcAccess: {0}to * by > dn.base="uid=syncrepl,ou=system,dc=ls,dc=cbn" read by * break > olcLimits: {0}dn.exact="uid=syncrepl,ou=system,dc=ls,dc=cbn" > size.soft=unlimit ed olcRootDN: cn=config olcRootPW:: > e1NTSEF9K3hqNDB5T2U1ZGtyTU45aWVrMGhpSlFMMFVGUlFVNWFXZz09 olcSecurity: > simple_bind=128 ssf=71 olcSyncrepl: {0}rid=1 > provider="ldap://mgaauth1.ni.ls.cbn/" searchbase="cn=con fig" > type="refreshAndPersist" retry="120 +" starttls=critical > tls_reqcert=dem and bindmethod="simple" > binddn="uid=syncrepl,ou=system,dc=ls,dc=cbn" credenti > als="I9BpLVmLdOaL" olcUpdateRef: ldap://mgaauth1.ni.ls.cbn/ > structuralObjectClass: olcDatabaseConfig entryUUID: > 1a06cd10-8ade-102f-8d09-5da984889200 creatorsName: cn=config > createTimestamp: 20101122234350Z entryCSN: > 20101122234350.442690Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101122234350Z " > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <olcDatabase={0}config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <olcDatabase={0}config>, <olcDatabase={0}config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= > str2entry(olcDatabase={0}config) -> 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn=config>, <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn=config>, <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: > "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: > olcOverlay={0}syncprov objectClass: olcSyncProvConfig olcOverlay: > {0}syncprov olcSpCheckpoint: 100 10 structuralObjectClass: > olcSyncProvConfig entryUUID: 1a06d9fe-8ade-102f-8d0a-5da984889200 > creatorsName: cn=config createTimestamp: 20101122234350Z entryCSN: > 20101122234350.443021Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101122234350Z " > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <olcOverlay={0}syncprov> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <olcOverlay={0}syncprov>, <olcOverlay={0}syncprov> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= > str2entry(olcOverlay={0}syncprov) -> 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: ldif_read_file: read entry > file: "/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif" > Nov 22 18:22:53 mgaauth1 slapd[12638]: => str2entry: "dn: > olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: > olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap > olcSuffix: dc=ls,dc=cbn olcAccess: {0}to attrs=userPassword by self > write by * auth olcAccess: {1}to attrs=shadowLastChange by self write > by * read olcAccess: {2}to attrs=userPKCS12 by self read by * none > olcAccess: {3}to * by * read olcRootDN: cn=admin,dc=ls,dc=cbn > olcRootPW:: e1NTSEF9TkJSVVEyR0FGMlNQN1dsbFh3eS9GK2t5MFBST1UxaEpWQT09 > olcUpdateRef: ldap://anubis.ls.cbn/ olcDbCacheSize: 10000 > olcDbCheckpoint: 1024 5 olcDbConfig: {0}set_cachesize 0 15000000 1 > olcDbConfig: {1}set_lg_regionmax 262144 olcDbConfig: {2}set_lg_bsize > 2097152 olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE olcDbIDLcacheSize: > 30000 olcDbIndex: objectclass eq olcDbIndex: uidNumber eq olcDbIndex: > gidNumber eq olcDbIndex: member eq olcDbIndex: memberUid eq > olcDbIndex: mail eq olcDbIndex: cn eq,sub olcDbIndex: displayName > eq,sub olcDbIndex: uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: > givenName eq,sub olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq > structuralObjectClass: olcHdbConfig entryUUID: > 65b86196-8adf-102f-87a8-a13f60af0032 creatorsName: cn=config > createTimestamp: 20101122235306Z olcSyncrepl: {0}rid=2 > provider="ldap://anubis.ls.cbn/" searchbase="dc=ls,dc=cb n" > type="refreshOnly" retry="120 +" interval="00:00:01:00" > starttls=critical tls_reqcert=demand bindmethod="simple" > binddn="uid=syncrepl,ou=system,dc=ls,d c=cbn" > credentials="lieguYwHee" entryCSN: > 20101123001649.251496Z#000000#000#000000 modifiersName: cn=config > modifyTimestamp: 20101123001649Z " > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <olcDatabase={1}hdb> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <olcDatabase={1}hdb>, <olcDatabase={1}hdb> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: > <cn=admin,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: > <cn=admin,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=config> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <= > str2entry(olcDatabase={1}hdb) -> 0x7ff49ab19758 > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <dc=ls,dc=cbn>, <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <cn=admin,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: hdb_db_init: Initializing HDB > database > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <dc=ls,dc=cbn>, <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnPrettyNormal: > <cn=admin,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnPrettyNormal: > <cn=admin,dc=ls,dc=cbn>, <cn=admin,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: > <uid=syncrepl,ou=system,dc=ls,dc=cbn> > Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: conn=-1 op=0 p=0 > Nov 22 18:22:53 mgaauth1 slapd[12638]: send_ldap_result: err=0 > matched="" text="" > Nov 22 18:22:53 mgaauth1 slapd[12638]: >>> dnNormalize: <cn=Subschema> > Nov 22 18:22:53 mgaauth1 slapd[12638]: <<< dnNormalize: <cn=subschema> > Nov 22 18:22:53 mgaauth1 slapd[12638]: matching_rule_use_init > Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.804 > (integerBitOrMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( > 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( > supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ > olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ > olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ > olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ > olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ > olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ > olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ > olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey > $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ > olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries > $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog > $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ > shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ > ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ > suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ > suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ > krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ > krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ > krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ > krbPwdFailureCountInterval $ krbPwdLockoutDuration $ > krbLoginFailedCount ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.840.113556.1.4.803 > (integerBitAndMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( > 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( > supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ > olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ > olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ > olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ > olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ > olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ > olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ > olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey > $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ > olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries > $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog > $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ > shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ > ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ > suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ > suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ > krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ > krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ > krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ > krbPwdFailureCountInterval $ krbPwdLockoutDuration $ > krbLoginFailedCount ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.2 > (caseIgnoreIA5Match): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( > 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( > altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ > aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ > janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ > memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ > bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName > $ automountKey $ automountInformation $ suseNamingAttribute $ > susePasswordHash $ suseSkelDir $ krbPrincipalName $ krbCanonicalName $ > krbHostServer $ krbPrincipalAliases $ krbAllowedToDelegateTo ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.3.6.1.4.1.1466.109.114.1 > (caseExactIA5Match): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( > 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( > altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ > aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ > janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ > memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ > bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName > $ automountKey $ automountInformation $ suseNamingAttribute $ > susePasswordHash $ suseSkelDir $ krbPrincipalName $ krbCanonicalName $ > krbHostServer $ krbPrincipalAliases $ krbAllowedToDelegateTo ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.39 > (certificateListMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.38 > (certificateListExactMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.38 > NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ > certificateRevocationList $ deltaRevocationList ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.35 (certificateMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.34 > (certificateExactMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.34 > NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate > ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.30 > (objectIdentifierFirstComponentMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.30 > NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl > $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ > supportedApplicationContext ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.29 > (integerFirstComponentMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.29 > NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ > entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending > $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ > olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep > $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ > olcReplicationInterval $ olcSockbufMaxIncoming $ > olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ > olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ > olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ > olcChainMaxReferralDepth $ olcDbProtocolVersion $ > olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries > $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog > $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ > shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ > ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ > suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ > suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ > krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ > krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ > krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ > krbPwdFailureCountInterval $ krbPwdLockoutDuration $ > krbLoginFailedCount ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.27 > (generalizedTimeMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.27 > NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ > modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $ > pwdFailureTime $ pwdGraceUseTime $ krbPrincipalExpiration $ > krbPasswordExpiration $ krbLastPwdChange $ krbLastSuccessfulAuth $ > krbLastFailedAuth ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.24 > (protocolInformationMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.24 > NAME 'protocolInformationMatch' APPLIES protocolInformation ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.23 (uniqueMemberMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.23 > NAME 'uniqueMemberMatch' APPLIES uniqueMember ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.22 > (presentationAddressMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.22 > NAME 'presentationAddressMatch' APPLIES presentationAddress ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.20 > (telephoneNumberMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.20 > NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ > mobile $ pager ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.17 (octetStringMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.17 > NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey $ > pwdHistory $ nisPublicKey $ nisSecretKey $ krbPrincipalKey $ > krbPwdHistory $ krbMKey $ krbExtraData ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.16 (bitStringMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.16 > NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.14 (integerMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.14 > NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ > uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ > olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ > olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep > $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ > olcReplicationInterval $ olcSockbufMaxIncoming $ > olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ > olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ > olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ > olcChainMaxReferralDepth $ olcDbProtocolVersion $ > olcDbConnectionPoolMax $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries > $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSpSessionlog > $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ > shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ > ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ > suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ > suseMaxPasswordLength $ suseImapDefaultQuota $ krbPrincipalType $ > krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge $ > krbSearchScope $ krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ > krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ > krbPwdFailureCountInterval $ krbPwdLockoutDuration $ > krbLoginFailedCount ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.13 (booleanMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.13 > NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ > olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring > $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum > $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ > olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ > olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ > olcDbNoRefs $ olcDbNoUndefFilter $ olcAccessLogSuccess $ olcDDSstate $ > olcMemberOfRefInt $ pwdReset $ olcPPolicyHashCleartext $ > olcPPolicyForwardUpdates $ olcPPolicyUseLockout $ olcPcachePersist $ > olcPcacheValidate $ olcPcacheOffline $ olcRetcodeInDir $ > olcRwmNormalizeMapped $ olcRwmDropUnrequested $ olcSpNoPresent $ > olcSpReloadHint $ olcTranslucentStrict $ olcTranslucentNoGlue $ > olcTranslucentBindLocal $ olcTranslucentPwModLocal $ olcUniqueStrict $ > suseImapUseSsl $ krbUPEnabled ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.11 > (caseIgnoreListMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.11 > NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress > $ homePostalAddress ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.8 (numericStringMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.8 > NAME 'numericStringMatch' APPLIES ( x121Address $ > internationaliSDNNumber ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.7 > (caseExactSubstringsMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.7 > NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ > destinationIndicator $ dnQualifier ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.6 > (caseExactOrderingMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.6 > NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ > destinationIndicator $ dnQualifier ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.5 (caseExactMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.5 > NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ > vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ > olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ > olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ > olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ > olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ > olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ > olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ > olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin > $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ > olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ > olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm > $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ > olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ > olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ > olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ > olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ > olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory > $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ > olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ > olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ > olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ > olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ > olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps > $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ > olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ > olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ > olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ > olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ > olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ > olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ > olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport > $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ > olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ > olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ > serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory > $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ > destinationIndicator $ givenName $ initials $ generationQualifier $ > dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ > textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ > documentIdentifier $ documentTitle $ documentVersion $ > documentLocation $ personalTitle $ co $ uniqueIdentifier $ > organizationalStatus $ buildingName $ documentPublisher $ carLicense $ > departmentNumber $ displayName $ employeeNumber $ employeeType $ > preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber > $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ > suseMapAttribute $ suseImapServer $ suseImapAdmin $ krbLdapServers $ > krbPrincNamingAttr $ krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes > ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.4 > (caseIgnoreSubstringsMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.4 > NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ > destinationIndicator $ dnQualifier ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.3 > (caseIgnoreOrderingMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.3 > NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ > destinationIndicator $ dnQualifier ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.2 (caseIgnoreMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.2 > NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName > $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ > olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ > olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ > olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ > olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ > olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ > olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ > olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin > $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ > olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ > olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm > $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ > olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ > olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ > olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ > olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ > olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory > $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ > olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ > olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ > olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ > olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ > olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcAccessLogOps > $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ > olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ > olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ > olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ > olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ > olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ > olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ > olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport > $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ > olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ > olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ > serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory > $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ > destinationIndicator $ givenName $ initials $ generationQualifier $ > dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ > textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ > documentIdentifier $ documentTitle $ documentVersion $ > documentLocation $ personalTitle $ co $ uniqueIdentifier $ > organizationalStatus $ buildingName $ documentPublisher $ carLicense $ > departmentNumber $ displayName $ employeeNumber $ employeeType $ > preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber > $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ > suseMapAttribute $ suseImapServer $ suseImapAdmin $ krbLdapServers $ > krbPrincNamingAttr $ krbDefaultEncSaltTypes $ krbSupportedEncSaltTypes > ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 1.2.36.79672281.1.13.3 > (rdnMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.1 > (distinguishedNameMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.1 > NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ > subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ > dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ > olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ > olcDbIDAssertAuthcDn $ olcRelay $ olcAccessLogDB $ memberOf $ > olcMemberOfDN $ pwdPolicySubentry $ olcPPolicyDefault $ > olcRefintNothing $ olcRefintModifiersName $ olcRetcodeParent $ > olcUniqueBase $ member $ owner $ roleOccupant $ manager $ > documentAuthor $ secretary $ associatedName $ dITRedirect $ > suseDefaultBase $ suseDefaultTemplate $ suseSecondaryGroup $ > krbRealmReferences $ krbKdcServers $ krbPwdServers $ > krbPrincipalReferences $ krbAdmServers $ krbPwdPolicyReference $ > krbTicketPolicyReference $ krbSubTrees $ krbObjectReferences $ > krbPrincContainerRef ) ) > Nov 22 18:22:53 mgaauth1 slapd[12638]: 2.5.13.0 > (objectIdentifierMatch): > Nov 22 18:22:53 mgaauth1 slapd[12638]: matchingRuleUse: ( 2.5.13.0 > NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ > supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) > Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd startup: initiated. > Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting > "cn=config" > Nov 22 18:22:53 mgaauth1 slapd[12651]: config_back_db_open > Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: conn=-1 op=0 p=0 > Nov 22 18:22:53 mgaauth1 slapd[12651]: send_ldap_result: err=0 > matched="" text="" > Nov 22 18:22:53 mgaauth1 slapd[12651]: backend_startup_one: starting > "dc=ls,dc=cbn" > Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: "dc=ls,dc=cbn" > Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_db_open: database > "dc=ls,dc=cbn": dbenv_open(/var/lib/ldap). > Nov 22 18:22:53 mgaauth1 slapd[12651]: hdb_monitor_db_open: monitoring > disabled; configure monitor database to enable > Nov 22 18:22:53 mgaauth1 slapd[12651]: slapd starting > Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrepl rid=002 > Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: ndn: > "dc=ls,dc=cbn" > Nov 22 18:22:53 mgaauth1 slapd[12651]: => bdb_entry_get: oc: "(null)", > at: "contextCSN" > Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_dn2entry("dc=ls,dc=cbn") > Nov 22 18:22:53 mgaauth1 slapd[12651]: => hdb_dn2id("dc=ls,dc=cbn") > Nov 22 18:22:53 mgaauth1 slapd[12651]: <= hdb_dn2id: got id=0x1 > Nov 22 18:22:53 mgaauth1 slapd[12651]: entry_decode: "" > Nov 22 18:22:53 mgaauth1 slapd[12651]: <= entry_decode() > Nov 22 18:22:53 mgaauth1 slapd[12651]: bdb_entry_get: rc=0 > Nov 22 18:22:53 mgaauth1 slapd[12651]: =>do_syncrep2 rid=002 > Nov 22 18:22:53 mgaauth1 slapd[12651]: do_syncrep2: rid=002 > LDAP_RES_SEARCH_RESULT > Nov 22 18:22:54 mgaauth1 slapd[12651]: slap_listener_activate(7): > Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> slap_listener(ldap://) > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 ACCEPT from > IP=127.0.0.1:33205 (IP=0.0.0.0:389) > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got > connid=1000 > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking > for input on id=1000 > Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x60, time 1290471774 > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 do_bind > Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <> > Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <> > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 BIND dn="" > method=128 > Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: version=3 dn="" > method=128 > Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 > op=0 p=3 > Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0 > matched="" text="" > Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=1 > tag=97 err=0 > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=0 RESULT tag=97 > err=0 text= > Nov 22 18:22:54 mgaauth1 slapd[12651]: do_bind: v3 anonymous bind > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got > connid=1000 > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking > for input on id=1000 > Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x63, time 1290471774 > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 do_search > Nov 22 18:22:54 mgaauth1 slapd[12651]: >>> dnPrettyNormal: <> > Nov 22 18:22:54 mgaauth1 slapd[12651]: <<< dnPrettyNormal: <>, <> > Nov 22 18:22:54 mgaauth1 slapd[12651]: SRCH "" 0 0 > Nov 22 18:22:54 mgaauth1 slapd[12651]: 0 0 0 > Nov 22 18:22:54 mgaauth1 slapd[12651]: filter: (objectClass=*) > Nov 22 18:22:54 mgaauth1 slapd[12651]: attrs: > Nov 22 18:22:54 mgaauth1 slapd[12651]: > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SRCH base="" > scope=0 deref=0 filter="(objectClass=*)" > Nov 22 18:22:54 mgaauth1 slapd[12651]: => send_search_entry: conn 1000 > dn="" > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 ENTRY dn="" > Nov 22 18:22:54 mgaauth1 slapd[12651]: <= send_search_entry: conn 1000 > exit. > Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: conn=1000 > op=1 p=3 > Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_result: err=0 > matched="" text="" > Nov 22 18:22:54 mgaauth1 slapd[12651]: send_ldap_response: msgid=2 > tag=101 err=0 > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=1 SEARCH RESULT > tag=101 err=0 nentries=1 text= > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13) > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_get(13): got > connid=1000 > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_read(13): checking > for input on id=1000 > Nov 22 18:22:54 mgaauth1 slapd[12651]: op tag 0x42, time 1290471774 > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 do_unbind > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 op=2 UNBIND > Nov 22 18:22:54 mgaauth1 slapd[12651]: connection_close: conn=1000 sd=13 > Nov 22 18:22:54 mgaauth1 slapd[12651]: conn=1000 fd=13 closed > > > Any idea what could be going on? > > Thanks, > > I have fixed this problem. There was a problem with the DB_CONFIG file. -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752

14 years

Re: Re: CSN too old, ignoring - and therefore not syncing

by Adrien Futschik

You're right I might have forgotten the most essential :) You'll find in attachment the script I'm using to set up the replication (modified version of test050-syncrepl-multimaster). Here is the config : initialization of m1 : dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: ${PASSWD} initialization of m2 : dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: ${PASSWD} syncprov overlay on m1 : dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 - add: olcMirrorMode olcMirrorMode: TRUE syncrepl on m2: dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 - add: olcMirrorMode olcMirrorMode: TRUE schema on m1: include: file://$ABS_SCHEMADIR/core.ldif include: file://$ABS_SCHEMADIR/cosine.ldif include: file://$ABS_SCHEMADIR/inetorgperson.ldif include: file://$ABS_SCHEMADIR/openldap.ldif include: file://$ABS_SCHEMADIR/nis.ldif include: file://$ABS_SCHEMADIR/corba.ldif include: file://$ABS_SCHEMADIR/java.ldif include: file://$ABS_SCHEMADIR/misc.ldif include: file://$ABS_SCHEMADIR/nds.ldif include: file://$ABS_SCHEMADIR/dit.ldif database en m1: dn: olcDatabase={1}$BACKEND,cn=config objectClass: olcDatabaseConfig objectClass: olc${BACKEND}Config olcDatabase: {1}$BACKEND olcSuffix: $BASEDN olcDbDirectory: ./openldap-data olcRootDN: $MANAGERDN olcRootPW: ${PASSWD} olcDbIndex: default pres,eq olcDbIndex: cn,sn pres,eq,sub olcDbIndex: objectClass,seeAlso,entryUUID eq olcDbIndex: mail,givenName,uid pres,eq,sub olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple credentials=secret searchbase="$BASEDN" type=refreshOnly interval=$INTERVAL retry="5 5 300 5" timeout=3 olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple credentials=secret searchbase="$BASEDN" type=refreshOnly interval=$INTERVAL retry="5 5 300 5" timeout=3 olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov After that I populate m1 with attached arbre.ldif. Thanks in advance. Adrien ======================================== Message date : Dec 24 2008, 03:23 PM From : "Gavin Henry" <gavin.henry(a)gmail.com> To : adrien.futschik(a)atosorigin.com, openldap-technical(a)openldap.org Copy to : Subject : Re: CSN too old, ignoring - and therefore not syncing Config? On 24/12/2008, Adrien Futschik <adrien.futschik(a)atosorigin.com> wrote: > I'm facing a similar problem. > I'm testing N-way multimaster replication with OpenLDAP 2.4.13. > > I'm able to successfully import data into an instance and have my two > masters to sync correctly but then when I try to add a new entry in one of > the two masters, I'm getting strange messages : > > let's say we have m1 & m2 (m1 & m2 are on the same server): > I initial import data into m1, it is successfully imported into m2 (at least > it looks like it). > Then I'm trying to add an entry on m2 > (cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr). I'm > getting strange message on m1 & m2 : > > m1 log :(repetitively) > [...] > Entry ou=administrateurs,o=gazdefrance,c=fr CSN > 20081224125950.481561Z#000000#001#000000 older or equal to ctx > 20081224125950.481561Z#000000#001#000000 > Entry cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > changed by peer, ignored > syncprov_search_response: > cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 > do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT > [...] > > > m2 log : (repetitively) > [...] > master where I added an entry : > do_syncrep2: rid=004 LDAP_RES_INTERMEDIATE - SYNC_ID_SET > do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT > do_syncrep2: > cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 > [...] > > Is this a bug ? Am-I doing something wrong ? > > If I add the same entry to m1 and not m2 I get the following messages : > > on m2 : > syncrepl_entry: rid=004 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) > syncrepl_entry: rid=004 be_search (0) > syncrepl_entry: rid=004 > cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > <= bdb_equality_candidates: (entryCSN) not indexed > <= bdb_inequality_candidates: (entryCSN) not indexed > <= bdb_inequality_candidates: (entryCSN) not indexed > syncprov_search_response: > cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 > syncrepl_entry: rid=004 be_add (0) > do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT > do_syncrep2: > cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 > <= bdb_inequality_candidates: (entryCSN) not indexed > nonpresent_callback: rid=004 present UUID > 96268508-6609-102d-9d8e-9742e72db399, dn c=fr > nonpresent_callback: rid=004 present UUID > 962af700-6609-102d-9d8f-9742e72db399, dn o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962bd698-6609-102d-9d90-9742e72db399, dn ou=personnes,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962c00b4-6609-102d-9d91-9742e72db399, dn ou=appli,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962c2634-6609-102d-9d92-9742e72db399, dn ou=groupes,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962ca492-6609-102d-9d93-9742e72db399, dn ou=administrateurs,o=edfgdf,c=fr > nonpresent_callback: rid=004 present UUID > 962cce90-6609-102d-9d94-9742e72db399, dn o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962d7138-6609-102d-9d95-9742e72db399, dn ou=personnes,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962d96f4-6609-102d-9d96-9742e72db399, dn ou=appli,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962deafa-6609-102d-9d97-9742e72db399, dn ou=groupes,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962ef026-6609-102d-9d98-9742e72db399, dn ou=administrateurs,o=edf,c=fr > nonpresent_callback: rid=004 present UUID > 962f156a-6609-102d-9d99-9742e72db399, dn o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 962fca8c-6609-102d-9d9a-9742e72db399, dn ou=personnes,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 962fef76-6609-102d-9d9b-9742e72db399, dn ou=appli,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 9630106e-6609-102d-9d9c-9742e72db399, dn ou=groupes,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > 9630bfa0-6609-102d-9d9d-9742e72db399, dn > ou=administrateurs,o=gazdefrance,c=fr > nonpresent_callback: rid=004 present UUID > ae0e93d6-6609-102d-9d9e-9742e72db399, dn > cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > slap_queue_csn: queing 0x843fef0 20081224132238.790862Z#000000#001#000000 > slap_graduate_commit_csn: removing 0x83d6410 > 20081224132238.790862Z#000000#001#000000 > > on m1 : > slap_queue_csn: queing 0x1df3860 20081224132238.790862Z#000000#001#000000 > slap_graduate_commit_csn: removing 0x9703700 > 20081224132238.790862Z#000000#001#000000 > <= bdb_equality_candidates: (entryCSN) not indexed > <= bdb_inequality_candidates: (entryCSN) not indexed > Entry ou=administrateurs,o=gazdefrance,c=fr CSN > 20081224132158.749532Z#000000#001#000000 older or equal to ctx > 20081224132158.749532Z#000000#001#000000 > syncprov_search_response: > cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 > do_syncrep2: rid=005 LDAP_RES_INTERMEDIATE - SYNC_ID_SET > do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT > do_syncrep2: > cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 > > Here is the entry I'm adding : > > dn: cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf, c=fr > objectclass: top > objectclass: person > objectclass: organizationalPerson > objectclass: inetorgPerson > objectclass: ditPerson > cn: adrien-externe.futschik(a)edfgdf.fr > sn: Futschik > givenName: Adrien > uid: adrien-externe.futschik(a)edfgdf.fr > mail: adrien-externe.futschik(a)edfgdf.fr > telephonenumber: 0123456789 > userpassword: {SSHA}GuU6CMRoOxp9EA1ANafzuRUXADKlBA0r > allowedServices: appli20 > > pretty simple isn't it ? What's going wrong ? > > Adrien > > ======================================== > Message date : Dec 23 2008, 07:39 PM > From : "Gavin Henry" <gavin.henry(a)gmail.com> > To : openldap-technical(a)openldap.org > Copy to : > Subject : Fwd: CSN too old, ignoring - and therefore not syncing > > ---------- Forwarded message ---------- > From: Pat Riehecky <prieheck(a)iwu.edu> > Date: Tue, 23 Dec 2008 12:34:33 -0600 > Subject: Re: CSN too old, ignoring - and therefore not syncing > To: Gavin Henry <gavin.henry(a)gmail.com> > > On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: > > Where did you read that those were needed anyway? If it was the admin > > guide then I need to fix it ;-) > > > > Gavin. > > I have no idea where I found those at... I know it wasn't the (recent) > admin guide. It may have been from around the 2.4.8 release, but that > is long gone... > > Pat > > > > > On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: > > >> Try dropping nopresent and reloadhint relating to ITS5669. You only > > >> need these two syncprov settings on an accesslog db. > > >> > > >> Gavin. > > > > > > Thanks, that did the job! > > > > > > Pat > > > > > >> > > >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: > > >> >> Can you post your config somewhere? > > >> > > > >> > > > >> > allow bind_v2 > > >> > > > >> > include /etc/ldap/schema/core.schema > > >> > include /etc/ldap/schema/cosine.schema > > >> > include /etc/ldap/schema/nis.schema > > >> > include /etc/ldap/schema/inetorgperson.schema > > >> > include /etc/ldap/schema/samba.schema > > >> > include /etc/ldap/schema/eduperson-200412.schema > > >> > include /etc/ldap/schema/hdb.schema > > >> > include /etc/ldap/schema/IWU.schema > > >> > > > >> > pidfile /var/run/slapd/slapd.pid > > >> > argsfile /var/run/slapd/slapd.args > > >> > > > >> > modulepath /usr/lib/ldap > > >> > moduleload back_hdb > > >> > moduleload back_monitor > > >> > moduleload memberof > > >> > moduleload syncprov > > >> > moduleload smbk5pwd > > >> > > > >> > tool-threads 2 > > >> > sizelimit 500 > > >> > idletimeout 7200 > > >> > > > >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt > > >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt > > >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key > > >> > TLSVerifyClient allow > > >> > > > >> > localSSF 160 > > >> > security ssf=1 update_ssf=128 simple_bind=112 > > >> > sasl-secprops noanonymous > > >> > > > >> > access to dn.base="" by * read > > >> > access to dn.base="cn=Subschema" by * read > > >> > > > >> > backend hdb > > >> > database hdb > > >> > > > >> > overlay memberof > > >> > overlay smbk5pwd > > >> > overlay syncprov > > >> > > > >> > smbk5pwd-enable samba > > >> > smbk5pwd-enable krb5 > > >> > smbk5pwd-must-change 0 > > >> > > > >> > syncprov-checkpoint 100 10 > > >> > syncprov-sessionlog 200 > > >> > syncprov-nopresent TRUE > > >> > syncprov-reloadhint TRUE > > >> > > > >> > suffix "dc=iwu,dc=edu" > > >> > > > >> > rootdn "cn=admin,dc=iwu,dc=edu" > > >> > rootpw {redacted} > > >> > > > >> > authz-regexp "uidNumber=0\\\ > > >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" > > >> > "cn=ldapi,dc=iwu,dc=edu" > > >> > authz-regexp "gidNumber=.*\\\ > > >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" > > >> > "cn=ldapi,dc=iwu,dc=edu" > > >> > > > >> > authz-regexp "uid=(.+),cn=.+,cn=auth" > "uid=$1,ou=People,dc=iwu,dc=edu" > > >> > > > >> > directory "/var/lib/ldap/" > > >> > > > >> > dbconfig set_cachesize 0 62914560 0 > > >> > dbconfig set_lk_max_objects 1500 > > >> > dbconfig set_lk_max_locks 1500 > > >> > dbconfig set_lk_max_lockers 1500 > > >> > > > >> > # Make sure to do a nightly slapcat > > >> > dbconfig set_flags DB_LOG_AUTOREMOVE > > >> > > > >> > index objectClass eq,pres > > >> > index default eq,sub,pres > > >> > index mail eq,sub,pres > > >> > index sn eq,sub,pres > > >> > index cn eq,sub,pres > > >> > index displayName eq,sub,pres > > >> > index gecos eq,sub,pres > > >> > index uid eq,sub,pres > > >> > index memberUid eq,sub,pres > > >> > index uidNumber eq,pres > > >> > index gidNumber eq,pres > > >> > index entryCSN eq,pres > > >> > index entryUUID eq,pres > > >> > index uniqueMember eq,pres > > >> > index userPassword eq,pres > > >> > index krb5PrincipalName eq,pres > > >> > index krb5PrincipalRealm eq,pres > > >> > index sambaDomainName eq,pres > > >> > index sambaSID eq,pres > > >> > index sambaPrimaryGroupSID eq,pres > > >> > index sambaSIDList eq,pres > > >> > > > >> > lastmod on > > >> > > > >> > checkpoint 256 15 > > >> > > > >> > password-hash {SSHA} > > >> > > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write > > >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write > > >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read > > >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key > > >> > by anonymous auth > > >> > by self write > > >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write > > >> > by users auth > > >> > by * break > > >> > > > >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none > > >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none > > >> > > > >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read > by * > > >> > none > > >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none > > >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none > > >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self > read > > >> > by * none > > >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by > self > > >> > read by * none > > >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read > by * > > >> > none > > >> > > > >> > access to > > >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by > self > > >> > read by * none > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName > > >> > by self write > > >> > by users read > > >> > by anonymous none > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber > > >> > by self read > > >> > by anonymous none > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid > > >> > by * none > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" > > >> > > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength > > >> > by self read > > >> > by anonymous none > > >> > by * break > > >> > > > >> > access to dn.sub="dc=iwu,dc=edu" by * read > > >> > > > >> > serverID 1 > > >> > > > >> > syncrepl rid=2 > > >> > provider=ldap://ldap2.iwu.edu/ > > >> > schemachecking=off > > >> > searchbase="dc=iwu,dc=edu" > > >> > scope=sub > > >> > type=refreshAndPersist > > >> > binddn="cn=mirror,dc=iwu,dc=edu" > > >> > credentials={redacted} > > >> > bindmethod=simple > > >> > starttls=yes > > >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt > > >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key > > >> > tls_cacert=/etc/ldap/ssl/IWU.crt > > >> > tls_reqcert=try > > >> > interval=00:00:00:30 > > >> > retry="15 +" > > >> > timeout=1 > > >> > timelimit=unlimited > > >> > sizelimit=unlimited > > >> > > > >> > mirrormode on > > >> > > > >> > ############################### > > >> > database monitor > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > >> > > > >> > access to dn.exact="cn=Monitor" > > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > > >> > by * none > > >> > > > >> > access to dn.subtree="cn=Monitor" > > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > > >> > by * none > > >> > > > >> > > > >> >> > > >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > >> >> > Here is the quick and dirty what I am trying to do: > > >> >> > > > >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time > > >> >> > synced > > >> >> > to pool.ntp.org and each other (if they drift I would rather they > > >> >> > sorta > > >> >> > drift together, but pool should be keeping that in check). > > >> >> > > > >> >> > Right now I am just beating them up to see how 2.4.13 performs. > (So > > >> >> > far > > >> >> > VERY well, minus this little problem) > > >> >> > > > >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm > > >> >> > starting small). Debug gives me > > >> >> > > > >> >> > ber_scanf fmt (m}) ber: > > >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 > > >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 > > >> >> > 30 .<rid=001,sid=00 > > >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 > > >> >> > 2,csn=2008122217 > > >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 > > >> >> > 4721.855904Z#000 > > >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 > > >> >> > 000#001#000000 > > >> >> > do_syncrep2: > > >> >> > > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 > > >> >> > do_syncrep2: rid=001 CSN too old, ignoring > > >> >> > 20081222174721.855904Z#000000#001#000000 > > >> >> > ldap_msgfree > > >> >> > > > >> >> > I am not exactly sure how it gotten to be "too old." The ldif I > am > > >> >> > importing is not the result of a slapcat or anything that would > > >> >> > preserve > > >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am > > >> >> > loading > > >> >> > one single file with ldapadd which, in my understanding, sets up > the > > >> >> > CSN > > >> >> > and wouldn't let me import one anyway. > > >> >> > > > >> >> > Each server has no entries until I load the one, so there > shouldn't > > >> >> > be > > >> >> > any weird stale CSNs causing this. They are "sync'ed" almost > > >> >> > instantly > > >> >> > after the one system is loaded - I just don't have everything. > > >> >> > > > >> >> > After a sync: > > >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 > > >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 > > >> >> > > > >> >> > Right now I can get them in sync with a slapcat/slapadd, but when > the > > >> >> > go > > >> >> > into production I wont be able to say for certain which one is > > >> >> > authoritative. That is the purpose of multi-master.... > > >> >> > > > >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux > 32 > > >> >> > bit > > >> >> > > > >> >> > Any ideas as to what I can do to stop this from happening? > > >> >> > > > >> >> > Pat > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > >> > > > >> > > > >> > > > > > > > > > > > -- > Sent from my mobile device > > http://www.suretecsystems.com/services/openldap/ > > > > > Adrien Futschik > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ Adrien Futschik

15 years, 11 months

Re: TLS handshake failure

by Rich Megginson

On 08/09/2011 01:31 PM, Daniel Qian wrote: > On 11-08-09 2:45 PM, Rich Megginson wrote: >> On 08/09/2011 12:43 PM, Daniel Qian wrote: >>> On 11-08-09 2:12 PM, Rich Megginson wrote: >>>> On 08/09/2011 11:59 AM, Daniel Qian wrote: >>>>> On 11-08-09 12:55 PM, Rich Megginson wrote: >>>>>> On 08/09/2011 10:15 AM, Daniel Qian wrote: >>>>>>> On 11-08-09 11:21 AM, Rich Megginson wrote: >>>>>>>> On 08/09/2011 09:07 AM, Daniel Qian wrote: >>>>>>>>> On 11-08-09 10:49 AM, Rich Megginson wrote: >>>>>>>>>> On 08/09/2011 08:33 AM, Daniel Qian wrote: >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> I have slapd 2.4.24 and everything works without TLS. but if >>>>>>>>>>> I add a -Z option to the ldapsearch command I get this: >>>>>>>>>>> >>>>>>>>>>> [root@ldaprov1 cacerts]# ldapsearch -x -LLL -b cn=config -D >>>>>>>>>>> cn=admin,cn=config -wxxxxxxx -Z -H ldap://ldaprov1.prod >>>>>>>>>>> cn=config >>>>>>>>>>> ldap_start_tls: Connect error (-11) >>>>>>>>>>> ldap_result: Can't contact LDAP server (-1) >>>>>>>>>>> >>>>>>>>>>> slapd.log shows something like this : connection_read(16): >>>>>>>>>>> TLS accept failure error=-1 id=1006, closing >>>>>>>>>>> >>>>>>>>>>> Output from openssl debug: >>>>>>>>>>> >>>>>>>>>>> [root@ldaprov1 cacerts]# openssl s_client -connect >>>>>>>>>>> hostname:389 -showcerts -state -CAfile cacert.pem >>>>>>>>>>> CONNECTED(00000003) >>>>>>>>>>> SSL_connect:before/connect initialization >>>>>>>>>>> SSL_connect:SSLv2/v3 write client hello A >>>>>>>>>>> 140225133647680:error:140790E5:SSL routines:SSL23_WRITE:ssl >>>>>>>>>>> handshake failure:s23_lib.c:177: >>>>>>>>>>> --- >>>>>>>>>>> no peer certificate available >>>>>>>>>>> --- >>>>>>>>>>> No client certificate CA names sent >>>>>>>>>>> --- >>>>>>>>>>> SSL handshake has read 0 bytes and written 113 bytes >>>>>>>>>>> --- >>>>>>>>>>> New, (NONE), Cipher is (NONE) >>>>>>>>>>> Secure Renegotiation IS NOT supported >>>>>>>>>>> Compression: NONE >>>>>>>>>>> Expansion: NONE >>>>>>>>>>> --- >>>>>>>>>>> >>>>>>>>>>> The configurations are as follow (same command as above but >>>>>>>>>>> without the -Z option): >>>>>>>>>>> >>>>>>>>>>> [root@ldaprov1 cacerts]# ldapsearch -x -LLL -b cn=config -D >>>>>>>>>>> cn=admin,cn=config -wxxxxxx -H ldap://hostname cn=config >>>>>>>>>>> dn: cn=config >>>>>>>>>>> objectClass: olcGlobal >>>>>>>>>>> cn: config >>>>>>>>>>> olcConfigFile: /etc/openldap/slapd.conf >>>>>>>>>>> olcConfigDir: /etc/openldap/slapd.d >>>>>>>>>>> olcAllows: bind_v2 >>>>>>>>>>> olcArgsFile: /var/run/openldap/slapd.args >>>>>>>>>>> olcAttributeOptions: lang- >>>>>>>>>>> olcAuthzPolicy: none >>>>>>>>>>> olcConcurrency: 0 >>>>>>>>>>> olcConnMaxPending: 100 >>>>>>>>>>> olcConnMaxPendingAuth: 1000 >>>>>>>>>>> olcGentleHUP: FALSE >>>>>>>>>>> olcIdleTimeout: 0 >>>>>>>>>>> olcIndexSubstrIfMaxLen: 4 >>>>>>>>>>> olcIndexSubstrIfMinLen: 2 >>>>>>>>>>> olcIndexSubstrAnyLen: 4 >>>>>>>>>>> olcIndexSubstrAnyStep: 2 >>>>>>>>>>> olcIndexIntLen: 4 >>>>>>>>>>> olcLocalSSF: 71 >>>>>>>>>>> olcLogLevel: 9 >>>>>>>>>>> olcPidFile: /var/run/openldap/slapd.pid >>>>>>>>>>> olcReadOnly: FALSE >>>>>>>>>>> olcReverseLookup: FALSE >>>>>>>>>>> olcSaslSecProps: noplain,noanonymous >>>>>>>>>>> olcSockbufMaxIncoming: 262143 >>>>>>>>>>> olcSockbufMaxIncomingAuth: 16777215 >>>>>>>>>>> olcThreads: 16 >>>>>>>>>>> olcTLSCACertificateFile: /etc/openldap/cacerts/cacert.pem >>>>>>>>>>> olcTLSCertificateFile: /etc/openldap/cacerts/ldaprov1.crt >>>>>>>>>>> olcTLSCertificateKeyFile: /etc/openldap/cacerts/ldaprov1.key >>>>>>>>>>> olcTLSVerifyClient: never >>>>>>>>>>> olcToolThreads: 1 >>>>>>>>>>> olcWriteTimeout: 0 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I verified the ldap user can read all the TLS files and they >>>>>>>>>>> are setup fine >>>>>>>>>>> >>>>>>>>>>> [root@ldaprov1 cacerts]# openssl verify -purpose sslserver >>>>>>>>>>> -CAfile cacert.pem ldaprov1.crt >>>>>>>>>>> ldaprov1.crt: OK >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Anyone can tell me what I am missing here? >>>>>>>>>> No, but we're missing >>>>>>>>>> 1) platform >>>>>>>>>> 2) tls implementation (openssl, moznss, gnutls) >>>>>>>>>> 3) output of ldapsearch -x -d 1 -Z ...... rest of arguments >>>>>>>>>> ..... >>>>>>>>>> >>>>>>>>> >>>>>>>>> Its Fedora 15 >>>>>>>>> >>>>>>>>> ldd /usr/sbin/slapd >>>>>>>>> linux-vdso.so.1 => (0x00007fff76fff000) >>>>>>>>> libltdl.so.7 => /usr/lib64/libltdl.so.7 >>>>>>>>> (0x00007f0f29fcd000) >>>>>>>>> libdb-4.8.so => /lib64/libdb-4.8.so (0x00007f0f29c53000) >>>>>>>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 >>>>>>>>> (0x00007f0f29a38000) >>>>>>>>> libcrypt.so.1 => /lib64/libcrypt.so.1 >>>>>>>>> (0x00007f0f29801000) >>>>>>>>> libresolv.so.2 => /lib64/libresolv.so.2 >>>>>>>>> (0x00007f0f295e6000) >>>>>>>>> libssl3.so => /usr/lib64/libssl3.so (0x00007f0f293b0000) >>>>>>>>> libsmime3.so => /usr/lib64/libsmime3.so >>>>>>>>> (0x00007f0f29183000) >>>>>>>>> libnss3.so => /usr/lib64/libnss3.so (0x00007f0f28e4b000) >>>>>>>>> libnssutil3.so => /usr/lib64/libnssutil3.so >>>>>>>>> (0x00007f0f28c2b000) >>>>>>>>> libplds4.so => /lib64/libplds4.so (0x00007f0f28a28000) >>>>>>>>> libplc4.so => /lib64/libplc4.so (0x00007f0f28824000) >>>>>>>>> libnspr4.so => /lib64/libnspr4.so (0x00007f0f285e6000) >>>>>>>>> libpthread.so.0 => /lib64/libpthread.so.0 >>>>>>>>> (0x00007f0f283cb000) >>>>>>>>> libc.so.6 => /lib64/libc.so.6 (0x00007f0f28032000) >>>>>>>>> libdl.so.2 => /lib64/libdl.so.2 (0x00007f0f27e2d000) >>>>>>>>> libfreebl3.so => /lib64/libfreebl3.so >>>>>>>>> (0x00007f0f27bcc000) >>>>>>>>> libz.so.1 => /lib64/libz.so.1 (0x00007f0f279b5000) >>>>>>>>> /lib64/ld-linux-x86-64.so.2 (0x00007f0f2a66a000) >>>>>>>>> >>>>>>>>> >>>>>>>>> the ldapsearch -d 1 option tells me a lot more: >>>>>>>>> ..... >>>>>>>>> ldap_msgfree >>>>>>>>> TLS: file ldaprov1.crt does not end in [.0] - does not appear >>>>>>>>> to be a CA certificate directory file with a properly hashed >>>>>>>>> file name - skipping. >>>>>>>>> TLS: file cacert.pem does not end in [.0] - does not appear to >>>>>>>>> be a CA certificate directory file with a properly hashed file >>>>>>>>> name - skipping. >>>>>>>>> TLS: file ldaprov1.key does not end in [.0] - does not appear >>>>>>>>> to be a CA certificate directory file with a properly hashed >>>>>>>>> file name - skipping. >>>>>>>>> ..... >>>>>>>>> >>>>>>>>> I tell slapd to look for specific files but how come it is >>>>>>>>> still checking in a directory? >>>>>>>> I don't know. What does /etc/openldap/ldap.conf say? Do you >>>>>>>> have a ~/.ldaprc or ~/ldaprc for the user "ldap"? >>>>>>> >>>>>>> So even for slapd the setting TLS_CACERTDIR in >>>>>>> /etc/openldap/ldap.conf takes precedence over >>>>>>> olcTLSCACertificateFile in cn=config? I set >>>>>>> /etc/openldap/ldap.conf for client only and did not mean it for >>>>>>> slapd. >>>>>> I don't know. Can someone confirm that this is how it works when >>>>>> using openssl or gnutls for crypto? That is, I don't think this >>>>>> problem is specific to moznss. >>>>>>> >>>>>>> Now after I removed it from /etc/openldap/ldap.conf, ldapsearch >>>>>>> -d 1 is indicating the CA certificate not valid: >>>>>>> >>>>>>> TLS: certificate [CA certificate details omitted here...] is not >>>>>>> valid - error -8172:Unknown code ___f 20. >>>>>>> error -8172:Unknown code ___f 20. >>>>>>> tls_write: want=7, written=7 >>>>>>> 0000: 15 03 01 00 02 02 30 ......0 >>>>>>> TLS: error: connect - force handshake failure: errno 21 - moznss >>>>>>> error -8172 >>>>>>> TLS: can't connect: TLS error -8172:Unknown code ___f 20. >>>>>>> ldap_err2string >>>>>>> ldap_start_tls: Connect error (-11) >>>>>>> additional info: TLS error -8172:Unknown code ___f 20 >>>>>>> >>>>>>> Does this mean all the certificates I created on the same server >>>>>>> with openssl can not be used by modnss in slapd? I never delt >>>>>>> with modnss before >>>>>> 20 means SEC_ERROR_UNTRUSTED_ISSUER >>>>>> >>>>>> Can you provide the entire log leading up to this point? you can >>>>>> paste it to fpaste.org if you don't want to spam the list with >>>>>> too much information. >>>>>> >>>>>> Yes, openldap with moznss should work _exactly_ like openldap >>>>>> with openssl. If this is something that was working before this >>>>>> is a bug that needs to be fixed asap. >>>>> >>>>> I ran the same ldapsearch command from a Centos box which has >>>>> openssl and the error messages says this : >>>>> >>>>> TLS certificate verification: Error, self signed certificate in >>>>> certificate chain >>>>> >>>>> which is not true. I have separate CA certificate and server >>>>> certificate. The server certificate is signed by the CA certificate. >>>> openssl seems to be complaining about the CA certificate: >>>> # >>>> TLS certificate verification: depth: 1, err: 19, subject: >>>> /C=CA/ST=Ontario/L=Toronto/O=Epic Media Group/OU=IT/CN=Epic Media >>>> Group root CA/emailAddress=sysadmin(a)theepicmediagroup.com, issuer: >>>> /C=CA/ST=Ontario/L=Toronto/O=Epic Media Group/OU=IT/CN=Epic Media >>>> Group root CA/emailAddress=sysadmin(a)theepicmediagroup.com >>>> # >>>> TLS certificate verification: Error, self signed certificate in >>>> certificate chain >>>> >>>> Note that the subject: is the same as the issuer: - that is, it is >>>> a self signed certificate (self issued). >>>> >>>> But I'm not sure if this is the real problem. >>> >>> That certificate it is complaining about is actually the ROOT CA. >>> But I have another server certificate specified by >>> "olcTLSCertificateFile: /etc/ssl/certs/ldaprov1.crt" in cn=config >>> and its subject and issuer are shown below: >>> >>> certs]# openssl x509 -noout -issuer -subject -in >>> /etc/ssl/certs/ldaprov1.crt >>> issuer= /C=CA/ST=Ontario/L=Toronto/O=Epic Media Group/OU=IT/CN=Epic >>> Media Group root CA/emailAddress=sysadmin(a)theepicmediagroup.com >>> subject= /C=CA/ST=Ontario/L=Toronto/O=Epic Media >>> Group/OU=IT/CN=ldaprov1.prod/emailAddress=sysadmin(a)theepicmediagroup.com >>> >>> >>> Its that the client can't seem to get it for some reasons. >>>> # >>>> TLS trace: SSL3 alert write:fatal:unknown CA >>>> >>>> Do you have the CA cert on the client machine? >>> >>> I put the same CA cert on the client machine, both in >>> /etc/ldap.conf(/etc/nss_ldap.conf on Fedora now) and >>> /etc/openldap/ldap.conf >>> >>>>> >>>>> Seems the server certificate defined in olcTLSCertificateFile >>>>> never gets recognized by the client. >>>>> >>>>> Centos openssl output pasted - http://fpaste.org/7Hju/ >>>>> Fedora moznss output pasted - http://fpaste.org/aE19/ >>>> >>>> If you remove TLS_CACERTDIR from /etc/openldap/ldap.conf and then >>>> specify >>>> olcTLSCACertificateFile: /etc/openldap/cacerts/cacert.pem >>>> olcTLSCertificateFile: /etc/openldap/cacerts/ldaprov1.crt >>>> olcTLSCertificateKeyFile: /etc/openldap/cacerts/ldaprov1.key >>>> >>> That is what I have been doing, or trying to do the whole time. Note >>> the last three lines from the current configuration as shown below >>> from the Centos client: >>> >>> .prod:/etc/openldap/cacerts]# ldapsearch -x -LLL -b cn=config -D >>> cn=admin,cn=config -wtesting123 -H ldap://ldaprov1.prod cn=config >>> dn: cn=config >>> objectClass: olcGlobal >>> cn: config >>> olcConfigFile: /etc/openldap/slapd.conf >>> olcConfigDir: /etc/openldap/slapd.d >>> olcAllows: bind_v2 >>> olcArgsFile: /var/run/openldap/slapd.args >>> olcAttributeOptions: lang- >>> olcAuthzPolicy: none >>> olcConcurrency: 0 >>> olcConnMaxPending: 100 >>> olcConnMaxPendingAuth: 1000 >>> olcGentleHUP: FALSE >>> olcIdleTimeout: 0 >>> olcIndexSubstrIfMaxLen: 4 >>> olcIndexSubstrIfMinLen: 2 >>> olcIndexSubstrAnyLen: 4 >>> olcIndexSubstrAnyStep: 2 >>> olcIndexIntLen: 4 >>> olcLocalSSF: 71 >>> olcLogLevel: 9 >>> olcPidFile: /var/run/openldap/slapd.pid >>> olcReadOnly: FALSE >>> olcReverseLookup: FALSE >>> olcSaslSecProps: noplain,noanonymous >>> olcSockbufMaxIncoming: 262143 >>> olcSockbufMaxIncomingAuth: 16777215 >>> olcThreads: 16 >>> olcTLSVerifyClient: never >>> olcToolThreads: 1 >>> olcWriteTimeout: 0 >>> olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem >>> olcTLSCertificateFile: /etc/ssl/certs/ldaprov1.crt >>> olcTLSCertificateKeyFile: /etc/ssl/certs/ldaprov1.key >> try starting slapd with -d 1 > > got the following from the log: With -d 1 there should be a lot more output than this? > > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: slap_listener_activate(7): > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 busy > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: >>> slap_listener(ldap:///) > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: listen=7, new > connection on 14 > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: 14r > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: read active on 14 > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: added 14r (active) > listener=(nil) > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14) > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14): got > connid=1003 > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): checking > for input on id=1003 > Aug 9 19:27:27 ldaprov2 slapd[28972]: op tag 0x77, time 1312932447 > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 do_extended > Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 EXT > oid=1.3.6.1.4.1.1466.20037 > Aug 9 19:27:27 ldaprov2 slapd[28972]: do_extended: > oid=1.3.6.1.4.1.1466.20037 > Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 STARTTLS > Aug 9 19:27:27 ldaprov2 slapd[28972]: send_ldap_extended: err=0 oid= > len=0 > Aug 9 19:27:27 ldaprov2 slapd[28972]: send_ldap_response: msgid=1 > tag=120 err=0 > Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 op=0 RESULT oid= > err=0 text= > Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 fd=14 ACCEPT from > IP=10.10.2.44:54439 (IP=0.0.0.0:389) > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: 14r > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: read active on 14 > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14) > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14): got > connid=1003 > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): checking > for input on id=1003 > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: 14r > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: read active on 14 > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14) > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_get(14): got > connid=1003 > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): checking > for input on id=1003 > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_read(14): TLS accept > failure error=-1 id=1003, closing > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_closing: readying > conn=1003 sd=14 for close > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on 1 descriptor > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: activity on: > Aug 9 19:27:27 ldaprov2 slapd[28972]: > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=7 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=8 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=9 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: epoll: listen=10 > active_threads=0 tvp=zero > Aug 9 19:27:27 ldaprov2 slapd[28972]: connection_close: conn=1003 sd=14 > Aug 9 19:27:27 ldaprov2 slapd[28972]: daemon: removing 14 > Aug 9 19:27:27 ldaprov2 slapd[28972]: conn=1003 fd=14 closed (TLS > negotiation failure) >

13 years, 3 months

groups added to provider not replicating to consumer

by btb＠bitrate.net

hi- i've recently set up delta-syncrepl, with one provider and one consumer. things seemed to be generally working, but i recently noticed that member attributes in group entries were not getting replicated. after a bit of testing, i also found that new groups added to the provider appear to not be replicated to the consumer. it also appears that the operation of adding a group is not being written to the accesslog. on a possibly related note, i'm using the memberof overlay, and the memberof attribute modifications which occur as a result of adding a group are written to the accesslog, and are replicated to the consumer. i'm using 2.4.25, courtesy of ubuntu 11.10. what can i do to better understand what is happening, and why? below is some preliminary data, and log entries using olcloglevel: any thanks -ben >cat add_group.ldif dn: cn=test_group,ou=general,ou=groups,dc=example,dc=net changetype: add objectClass: top objectClass: groupOfNames description: test group cn: test_group member: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net >ldapadd -xZZD 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net' -w 'xxxxxxxxxxxx' -f add_group.ldif adding new entry "cn=test_group,ou=general,ou=groups,dc=example,dc=net" subsequent ldapsearch on provider: >ldapsearch -xLLLZZD 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net' -w 'xxxxxxxxxxxx' -b 'cn=test_group,ou=general,ou=groups,dc=example,dc=net' -s base '*' '+' dn: cn=test_group,ou=general,ou=groups,dc=example,dc=net objectClass: top objectClass: groupOfNames description: test group cn: test_group member: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example, dc=net structuralObjectClass: groupOfNames entryUUID: d68c73e4-10c1-1031-8246-9dfa8daa46e0 creatorsName: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net createTimestamp: 20120402034404Z entryCSN: 20120402034404.808333Z#000000#000#000000 modifiersName: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net modifyTimestamp: 20120402034404Z entryDN: cn=test_group,ou=general,ou=groups,dc=example,dc=net subschemaSubentry: cn=Subschema hasSubordinates: FALSE subsequent ldapsearch on consumer: >ldapsearch -xLLLZZD 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net' -w 'xxxxxxxxxxxx' -b 'cn=test_group,ou=general,ou=groups,dc=example,dc=net' -s base '*' '+' No such object (32) Matched DN: ou=general,ou=groups,dc=example,dc=net provider log entries: Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: slap_listener_activate(8): Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 busy Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: >>> slap_listener(ldap:///) Apr 1 23:44:04 flip slapd[9255]: daemon: listen=8, new connection on 54 Apr 1 23:44:04 flip slapd[9255]: daemon: added 54r (active) listener=(nil) Apr 1 23:44:04 flip slapd[9255]: conn=1378 fd=54 ACCEPT from IP=192.168.1.1:47610 (IP=0.0.0.0:389) Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 2 descriptors Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: 54r Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54 Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: connection_get(54) Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378 Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378 Apr 1 23:44:04 flip slapd[9255]: op tag 0x77, time 1333338244 Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 do_extended Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Apr 1 23:44:04 flip slapd[9255]: do_extended: oid=1.3.6.1.4.1.1466.20037 Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 STARTTLS Apr 1 23:44:04 flip slapd[9255]: send_ldap_extended: err=0 oid= len=0 Apr 1 23:44:04 flip slapd[9255]: send_ldap_response: msgid=1 tag=120 err=0 Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 RESULT oid= err=0 text= Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: 54r Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54 Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: connection_get(54) Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378 Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378 Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: 54r Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54 Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: connection_get(54) Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378 Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378 Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: 54r Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54 Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: connection_get(54) Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378 Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378 Apr 1 23:44:04 flip slapd[9255]: connection_read(54): unable to get TLS client DN, error=49 id=1378 Apr 1 23:44:04 flip slapd[9255]: conn=1378 fd=54 TLS established tls_ssf=128 ssf=128 Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: 54r Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54 Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: connection_get(54) Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378 Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378 Apr 1 23:44:04 flip slapd[9255]: op tag 0x60, time 1333338244 Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 do_bind Apr 1 23:44:04 flip slapd[9255]: >>> dnPrettyNormal: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: <<< dnPrettyNormal: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>, <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" method=128 Apr 1 23:44:04 flip slapd[9255]: do_bind: version=3 dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" method=128 Apr 1 23:44:04 flip slapd[9255]: ==> hdb_bind: dn: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net Apr 1 23:44:04 flip slapd[9255]: bdb_dn2entry("uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net") Apr 1 23:44:04 flip slapd[9255]: => access_allowed: result not in cache (userPassword) Apr 1 23:44:04 flip slapd[9255]: => access_allowed: auth access to "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" "userPassword" requested Apr 1 23:44:04 flip slapd[9255]: => acl_get: [1] attr userPassword Apr 1 23:44:04 flip slapd[9255]: => acl_mask: access to entry "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net", attr "userPassword" requested Apr 1 23:44:04 flip slapd[9255]: => acl_mask: to value by "", (=0) Apr 1 23:44:04 flip slapd[9255]: <= check a_dn_pat: anonymous Apr 1 23:44:04 flip slapd[9255]: <= acl_mask: [1] applying auth(=xd) (stop) Apr 1 23:44:04 flip slapd[9255]: <= acl_mask: [1] mask: auth(=xd) Apr 1 23:44:04 flip slapd[9255]: => slap_access_allowed: auth access granted by auth(=xd) Apr 1 23:44:04 flip slapd[9255]: => access_allowed: auth access granted by auth(=xd) Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" mech=SIMPLE ssf=0 Apr 1 23:44:04 flip slapd[9255]: do_bind: v3 bind: "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" to "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" Apr 1 23:44:04 flip slapd[9255]: send_ldap_result: conn=1378 op=1 p=3 Apr 1 23:44:04 flip slapd[9255]: send_ldap_result: err=0 matched="" text="" Apr 1 23:44:04 flip slapd[9255]: send_ldap_response: msgid=2 tag=97 err=0 Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor Apr 1 23:44:04 flip slapd[9255]: daemon: activity on: Apr 1 23:44:04 flip slapd[9255]: 54r Apr 1 23:44:04 flip slapd[9255]: Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54 Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero Apr 1 23:44:04 flip slapd[9255]: connection_get(54) Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 RESULT tag=97 err=0 text= Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378 Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378 Apr 1 23:44:04 flip slapd[9255]: op tag 0x68, time 1333338244 Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=2 do_add Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=2 do_add: dn (cn=test_group,ou=general,ou=groups,dc=example,dc=net) Apr 1 23:44:04 flip slapd[9255]: >>> dnPrettyNormal: <cn=test_group,ou=general,ou=groups,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: <<< dnPrettyNormal: <cn=test_group,ou=general,ou=groups,dc=example,dc=net>, <cn=test_group,ou=general,ou=groups,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=2 ADD dn="cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 flip slapd[9255]: >>> dnPretty: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: <<< dnPretty: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: >>> dnNormalize: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: <<< dnNormalize: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: bdb_dn2entry("cn=test_group,ou=general,ou=groups,dc=example,dc=net") Apr 1 23:44:04 flip slapd[9255]: => hdb_dn2id("cn=test_group,ou=general,ou=groups,dc=example,dc=net") Apr 1 23:44:04 flip slapd[9255]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) Apr 1 23:44:04 flip slapd[9255]: hdb_referrals: tag=104 target="cn=test_group,ou=general,ou=groups,dc=example,dc=net" matched="ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 flip slapd[9255]: ==> unique_add <cn=test_group,ou=general,ou=groups,dc=example,dc=net> Apr 1 23:44:04 flip slapd[9255]: ==> hdb_add: cn=test_group,ou=general,ou=groups,dc=example,dc=net Apr 1 23:44:04 flip slapd[9255]: oc_check_required entry (cn=test_group,ou=general,ou=groups,dc=example,dc=net), objectClass "groupOfNames" Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "objectClass" Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "description" Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "cn" Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "member" Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "structuralObjectClass" Apr 1 23:44:04 flip slapd[9255]: slap_queue_csn: queing 0xb2fcd8ce 20120402034404.808333Z#000000#000#000000 Apr 1 23:44:04 flip slapd[9255]: bdb_dn2entry("cn=test_group,ou=general,ou=groups,dc=example,dc=net") Apr 1 23:44:04 flip slapd[9255]: => hdb_dn2id("cn=test_group,ou=general,ou=groups,dc=example,dc=net") Apr 1 23:44:04 flip slapd[9255]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access to "ou=general,ou=groups,dc=example,dc=net" "children" requested Apr 1 23:44:04 flip slapd[9255]: <= root access granted Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access granted by manage(=mwrscxd) Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access to "cn=test_group,ou=general,ou=groups,dc=example,dc=net" "entry" requested Apr 1 23:44:04 flip slapd[9255]: <= root access granted Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access granted by manage(=mwrscxd) Apr 1 23:44:04 flip slapd[9255]: => hdb_dn2id_add 0xe8: "cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 flip slapd[9255]: <= hdb_dn2id_add 0xe8: 0 Apr 1 23:44:04 flip slapd[9255]: => index_entry_add( 232, "cn=test_group,ou=general,ou=groups,dc=example,dc=net" ) Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8) Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [0096defd] Apr 1 23:44:04 flip slapd[9255]: <= key_change 0 Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8) Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [c14a3e76] Apr 1 23:44:04 flip slapd[9255]: <= key_change 0 Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8) Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [943e86da] Apr 1 23:44:04 flip slapd[9255]: <= key_change 0 Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8) Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [c866ab14] Apr 1 23:44:04 flip slapd[9255]: <= key_change 0 consumer log entries: Apr 1 23:44:04 exo slapd[8007]: daemon: activity on 1 descriptor Apr 1 23:44:04 exo slapd[8007]: daemon: activity on: Apr 1 23:44:04 exo slapd[8007]: 12r Apr 1 23:44:04 exo slapd[8007]: Apr 1 23:44:04 exo slapd[8007]: daemon: read active on 12 Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=9 active_threads=0 tvp=NULL Apr 1 23:44:04 exo slapd[8007]: connection_get(12) Apr 1 23:44:04 exo slapd[8007]: connection_get(12): got connid=0 Apr 1 23:44:04 exo slapd[8007]: =>do_syncrepl rid=000 Apr 1 23:44:04 exo slapd[8007]: =>do_syncrep2 rid=000 Apr 1 23:44:04 exo slapd[8007]: do_syncrep2: rid=000 cookie=rid=000,csn=20120402034404.869559Z#000000#000#000000 Apr 1 23:44:04 exo slapd[8007]: >>> dnPrettyNormal: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: <<< dnPrettyNormal: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>, <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: slap_queue_csn: queing 0x7f6bd2694710 20120402034404.869559Z#000000#000#000000 Apr 1 23:44:04 exo slapd[8007]: >>> dnPretty: <cn=test_group,ou=general,ou=groups,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: <<< dnPretty: <cn=test_group,ou=general,ou=groups,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: >>> dnNormalize: <cn=test_group,ou=general,ou=groups,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: <<< dnNormalize: <cn=test_group,ou=general,ou=groups,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: >>> dnPretty: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: <<< dnPretty: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: >>> dnNormalize: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: <<< dnNormalize: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net> Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: ndn: "uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: oc: "(null)", at: "(null)" Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net") Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: found entry: "uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: bdb_entry_get: rc=0 Apr 1 23:44:04 exo slapd[8007]: hdb_modify: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net") Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: 0x0000001a: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net Apr 1 23:44:04 exo slapd[8007]: <= acl_access_allowed: granted to database root Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: add memberOf Apr 1 23:44:04 exo slapd[8007]: dnMatch 17#012#011"cn=dummy_default,ou=dummy_groups,ou=other,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: dnMatch -19#012#011"cn=all_people,ou=general,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: dnMatch 2#012#011"cn=docs,ou=flip,ou=servers,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: dnMatch 5#012#011"cn=monitor,ou=flip,ou=servers,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: dnMatch 5#012#011"cn=systems,ou=flip,ou=servers,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: dnMatch 14#012#011"cn=mail_submitters-non_auth,ou=general,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace modifiersName Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace entryCSN Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace modifyTimestamp Apr 1 23:44:04 exo slapd[8007]: oc_check_required entry (uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net), objectClass "inetOrgPerson" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "uid" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "objectClass" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "sn" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "cn" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "structuralObjectClass" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryUUID" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "creatorsName" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "createTimestamp" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "memberOf" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifiersName" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryCSN" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifyTimestamp" Apr 1 23:44:04 exo slapd[8007]: => key_change(DELETE,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_delete_key: 1a Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [768b75dc] Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [7f0c99d1] Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [0f345f5f] Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [86c8d479] Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [da3d54f3] Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [8d6b497f] Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [144a6a9d] Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a) Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a Apr 1 23:44:04 exo slapd[8007]: <= key_change 0 Apr 1 23:44:04 exo slapd[8007]: => entry_encode(0x0000001a): Apr 1 23:44:04 exo slapd[8007]: <= entry_encode(0x0000001a): Apr 1 23:44:04 exo slapd[8007]: hdb_modify: updated id=0000001a dn="uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: conn=-1 op=0 p=0 Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: err=0 matched="" text="" Apr 1 23:44:04 exo slapd[8007]: slap_graduate_commit_csn: removing 0x7f6bd267ec10 20120402034404.869559Z#000000#000#000000 Apr 1 23:44:04 exo slapd[8007]: syncrepl_message_to_op: rid=000 be_modify uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net (0) Apr 1 23:44:04 exo slapd[8007]: slap_queue_csn: queing 0x7f6bd268f8c0 20120402034404.869559Z#000000#000#000000 Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: ndn: "dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: oc: "(null)", at: "(null)" Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("dc=example,dc=net") Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: found entry: "dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: bdb_entry_get: rc=0 Apr 1 23:44:04 exo slapd[8007]: hdb_modify: dc=example,dc=net Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("dc=example,dc=net") Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: 0x00000001: dc=example,dc=net Apr 1 23:44:04 exo slapd[8007]: <= acl_access_allowed: granted to database root Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace contextCSN Apr 1 23:44:04 exo slapd[8007]: oc_check_required entry (dc=example,dc=net), objectClass "organization" Apr 1 23:44:04 exo slapd[8007]: oc_check_required entry (dc=example,dc=net), objectClass "dcObject" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "dc" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "objectClass" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "o" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "structuralObjectClass" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryUUID" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "creatorsName" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "createTimestamp" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "l" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "st" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "postalCode" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryCSN" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifiersName" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifyTimestamp" Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "contextCSN" Apr 1 23:44:04 exo slapd[8007]: => entry_encode(0x00000001): Apr 1 23:44:04 exo slapd[8007]: <= entry_encode(0x00000001): Apr 1 23:44:04 exo slapd[8007]: hdb_modify: updated id=00000001 dn="dc=example,dc=net" Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: conn=-1 op=0 p=0 Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: err=0 matched="" text="" Apr 1 23:44:04 exo slapd[8007]: slap_graduate_commit_csn: removing 0x7f6bd2674970 20120402034404.869559Z#000000#000#000000 Apr 1 23:44:04 exo slapd[8007]: daemon: activity on 1 descriptor Apr 1 23:44:04 exo slapd[8007]: daemon: activity on: Apr 1 23:44:04 exo slapd[8007]: Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=9 active_threads=0 tvp=NULL

12 years, 7 months

Re: CSN too old, ignoring - and therefore not syncing

by Gavin Henry

Do us a favour and start a new thread with all this info in one email. It's annoying to put this all together over your two emails and burried in another thread. It will help others this way too. Thanks. On 24/12/2008, Adrien Futschik <adrien.futschik(a)atosorigin.com> wrote: > You're right I might have forgotten the most essential :) > > You'll find in attachment the script I'm using to set up the replication > (modified version of test050-syncrepl-multimaster). > > Here is the config : > initialization of m1 : > dn: cn=config > objectClass: olcGlobal > cn: config > olcServerID: 1 > > dn: olcDatabase={0}config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: {0}config > olcRootPW: ${PASSWD} > > initialization of m2 : > dn: cn=config > objectClass: olcGlobal > cn: config > olcServerID: 2 > > dn: olcDatabase={0}config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: {0}config > olcRootPW: ${PASSWD} > > syncprov overlay on m1 : > dn: cn=config > changetype: modify > replace: olcServerID > olcServerID: 1 $URI1 > olcServerID: 2 $URI2 > > dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config > changetype: add > objectClass: olcOverlayConfig > objectClass: olcSyncProvConfig > olcOverlay: syncprov > > dn: olcDatabase={0}config,cn=config > changetype: modify > add: olcSyncRepl > olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=3 > olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=3 > - > add: olcMirrorMode > olcMirrorMode: TRUE > > > syncrepl on m2: > dn: olcDatabase={0}config,cn=config > changetype: modify > add: olcSyncRepl > olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=3 > olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=3 > - > add: olcMirrorMode > olcMirrorMode: TRUE > > schema on m1: > include: file://$ABS_SCHEMADIR/core.ldif > include: file://$ABS_SCHEMADIR/cosine.ldif > include: file://$ABS_SCHEMADIR/inetorgperson.ldif > include: file://$ABS_SCHEMADIR/openldap.ldif > include: file://$ABS_SCHEMADIR/nis.ldif > include: file://$ABS_SCHEMADIR/corba.ldif > include: file://$ABS_SCHEMADIR/java.ldif > include: file://$ABS_SCHEMADIR/misc.ldif > include: file://$ABS_SCHEMADIR/nds.ldif > include: file://$ABS_SCHEMADIR/dit.ldif > > database en m1: > dn: olcDatabase={1}$BACKEND,cn=config > objectClass: olcDatabaseConfig > objectClass: olc${BACKEND}Config > olcDatabase: {1}$BACKEND > olcSuffix: $BASEDN > olcDbDirectory: ./openldap-data > olcRootDN: $MANAGERDN > olcRootPW: ${PASSWD} > olcDbIndex: default pres,eq > olcDbIndex: cn,sn pres,eq,sub > olcDbIndex: objectClass,seeAlso,entryUUID eq > olcDbIndex: mail,givenName,uid pres,eq,sub > olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple > credentials=secret searchbase="$BASEDN" type=refreshOnly > interval=$INTERVAL retry="5 5 300 5" timeout=3 > olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple > credentials=secret searchbase="$BASEDN" type=refreshOnly > interval=$INTERVAL retry="5 5 300 5" timeout=3 > olcMirrorMode: TRUE > > dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config > changetype: add > objectClass: olcOverlayConfig > objectClass: olcSyncProvConfig > olcOverlay: syncprov > > After that I populate m1 with attached arbre.ldif. > > Thanks in advance. > > Adrien > > ======================================== > Message date : Dec 24 2008, 03:23 PM > From : "Gavin Henry" <gavin.henry(a)gmail.com> > To : adrien.futschik(a)atosorigin.com, openldap-technical(a)openldap.org > Copy to : > Subject : Re: CSN too old, ignoring - and therefore not syncing > > Config? > > On 24/12/2008, Adrien Futschik <adrien.futschik(a)atosorigin.com> wrote: > > I'm facing a similar problem. > > I'm testing N-way multimaster replication with OpenLDAP 2.4.13. > > > > I'm able to successfully import data into an instance and have my two > > masters to sync correctly but then when I try to add a new entry in one > of > > the two masters, I'm getting strange messages : > > > > let's say we have m1 & m2 (m1 & m2 are on the same server): > > I initial import data into m1, it is successfully imported into m2 (at > least > > it looks like it). > > Then I'm trying to add an entry on m2 > > (cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr). I'm > > getting strange message on m1 & m2 : > > > > m1 log :(repetitively) > > [...] > > Entry ou=administrateurs,o=gazdefrance,c=fr CSN > > 20081224125950.481561Z#000000#001#000000 older or equal to ctx > > 20081224125950.481561Z#000000#001#000000 > > Entry cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > > changed by peer, ignored > > syncprov_search_response: > > > cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 > > do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT > > [...] > > > > > > m2 log : (repetitively) > > [...] > > master where I added an entry : > > do_syncrep2: rid=004 LDAP_RES_INTERMEDIATE - SYNC_ID_SET > > do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT > > do_syncrep2: > > > cookie=rid=004,sid=002,csn=20081224125950.481561Z#000000#001#000000;20081224130148.522455Z#000000#002#000000 > > [...] > > > > Is this a bug ? Am-I doing something wrong ? > > > > If I add the same entry to m1 and not m2 I get the following messages : > > > > on m2 : > > syncrepl_entry: rid=004 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) > > syncrepl_entry: rid=004 be_search (0) > > syncrepl_entry: rid=004 > > cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > > <= bdb_equality_candidates: (entryCSN) not indexed > > <= bdb_inequality_candidates: (entryCSN) not indexed > > <= bdb_inequality_candidates: (entryCSN) not indexed > > syncprov_search_response: > > cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 > > syncrepl_entry: rid=004 be_add (0) > > do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT > > do_syncrep2: > > cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 > > <= bdb_inequality_candidates: (entryCSN) not indexed > > nonpresent_callback: rid=004 present UUID > > 96268508-6609-102d-9d8e-9742e72db399, dn c=fr > > nonpresent_callback: rid=004 present UUID > > 962af700-6609-102d-9d8f-9742e72db399, dn o=edfgdf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962bd698-6609-102d-9d90-9742e72db399, dn ou=personnes,o=edfgdf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962c00b4-6609-102d-9d91-9742e72db399, dn ou=appli,o=edfgdf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962c2634-6609-102d-9d92-9742e72db399, dn ou=groupes,o=edfgdf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962ca492-6609-102d-9d93-9742e72db399, dn ou=administrateurs,o=edfgdf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962cce90-6609-102d-9d94-9742e72db399, dn o=edf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962d7138-6609-102d-9d95-9742e72db399, dn ou=personnes,o=edf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962d96f4-6609-102d-9d96-9742e72db399, dn ou=appli,o=edf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962deafa-6609-102d-9d97-9742e72db399, dn ou=groupes,o=edf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962ef026-6609-102d-9d98-9742e72db399, dn ou=administrateurs,o=edf,c=fr > > nonpresent_callback: rid=004 present UUID > > 962f156a-6609-102d-9d99-9742e72db399, dn o=gazdefrance,c=fr > > nonpresent_callback: rid=004 present UUID > > 962fca8c-6609-102d-9d9a-9742e72db399, dn ou=personnes,o=gazdefrance,c=fr > > nonpresent_callback: rid=004 present UUID > > 962fef76-6609-102d-9d9b-9742e72db399, dn ou=appli,o=gazdefrance,c=fr > > nonpresent_callback: rid=004 present UUID > > 9630106e-6609-102d-9d9c-9742e72db399, dn ou=groupes,o=gazdefrance,c=fr > > nonpresent_callback: rid=004 present UUID > > 9630bfa0-6609-102d-9d9d-9742e72db399, dn > > ou=administrateurs,o=gazdefrance,c=fr > > nonpresent_callback: rid=004 present UUID > > ae0e93d6-6609-102d-9d9e-9742e72db399, dn > > cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf,c=fr > > slap_queue_csn: queing 0x843fef0 20081224132238.790862Z#000000#001#000000 > > slap_graduate_commit_csn: removing 0x83d6410 > > 20081224132238.790862Z#000000#001#000000 > > > > on m1 : > > slap_queue_csn: queing 0x1df3860 20081224132238.790862Z#000000#001#000000 > > slap_graduate_commit_csn: removing 0x9703700 > > 20081224132238.790862Z#000000#001#000000 > > <= bdb_equality_candidates: (entryCSN) not indexed > > <= bdb_inequality_candidates: (entryCSN) not indexed > > Entry ou=administrateurs,o=gazdefrance,c=fr CSN > > 20081224132158.749532Z#000000#001#000000 older or equal to ctx > > 20081224132158.749532Z#000000#001#000000 > > syncprov_search_response: > > cookie=rid=004,sid=002,csn=20081224132238.790862Z#000000#001#000000 > > do_syncrep2: rid=005 LDAP_RES_INTERMEDIATE - SYNC_ID_SET > > do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT > > do_syncrep2: > > cookie=rid=005,sid=001,csn=20081224132158.749532Z#000000#001#000000 > > > > Here is the entry I'm adding : > > > > dn: cn=adrien-externe.futschik(a)edfgdf.fr,ou=personnes,o=edfgdf, c=fr > > objectclass: top > > objectclass: person > > objectclass: organizationalPerson > > objectclass: inetorgPerson > > objectclass: ditPerson > > cn: adrien-externe.futschik(a)edfgdf.fr > > sn: Futschik > > givenName: Adrien > > uid: adrien-externe.futschik(a)edfgdf.fr > > mail: adrien-externe.futschik(a)edfgdf.fr > > telephonenumber: 0123456789 > > userpassword: {SSHA}GuU6CMRoOxp9EA1ANafzuRUXADKlBA0r > > allowedServices: appli20 > > > > pretty simple isn't it ? What's going wrong ? > > > > Adrien > > > > ======================================== > > Message date : Dec 23 2008, 07:39 PM > > From : "Gavin Henry" <gavin.henry(a)gmail.com> > > To : openldap-technical(a)openldap.org > > Copy to : > > Subject : Fwd: CSN too old, ignoring - and therefore not syncing > > > > ---------- Forwarded message ---------- > > From: Pat Riehecky <prieheck(a)iwu.edu> > > Date: Tue, 23 Dec 2008 12:34:33 -0600 > > Subject: Re: CSN too old, ignoring - and therefore not syncing > > To: Gavin Henry <gavin.henry(a)gmail.com> > > > > On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: > > > Where did you read that those were needed anyway? If it was the admin > > > guide then I need to fix it ;-) > > > > > > Gavin. > > > > I have no idea where I found those at... I know it wasn't the (recent) > > admin guide. It may have been from around the 2.4.8 release, but that > > is long gone... > > > > Pat > > > > > > > > On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > > > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: > > > >> Try dropping nopresent and reloadhint relating to ITS5669. You only > > > >> need these two syncprov settings on an accesslog db. > > > >> > > > >> Gavin. > > > > > > > > Thanks, that did the job! > > > > > > > > Pat > > > > > > > >> > > > >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > > >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: > > > >> >> Can you post your config somewhere? > > > >> > > > > >> > > > > >> > allow bind_v2 > > > >> > > > > >> > include /etc/ldap/schema/core.schema > > > >> > include /etc/ldap/schema/cosine.schema > > > >> > include /etc/ldap/schema/nis.schema > > > >> > include /etc/ldap/schema/inetorgperson.schema > > > >> > include /etc/ldap/schema/samba.schema > > > >> > include /etc/ldap/schema/eduperson-200412.schema > > > >> > include /etc/ldap/schema/hdb.schema > > > >> > include /etc/ldap/schema/IWU.schema > > > >> > > > > >> > pidfile /var/run/slapd/slapd.pid > > > >> > argsfile /var/run/slapd/slapd.args > > > >> > > > > >> > modulepath /usr/lib/ldap > > > >> > moduleload back_hdb > > > >> > moduleload back_monitor > > > >> > moduleload memberof > > > >> > moduleload syncprov > > > >> > moduleload smbk5pwd > > > >> > > > > >> > tool-threads 2 > > > >> > sizelimit 500 > > > >> > idletimeout 7200 > > > >> > > > > >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt > > > >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt > > > >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key > > > >> > TLSVerifyClient allow > > > >> > > > > >> > localSSF 160 > > > >> > security ssf=1 update_ssf=128 simple_bind=112 > > > >> > sasl-secprops noanonymous > > > >> > > > > >> > access to dn.base="" by * read > > > >> > access to dn.base="cn=Subschema" by * read > > > >> > > > > >> > backend hdb > > > >> > database hdb > > > >> > > > > >> > overlay memberof > > > >> > overlay smbk5pwd > > > >> > overlay syncprov > > > >> > > > > >> > smbk5pwd-enable samba > > > >> > smbk5pwd-enable krb5 > > > >> > smbk5pwd-must-change 0 > > > >> > > > > >> > syncprov-checkpoint 100 10 > > > >> > syncprov-sessionlog 200 > > > >> > syncprov-nopresent TRUE > > > >> > syncprov-reloadhint TRUE > > > >> > > > > >> > suffix "dc=iwu,dc=edu" > > > >> > > > > >> > rootdn "cn=admin,dc=iwu,dc=edu" > > > >> > rootpw {redacted} > > > >> > > > > >> > authz-regexp "uidNumber=0\\\ > > > >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" > > > >> > "cn=ldapi,dc=iwu,dc=edu" > > > >> > authz-regexp "gidNumber=.*\\\ > > > >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" > > > >> > "cn=ldapi,dc=iwu,dc=edu" > > > >> > > > > >> > authz-regexp "uid=(.+),cn=.+,cn=auth" > > "uid=$1,ou=People,dc=iwu,dc=edu" > > > >> > > > > >> > directory "/var/lib/ldap/" > > > >> > > > > >> > dbconfig set_cachesize 0 62914560 0 > > > >> > dbconfig set_lk_max_objects 1500 > > > >> > dbconfig set_lk_max_locks 1500 > > > >> > dbconfig set_lk_max_lockers 1500 > > > >> > > > > >> > # Make sure to do a nightly slapcat > > > >> > dbconfig set_flags DB_LOG_AUTOREMOVE > > > >> > > > > >> > index objectClass eq,pres > > > >> > index default eq,sub,pres > > > >> > index mail eq,sub,pres > > > >> > index sn eq,sub,pres > > > >> > index cn eq,sub,pres > > > >> > index displayName eq,sub,pres > > > >> > index gecos eq,sub,pres > > > >> > index uid eq,sub,pres > > > >> > index memberUid eq,sub,pres > > > >> > index uidNumber eq,pres > > > >> > index gidNumber eq,pres > > > >> > index entryCSN eq,pres > > > >> > index entryUUID eq,pres > > > >> > index uniqueMember eq,pres > > > >> > index userPassword eq,pres > > > >> > index krb5PrincipalName eq,pres > > > >> > index krb5PrincipalRealm eq,pres > > > >> > index sambaDomainName eq,pres > > > >> > index sambaSID eq,pres > > > >> > index sambaPrimaryGroupSID eq,pres > > > >> > index sambaSIDList eq,pres > > > >> > > > > >> > lastmod on > > > >> > > > > >> > checkpoint 256 15 > > > >> > > > > >> > password-hash {SSHA} > > > >> > > > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > > >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited > > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > > >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited > > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > > >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited > > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > > >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited > > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > > >> > > > > >> > access to dn.sub="dc=iwu,dc=edu" > > > >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write > > > >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write > > > >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read > > > >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read > > > >> > by * break > > > >> > > > > >> > access to dn.sub="dc=iwu,dc=edu" > > > >> > > > > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key > > > >> > by anonymous auth > > > >> > by self write > > > >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write > > > >> > by users auth > > > >> > by * break > > > >> > > > > >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none > > > >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none > > > >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none > > > >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none > > > >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none > > > >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none > > > >> > > > > >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self > read > > by * > > > >> > none > > > >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * > none > > > >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none > > > >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by > self > > read > > > >> > by * none > > > >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by > > self > > > >> > read by * none > > > >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self > read > > by * > > > >> > none > > > >> > > > > >> > access to > > > >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" > by > > self > > > >> > read by * none > > > >> > > > > >> > access to dn.sub="dc=iwu,dc=edu" > > > >> > > > > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName > > > >> > by self write > > > >> > by users read > > > >> > by anonymous none > > > >> > by * break > > > >> > > > > >> > access to dn.sub="dc=iwu,dc=edu" > > > >> > > > > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber > > > >> > by self read > > > >> > by anonymous none > > > >> > by * break > > > >> > > > > >> > access to dn.sub="dc=iwu,dc=edu" > > > >> > > > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid > > > >> > by * none > > > >> > > > > >> > access to dn.sub="dc=iwu,dc=edu" > > > >> > > > > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength > > > >> > by self read > > > >> > by anonymous none > > > >> > by * break > > > >> > > > > >> > access to dn.sub="dc=iwu,dc=edu" by * read > > > >> > > > > >> > serverID 1 > > > >> > > > > >> > syncrepl rid=2 > > > >> > provider=ldap://ldap2.iwu.edu/ > > > >> > schemachecking=off > > > >> > searchbase="dc=iwu,dc=edu" > > > >> > scope=sub > > > >> > type=refreshAndPersist > > > >> > binddn="cn=mirror,dc=iwu,dc=edu" > > > >> > credentials={redacted} > > > >> > bindmethod=simple > > > >> > starttls=yes > > > >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt > > > >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key > > > >> > tls_cacert=/etc/ldap/ssl/IWU.crt > > > >> > tls_reqcert=try > > > >> > interval=00:00:00:30 > > > >> > retry="15 +" > > > >> > timeout=1 > > > >> > timelimit=unlimited > > > >> > sizelimit=unlimited > > > >> > > > > >> > mirrormode on > > > >> > > > > >> > ############################### > > > >> > database monitor > > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > > > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > > > >> > > > > >> > access to dn.exact="cn=Monitor" > > > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > > > >> > by * none > > > >> > > > > >> > access to dn.subtree="cn=Monitor" > > > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > > > >> > by * none > > > >> > > > > >> > > > > >> >> > > > >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > > >> >> > Here is the quick and dirty what I am trying to do: > > > >> >> > > > > >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are > time > > > >> >> > synced > > > >> >> > to pool.ntp.org and each other (if they drift I would rather > they > > > >> >> > sorta > > > >> >> > drift together, but pool should be keeping that in check). > > > >> >> > > > > >> >> > Right now I am just beating them up to see how 2.4.13 > performs. > > (So > > > >> >> > far > > > >> >> > VERY well, minus this little problem) > > > >> >> > > > > >> >> > I have a rather small ldif (41 entries) that just wont sync > (I'm > > > >> >> > starting small). Debug gives me > > > >> >> > > > > >> >> > ber_scanf fmt (m}) ber: > > > >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 > > > >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 > > > >> >> > 30 .<rid=001,sid=00 > > > >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 > > > >> >> > 2,csn=2008122217 > > > >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 > > > >> >> > 4721.855904Z#000 > > > >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 > > > >> >> > 000#001#000000 > > > >> >> > do_syncrep2: > > > >> >> > > > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 > > > >> >> > do_syncrep2: rid=001 CSN too old, ignoring > > > >> >> > 20081222174721.855904Z#000000#001#000000 > > > >> >> > ldap_msgfree > > > >> >> > > > > >> >> > I am not exactly sure how it gotten to be "too old." The ldif > I > > am > > > >> >> > importing is not the result of a slapcat or anything that > would > > > >> >> > preserve > > > >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am > > > >> >> > loading > > > >> >> > one single file with ldapadd which, in my understanding, sets > up > > the > > > >> >> > CSN > > > >> >> > and wouldn't let me import one anyway. > > > >> >> > > > > >> >> > Each server has no entries until I load the one, so there > > shouldn't > > > >> >> > be > > > >> >> > any weird stale CSNs causing this. They are "sync'ed" almost > > > >> >> > instantly > > > >> >> > after the one system is loaded - I just don't have everything. > > > >> >> > > > > >> >> > After a sync: > > > >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 > > > >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 > > > >> >> > > > > >> >> > Right now I can get them in sync with a slapcat/slapadd, but > when > > the > > > >> >> > go > > > >> >> > into production I wont be able to say for certain which one is > > > >> >> > authoritative. That is the purpose of multi-master.... > > > >> >> > > > > >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu > Linux > > 32 > > > >> >> > bit > > > >> >> > > > > >> >> > Any ideas as to what I can do to stop this from happening? > > > >> >> > > > > >> >> > Pat > > > >> >> > > > > >> >> > > > > >> >> > > > > >> >> > > > > >> >> > > > >> > > > > >> > > > > >> > > > > > > > > > > > > > > > > > -- > > Sent from my mobile device > > > > http://www.suretecsystems.com/services/openldap/ > > > > > > > > > > Adrien Futschik > > > > -- > Sent from my mobile device > > http://www.suretecsystems.com/services/openldap/ > > > > > Adrien Futschik -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/

15 years, 11 months

performance problem

by Mark Tilmes

LDAP list, I have been trying to figure out this problem for a few weeks, I have been reading the archives and searching google to no avail. We have a high load at the beginning of every minute due to automated processes authenticating. During this time, authentications take from about 5 seconds to as much as 12 seconds. I can even run an ldapwho command directly on the ldap server and see the slowness. Looking at netstat, there are as many as 500 connections coming in to each server around that time. The load has been processed within 20 seconds. Here is some info on what I am running: RHEL 6.9 os Openldap 2.4.40 from the RHEL rpm These systems have 16 cpu’s but they are ~90% idle. The ldap database is on mdb, it is 52M. There are 3657 entries. The systems have 32G of memory each, after buffers and cache, 12G is free. I think just about everything this system does for disk is cached in memory. The only other thing running on these servers is dns and ntp, but when we turn those off, we still see the slowness. See below for my openldap configuration. I am trying to figure out if this is an unreasonable load for these servers and I just need more servers, or if there is some tuning I can do to help with this? When I look at cn=threads,cn=monitor I see active threads go up to 16 and pending threads go up to 127 or so. I increased threads but saw a similar result, all threads are active, many are still pending. When increasing threads to 128, I ended up with this error message: mdb_opinfo_get: err MDB_READERS_FULL: Environment maxreaders limit reached(-30790) I'm not sure what I can do about that. I'm also not sure if I also need to increase listener threads? Seems like not since the threads are all active during the traffic burst. We have 4 ldap servers, one handles writes and then syncs to the other 3, so there are no writes on the other 3, and very few writes on the master, just when we add users or change group memberships which is infrequent, just a few times a month. Any advice is appreciated. Mark Tilmes [root@core6 ldap]# slapcat -F /cb/env/infra/openldap/etc/openldap/core6/slapd.d/ -b 'cn=config' dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: slapd.conf olcConfigDir: slapd.d olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcTLSCACertificateFile: **** olcTLSCertificateFile: **** olcTLSCertificateKeyFile: **** /ldap6.rsakey.pem olcTLSCipherSuite: HIGH olcTLSVerifyClient: never olcTLSProtocolMin: 3.1 olcToolThreads: 1 olcWriteTimeout: 0 structuralObjectClass: olcGlobal entryUUID: ba4a33d4-097c-1036-94c5-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z olcTCPBuffer: 2048 olcIdleTimeout: 0 olcListenerThreads: 1 olcLogLevel: none olcThreads: 16 entryCSN: 20180607174833.321882Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20180607174833Z dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}back_hdb.la olcModuleLoad: {1}syncprov.la olcModuleLoad: {2}auditlog.la structuralObjectClass: olcModuleList entryUUID: ba4c0010-097c-1036-94c6-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2 olcObjectIdentifier: OLcfgAt OLcfg:3 olcObjectIdentifier: OLcfgGlAt OLcfgAt:0 olcObjectIdentifier: OLcfgBkAt OLcfgAt:1 olcObjectIdentifier: OLcfgDbAt OLcfgAt:2 olcObjectIdentifier: OLcfgOvAt OLcfgAt:3 olcObjectIdentifier: OLcfgCtAt OLcfgAt:4 olcObjectIdentifier: OLcfgOc OLcfg:4 olcObjectIdentifier: OLcfgGlOc OLcfgOc:0 olcObjectIdentifier: OLcfgBkOc OLcfgOc:1 olcObjectIdentifier: OLcfgDbOc OLcfgOc:2 olcObjectIdentifier: OLcfgOvOc OLcfgOc:3 olcObjectIdentifier: OLcfgCtOc OLcfgOc:4 olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1 olcObjectIdentifier: OMsBoolean OMsyn:7 olcObjectIdentifier: OMsDN OMsyn:12 olcObjectIdentifier: OMsDirectoryString OMsyn:15 olcObjectIdentifier: OMsIA5String OMsyn:26 olcObjectIdentifier: OMsInteger OMsyn:27 olcObjectIdentifier: OMsOID OMsyn:38 olcObjectIdentifier: OMsOctetString OMsyn:40 olcObjectIdentifier: olmAttributes 1.3.6.1.4.1.4203.666.1.55 olcObjectIdentifier: olmSubSystemAttributes olmAttributes:0 olcObjectIdentifier: olmGenericAttributes olmSubSystemAttributes:0 olcObjectIdentifier: olmDatabaseAttributes olmSubSystemAttributes:1 olcObjectIdentifier: olmObjectClasses 1.3.6.1.4.1.4203.666.3.16 olcObjectIdentifier: olmSubSystemObjectClasses olmObjectClasses:0 olcObjectIdentifier: olmGenericObjectClasses olmSubSystemObjectClasses:0 olcObjectIdentifier: olmDatabaseObjectClasses olmSubSystemObjectClasses:1 olcObjectIdentifier: olmMDBAttributes olmDatabaseAttributes:1 olcObjectIdentifier: olmMDBObjectClasses olmDatabaseObjectClasses:1 olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' X-BINARY-TRA NSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' X-NOT-HU MAN-READABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Descrip tion' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' X-NOT-HUMAN-REA DABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' X-NOT-HUMAN-RE ADABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' X-BINARY- TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' X-BI NARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' X-B INARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509 AttributeCerti ficate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' ) olcLdapSyntaxes: ( 1.2.36.79672281.1.5.0 DESC 'RDN' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Desc ription' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure Rule De scription' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone N umber' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' X-NOT-HUMAN-READ ABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' X-NOT-HUMAN-REA DABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Acc ess Points' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Descrip tion' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use Des cription' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID ' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description ' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Descript ion' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Iden tifier' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Descripti on' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema Definitio n' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema Descripti on' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' ) olcLdapSyntaxes: ( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' ) olcLdapSyntaxes: ( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.2 DESC 'AttributeCertificate Exact Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.3 DESC 'AttributeCertificate Assertion' ) olcLdapSyntaxes: ( 1.3.6.1.1.16.1 DESC 'UUID' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.4 DESC 'CSN SID' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' ) olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' ) olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classe s of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.38 ) olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: st ructural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryO peration ) olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time whi ch object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTi meOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-M ODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time whi ch object was last modified' EQUALITY generalizedTimeMatch ORDERING general izedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO- USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of cre ator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of la st modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- VALUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directory Operation ) olcAttributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUA LITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VAL UE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry ' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGL E-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change s equence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrdering Match SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICAT ION USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change sequence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNO rderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MO DIFICATION USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 's yncrepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStr ingOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER- MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the l argest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMa tch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOp eration ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC45 12: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOper ation ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC ' RFC4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOpe ration ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DES C 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DE SC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.38 USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanis ms' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'R FC4512: features supported by the server' EQUALITY objectIdentifierMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'm onitor context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'co nfig context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of im plementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: admin istrative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.38 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: sub tree specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE directoryOperation ) olcAttributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT st ructure rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.17 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT cont ent rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.16 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching r ules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.30 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.3 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object cla sses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.37 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' E QUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.35 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.31 USAGE directoryOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'R FC4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subo rdinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 USAGE distributedOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL entry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER- MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP A CL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO -USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4. 1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzF rom' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6. 1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC258 9: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO -USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RFC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MO DIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 ) olcAttributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: commo n name(s) for which the entity is known by' SUP name ) olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An inte ger uniquely identifying a user in an administrative domain' EQUALITY integ erMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An inte ger uniquely identifying a group in an administrative domain' EQUALITY inte gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: passwo rd of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{ 128} ) olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: U niform Resource Identifier with optional label' EQUALITY caseExactMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related ob ject' SUP distinguishedName ) olcAttributeTypes: ( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryStrin g SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory for sl apd configuration backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryStri ng SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control List' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check ACLs a gainst content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of depre cated features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd com mand line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGL E-VALUE ) olcAttributeTypes: ( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY caseIgn oreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP att ributeTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT AX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY caseIgnore Match SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY caseIgnoreMa tch SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY caseIgnoreMa tch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED ' SIBLINGS' ) olcAttributeTypes: ( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX OMsInteger SI NGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX OMsInt eger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' ) olcAttributeTypes: ( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX OMsDN S INGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY caseIgnoreMat ch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC 'OpenLDAP D IT content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgDbAt:0.20 NAME 'olcExtraAttrs' EQUALITY caseIgnore Match SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean SING LE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean SINGL E-VALUE ) olcAttributeTypes: ( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX OMsInteger SI NGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI ) olcAttributeTypes: ( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX OMsIn teger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX OMsIn teger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX OMsInte ger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX OMsInt eger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX OMsInteger SI NGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean SINGL E-VALUE ) olcAttributeTypes: ( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldap Syntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OM sDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:93 NAME 'olcListenerThreads' SYNTAX OMsIntege r SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger SINGL E-VALUE ) olcAttributeTypes: ( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX OMsDirectoryStrin g SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatc h SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX OMsBoolean S INGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY caseIgnoreMa tch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX OMsDirectorySt ring SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX OMsBoolean S INGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP obj ect classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT AX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDirectoryString X-ORDE RED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase SINGLE-V ALUE X-ORDERED 'SIBLINGS' ) olcAttributeTypes: ( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' SYNTAX O MsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY caseIgnore Match SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX OMsDirectoryStrin g SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX OMsDirector yString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean SINGL E-VALUE ) olcAttributeTypes: ( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI SINGLE-V ALUE ) olcAttributeTypes: ( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX OMsDirect oryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX OMsDirecto ryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX OMsIn teger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX OMsDirectorySt ring SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY caseIgnoreMatc h SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY caseIgnoreMatc h SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY distinguishedNa meMatch SYNTAX OMsDN SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX OMsDirectoryStrin g SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:89 NAME 'olcSaslAuxprops' SYNTAX OMsDirectory String SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX OMsDirectoryStri ng SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX OMsDirectoryStr ing SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX OMsDirectory String SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY distinguishedN ameMatch SYNTAX OMsDN SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY caseIgnoreMatc h SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY caseIgnoreMatc h SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX OMsDirectoryStr ing SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX OMsInt eger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' SYNTAX OM sInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryS tring ) olcAttributeTypes: ( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX OMsDirector yString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY distinguishedN ameMatch SYNTAX OMsDN ) olcAttributeTypes: ( OLcfgDbAt:0.19 NAME 'olcSyncUseSubentry' DESC 'Store sy nc context in a subentry' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMa tch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgGlAt:90 NAME 'olcTCPBuffer' DESC 'Custom TCP buffe r size' SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger SINGLE -VALUE ) olcAttributeTypes: ( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX OMsDirectoryStr ing ) olcAttributeTypes: ( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX OMsD irectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX OMsD irectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX OMsDir ectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX OMs DirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX OMsDirecto ryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX OMsDirectoryS tring SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX OMsDirectorySt ring SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX OMsDirectoryS tring SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX OMsDirect oryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX OMsDirecto ryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX OMsDirecto ryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX OMsInteger SI NGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN SINGLE-V ALUE ) olcAttributeTypes: ( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI EQUAL ITY caseIgnoreMatch ) olcAttributeTypes: ( OLcfgGlAt:88 NAME 'olcWriteTimeout' SYNTAX OMsInteger S INGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGL E-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC ' monitored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOp eration ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'mo nitor managed info' SUP name ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'monitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' D ESC 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' D ESC 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumb er' DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATIO N USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuth zDN' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOpe ration ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLoca lAddress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER -MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeer Address' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-M ODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DE SC 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTi meOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-M ODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'name of overlays defined for a given database' SUP monitoredInfo NO-USER- MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read /write status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DESC 'name of restricted operation for a given database' SUP managedInfo ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionPro tocol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFIC ATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOps Received' DESC 'monitor number of operations received by the connection' SU P monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOps Executing' DESC 'monitor number of operations in execution within the conne ction' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOps Pending' DESC 'monitor number of pending operations within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOps Completed' DESC 'monitor number of operations completed within the connecti on' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet ' DESC 'number of times connection_get() was called so far' SUP monitorCoun ter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRea d' DESC 'number of times connection_read() was called so far' SUP monitorCo unter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWri te' DESC 'number of times connection_write() was called so far' SUP monitor Counter NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMas k' DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION US AGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionLis tener' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFIC ATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPee rDomain' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MO DIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionSta rtTime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VA LUE NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionAct ivityTime' DESC 'monitor connection activity time' SUP monitorTimestamp SIN GLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DES C 'TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DE SC 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE US AGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig ' DESC 'TRUE if component allows runtime configuration' EQUALITY booleanMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.30 NAME 'monitorSuperiorDN' D ESC 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation ) olcAttributeTypes: ( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number of ex tra entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry cache s ize in entries' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database che ckpoint interval in kbytes and minutes' SYNTAX OMsDirectoryString SINGLE-VA LUE ) olcAttributeTypes: ( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable databa se checksum validation' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname of file containing the DB encryption key' SYNTAX OMsDirectoryString SINGLE-VAL UE ) olcAttributeTypes: ( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB encryption key' SYNTAX OMsOctetString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CO NFIG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable synchron ous database writes' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads o f uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN cache s ize' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL cache size in IDLs' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute index p arameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index attri butes one at a time' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock det ection algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix permissions o f database files' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth of se arch stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for shared memory region' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:0.14 NAME 'olcDbURI' DESC 'URI (list) for rem ote DSA' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.1 NAME 'olcDbStartTLS' DESC 'StartTLS' SYNT AX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.2 NAME 'olcDbACLAuthcDn' DESC 'Remote ACL a dministrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.3 NAME 'olcDbACLPasswd' DESC 'Remote ACL ad ministrative identity credentials' OBSOLETE SYNTAX OMsDirectoryString SINGL E-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.4 NAME 'olcDbACLBind' DESC 'Remote ACL admi nistrative identity auth bind configuration' SYNTAX OMsDirectoryString SING LE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.5 NAME 'olcDbIDAssertAuthcDn' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VA LUE ) olcAttributeTypes: ( OLcfgDbAt:3.6 NAME 'olcDbIDAssertPasswd' DESC 'Remote I dentity Assertion administrative identity credentials' OBSOLETE SYNTAX OMsD irectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.7 NAME 'olcDbIDAssertBind' DESC 'Remote Ide ntity Assertion administrative identity auth bind configuration' SYNTAX OMs DirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.8 NAME 'olcDbIDAssertMode' DESC 'Remote Ide ntity Assertion mode' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.9 NAME 'olcDbIDAssertAuthzFrom' DESC 'Remot e Identity Assertion authz rules' EQUALITY caseIgnoreMatch SYNTAX OMsDirect oryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgDbAt:3.10 NAME 'olcDbRebindAsUser' DESC 'Rebind as user' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.11 NAME 'olcDbChaseReferrals' DESC 'Chase r eferrals' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.12 NAME 'olcDbTFSupport' DESC 'Absolute fil ters support' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.13 NAME 'olcDbProxyWhoAmI' DESC 'Proxy whoA mI exop' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.14 NAME 'olcDbTimeout' DESC 'Per-operation timeouts' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.15 NAME 'olcDbIdleTimeout' DESC 'connection idle timeout' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.16 NAME 'olcDbConnTtl' DESC 'connection ttl ' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.17 NAME 'olcDbNetworkTimeout' DESC 'connect ion network timeout' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.18 NAME 'olcDbProtocolVersion' DESC 'protoc ol version' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.19 NAME 'olcDbSingleConn' DESC 'cache a sin gle connection per identity' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.20 NAME 'olcDbCancel' DESC 'abandon/ignore/ exop operations when appropriate' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.21 NAME 'olcDbQuarantine' DESC 'Quarantine database if connection fails and retry according to rule' SYNTAX OMsDirecto ryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.22 NAME 'olcDbUseTemporaryConn' DESC 'Use t emporary connections if the cached one is busy' SYNTAX OMsBoolean SINGLE-VA LUE ) olcAttributeTypes: ( OLcfgDbAt:3.23 NAME 'olcDbConnectionPoolMax' DESC 'Max size of privileged connections pool' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.24 NAME 'olcDbSessionTrackingRequest' DESC 'Add session tracking control to proxied requests' SYNTAX OMsBoolean SINGLE -VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.25 NAME 'olcDbNoRefs' DESC 'Do not return s earch reference responses' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.26 NAME 'olcDbNoUndefFilter' DESC 'Do not p ropagate undefined search filters' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.108 NAME 'olcDbOnErr' DESC 'error handling' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.27 NAME 'olcDbIDAssertPassThru' DESC 'Remot e Identity Assertion passthru rules' EQUALITY caseIgnoreMatch SYNTAX OMsDir ectoryString X-ORDERED 'VALUES' ) olcAttributeTypes: ( OLcfgDbAt:3.29 NAME 'olcDbKeepalive' DESC 'TCP keepaliv e' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' SYNTAX OMsD irectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgOvAt:3.2 NAME 'olcChainCacheURI' DESC 'Enables cac hing of URIs not present in configuration' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgOvAt:3.3 NAME 'olcChainMaxReferralDepth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgOvAt:3.4 NAME 'olcChainReturnError' DESC 'Errors a re returned instead of the original referral' SYNTAX OMsBoolean SINGLE-VALU E ) olcAttributeTypes: ( OLcfgDbAt:12.3 NAME 'olcDbEnvFlags' DESC 'Database envi ronment flags' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgDbAt:12.1 NAME 'olcDbMaxReaders' DESC 'Maximum num ber of threads that may access the DB concurrently' SYNTAX OMsInteger SINGL E-VALUE ) olcAttributeTypes: ( OLcfgDbAt:12.2 NAME 'olcDbMaxSize' DESC 'Maximum size o f DB in bytes' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.101 NAME 'olcDbRewrite' DESC 'DN rewriting rules' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES ' ) olcAttributeTypes: ( OLcfgDbAt:3.102 NAME 'olcDbMap' DESC 'Map attribute and objectclass names' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-OR DERED 'VALUES' ) olcAttributeTypes: ( OLcfgDbAt:3.103 NAME 'olcDbSubtreeExclude' DESC 'DN of subtree to exclude from target' EQUALITY caseIgnoreMatch SYNTAX OMsDirector yString ) olcAttributeTypes: ( OLcfgDbAt:3.104 NAME 'olcDbSubtreeInclude' DESC 'DN of subtree to include in target' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryS tring ) olcAttributeTypes: ( OLcfgDbAt:3.105 NAME 'olcDbDefaultTarget' DESC 'Specify the default target' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.106 NAME 'olcDbDnCacheTtl' DESC 'dncache tt l' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.107 NAME 'olcDbBindTimeout' DESC 'bind time out' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.109 NAME 'olcDbPseudoRootBindDefer' DESC 'e rror handling' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.110 NAME 'olcDbNretries' DESC 'retry handli ng' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.111 NAME 'olcDbClientPr' DESC 'PagedResults handling' SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:3.100 NAME 'olcMetaSub' DESC 'Placeholder to name a Target entry' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SIN GLE-VALUE X-ORDERED 'SIBLINGS' ) olcAttributeTypes: ( OLcfgDbAt:3.112 NAME 'olcDbFilter' DESC 'Filter regex p attern to include in target' EQUALITY caseExactMatch SYNTAX OMsDirectoryStr ing ) olcAttributeTypes: ( OLcfgDbAt:8.1 NAME 'olcDbBindAllowed' DESC 'Allow binds to this database' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:9.1 NAME 'olcPasswdFile' DESC 'File containin g passwd records' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE- VALUE ) olcAttributeTypes: ( OLcfgDbAt:5.1 NAME 'olcRelay' DESC 'Relay DN' SYNTAX OM sDN SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:10.1 NAME 'olcShellBind' DESC 'Bind command a nd arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE-VALU E ) olcAttributeTypes: ( OLcfgDbAt:10.2 NAME 'olcShellUnbind' DESC 'Unbind comma nd and arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE- VALUE ) olcAttributeTypes: ( OLcfgDbAt:10.3 NAME 'olcShellSearch' DESC 'Search comma nd and arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE- VALUE ) olcAttributeTypes: ( OLcfgDbAt:10.4 NAME 'olcShellCompare' DESC 'Compare com mand and arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGL E-VALUE ) olcAttributeTypes: ( OLcfgDbAt:10.5 NAME 'olcShellModify' DESC 'Modify comma nd and arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE- VALUE ) olcAttributeTypes: ( OLcfgDbAt:10.6 NAME 'olcShellModRDN' DESC 'ModRDN comma nd and arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE- VALUE ) olcAttributeTypes: ( OLcfgDbAt:10.7 NAME 'olcShellAdd' DESC 'Add command and arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:10.8 NAME 'olcShellDelete' DESC 'Delete comma nd and arguments' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE- VALUE ) olcAttributeTypes: ( OLcfgDbAt:7.3 NAME 'olcOvSocketOps' DESC 'Operation typ es to forward' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgDbAt:7.4 NAME 'olcOvSocketResps' DESC 'Response ty pes to forward' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgDbAt:7.1 NAME 'olcDbSocketPath' DESC 'Pathname for Unix domain socket' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SING LE-VALUE ) olcAttributeTypes: ( OLcfgDbAt:7.2 NAME 'olcDbSocketExtensions' DESC 'binddn , peername, or ssf' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) olcAttributeTypes: ( OLcfgOvAt:1.1 NAME 'olcSpCheckpoint' DESC 'ContextCSN c heckpoint interval in ops and minutes' SYNTAX OMsDirectoryString SINGLE-VAL UE ) olcAttributeTypes: ( OLcfgOvAt:1.2 NAME 'olcSpSessionlog' DESC 'Session log size in ops' SYNTAX OMsInteger SINGLE-VALUE ) olcAttributeTypes: ( OLcfgOvAt:1.3 NAME 'olcSpNoPresent' DESC 'Omit Present phase processing' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgOvAt:1.4 NAME 'olcSpReloadHint' DESC 'Observe Relo ad Hint in Request control' SYNTAX OMsBoolean SINGLE-VALUE ) olcAttributeTypes: ( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' DESC 'Filename fo r auditlogging' SYNTAX OMsDirectoryString ) olcAttributeTypes: ( olmDatabaseAttributes:1 NAME 'olmDbDirectory' DESC 'Pat h name of the directory where the database environment resides' SUP monitor edInfo NO-USER-MODIFICATION USAGE dSAOperation ) olcObjectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' AB STRACT MUST objectClass ) olcObjectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DES C 'RFC4512: extensible object' SUP top AUXILIARY ) olcObjectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC4512: an alias' SUP top ST RUCTURAL MUST aliasedObjectName ) olcObjectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: named subordinate referral' SUP top STRUCTURAL MUST ref ) olcObjectClasses: ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProo tDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn ) olcObjectClasses: ( 2.5.17.0 NAME 'subentry' DESC 'RFC3672: subentry' SUP to p STRUCTURAL MUST ( cn $ subtreeSpecification ) ) olcObjectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'RFC4512: controlling sub schema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITConte ntRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) ) olcObjectClasses: ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC 'RF C2589: Dynamic Object' SUP top AUXILIARY ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' DESC 'Glue Entry' S UP top STRUCTURAL ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry' DES C 'Persistent Info for SyncRepl Consumer' AUXILIARY MAY syncreplCookie ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry' DES C 'Persistent Info for SyncRepl Producer' AUXILIARY MAY contextCSN ) olcObjectClasses: ( OLcfgGlOc:0 NAME 'olcConfig' DESC 'OpenLDAP configuratio n object' SUP top ABSTRACT ) olcObjectClasses: ( OLcfgGlOc:1 NAME 'olcGlobal' DESC 'OpenLDAP Global confi guration options' SUP olcConfig STRUCTURAL MAY ( cn $ olcConfigFile $ olcCo nfigDir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $ ol cConnMaxPendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $ olcInd exSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $ olcIndex SubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcLogF ile $ olcLogLevel $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFi le $ olcPluginLogFile $ olcReadOnly $ olcReferral $ olcReplogFile $ olcRequ ires $ olcRestrict $ olcReverseLookup $ olcRootDSE $ olcSaslAuxprops $ olcS aslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcS izeLimit $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificat ePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuit e $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFil e $ olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentR ules $ olcLdapSyntaxes ) ) olcObjectClasses: ( OLcfgGlOc:2 NAME 'olcSchemaConfig' DESC 'OpenLDAP schema object' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $ olcLdapS yntaxes $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) ) olcObjectClasses: ( OLcfgGlOc:3 NAME 'olcBackendConfig' DESC 'OpenLDAP Backe nd-specific options' SUP olcConfig STRUCTURAL MUST olcBackend ) olcObjectClasses: ( OLcfgGlOc:4 NAME 'olcDatabaseConfig' DESC 'OpenLDAP Data base-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY ( olcH idden $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $ olcLast Mod $ olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ olcReplo gFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ o lcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN $ olcUpdateRef $ olcMirrorMode $ olcMonitoring $ olcExtraAtt rs ) ) olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP Overl ay-specific options' SUP olcConfig STRUCTURAL MUST olcOverlay ) olcObjectClasses: ( OLcfgGlOc:6 NAME 'olcIncludeFile' DESC 'OpenLDAP configu ration include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY ( cn $ ol cRootDSE ) ) olcObjectClasses: ( OLcfgGlOc:7 NAME 'olcFrontendConfig' DESC 'OpenLDAP fron tend configuration' AUXILIARY MAY ( olcDefaultSearchBase $ olcPasswordHash $ olcSortVals ) ) olcObjectClasses: ( OLcfgGlOc:8 NAME 'olcModuleList' DESC 'OpenLDAP dynamic module info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $ olcModuleL oad ) ) olcObjectClasses: ( OLcfgDbOc:2.1 NAME 'olcLdifConfig' DESC 'LDIF backend co nfiguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.1 NAME 'monitor' DESC 'OpenLDA P system monitoring' SUP top STRUCTURAL MUST cn MAY ( description $ seeAlso $ labeledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.2 NAME 'monitorServer' DESC 'S erver monitoring root entry' SUP monitor STRUCTURAL ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.3 NAME 'monitorContainer' DESC 'monitor container class' SUP monitor STRUCTURAL ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.4 NAME 'monitorCounterObject' DESC 'monitor counter class' SUP monitor STRUCTURAL ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.5 NAME 'monitorOperation' DESC 'monitor operation class' SUP monitor STRUCTURAL ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.6 NAME 'monitorConnection' DES C 'monitor connection class' SUP monitor STRUCTURAL ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.7 NAME 'managedObject' DESC 'm onitor managed entity class' SUP monitor STRUCTURAL ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.8 NAME 'monitoredObject' DESC 'monitor monitored entity class' SUP monitor STRUCTURAL ) olcObjectClasses: ( OLcfgDbOc:4.1 NAME 'olcMonitorConfig' DESC 'Monitor back end configuration' SUP olcDatabaseConfig STRUCTURAL ) olcObjectClasses: ( OLcfgDbOc:1.1 NAME 'olcBdbConfig' DESC 'BDB backend conf iguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcDb CacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLine arIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ ol cDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) ) olcObjectClasses: ( OLcfgDbOc:1.2 NAME 'olcHdbConfig' DESC 'HDB backend conf iguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcDb CacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLine arIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ ol cDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) ) olcObjectClasses: ( OLcfgDbOc:3.1 NAME 'olcLDAPConfig' DESC 'LDAP backend co nfiguration' SUP olcDatabaseConfig STRUCTURAL MAY ( olcDbURI $ olcDbStartTL S $ olcDbACLAuthcDn $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertAuthcDn $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAsse rtAuthzFrom $ olcDbIDAssertPassThru $ olcDbRebindAsUser $ olcDbChaseReferra ls $ olcDbTFSupport $ olcDbProxyWhoAmI $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbProtocolVersion $ olcDbSingleConn $ olcDbCancel $ olcDbQuarantine $ olcDbUseTemporaryConn $ olcDbConnectionP oolMax $ olcDbSessionTrackingRequest $ olcDbNoRefs $ olcDbNoUndefFilter $ o lcDbOnErr $ olcDbKeepalive ) ) olcObjectClasses: ( OLcfgOvOc:3.1 NAME 'olcChainConfig' DESC 'Chain configur ation' SUP olcOverlayConfig STRUCTURAL MAY ( olcChainingBehavior $ olcChain CacheURI $ olcChainMaxReferralDepth $ olcChainReturnError ) ) olcObjectClasses: ( OLcfgOvOc:3.2 NAME 'olcChainDatabase' DESC 'Chain remote server configuration' AUXILIARY ) olcObjectClasses: ( OLcfgOvOc:3.3 NAME 'olcPBindConfig' DESC 'Proxy Bind con figuration' SUP olcOverlayConfig STRUCTURAL MUST olcDbURI MAY ( olcDbStartT LS $ olcDbNetworkTimeout $ olcDbQuarantine ) ) olcObjectClasses: ( OLcfgOvOc:7.1 NAME 'olcDistProcConfig' DESC 'Distributed procedures <draft-sermersheim-ldap-distproc> configuration' SUP olcOverlay Config STRUCTURAL MAY ( olcChainingBehavior $ olcChainCacheURI ) ) olcObjectClasses: ( OLcfgOvOc:7.2 NAME 'olcDistProcDatabase' DESC 'Distribut ed procedure remote server configuration' AUXILIARY ) olcObjectClasses: ( OLcfgDbOc:12.1 NAME 'olcMdbConfig' DESC 'MDB backend con figuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcD bCheckpoint $ olcDbEnvFlags $ olcDbNoSync $ olcDbIndex $ olcDbMaxReaders $ olcDbMaxsize $ olcDbMode $ olcDbSearchStack ) ) olcObjectClasses: ( OLcfgDbOc:3.2 NAME 'olcMetaConfig' DESC 'Meta backend co nfiguration' SUP olcDatabaseConfig STRUCTURAL MAY ( olcDbConnTtl $ olcDbDnC acheTtl $ olcDbIdleTimeout $ olcDbOnErr $ olcDbPseudoRootBindDefer $ olcDbS ingleConn $ olcDbUseTemporaryConn $ olcDbConnectionPoolMax $ olcDbBindTimeo ut $ olcDbCancel $ olcDbChaseReferrals $ olcDbClientPr $ olcDbDefaultTarget $ olcDbNetworkTimeout $ olcDbNoRefs $ olcDbNoUndefFilter $ olcDbNretries $ olcDbProtocolVersion $ olcDbQuarantine $ olcDbRebindAsUser $ olcDbSessionT rackingRequest $ olcDbStartTLS $ olcDbTFSupport ) ) olcObjectClasses: ( OLcfgDbOc:3.3 NAME 'olcMetaTargetConfig' DESC 'Meta targ et configuration' SUP olcConfig STRUCTURAL MUST ( olcMetaSub $ olcDbURI ) M AY ( olcDbACLAuthcDn $ olcDbACLPasswd $ olcDbIDAssertAuthzFrom $ olcDbIDAss ertBind $ olcDbMap $ olcDbRewrite $ olcDbSubtreeExclude $ olcDbSubtreeInclu de $ olcDbTimeout $ olcDbKeepalive $ olcDbFilter $ olcDbBindTimeout $ olcDb Cancel $ olcDbChaseReferrals $ olcDbClientPr $ olcDbDefaultTarget $ olcDbNe tworkTimeout $ olcDbNoRefs $ olcDbNoUndefFilter $ olcDbNretries $ olcDbProt ocolVersion $ olcDbQuarantine $ olcDbRebindAsUser $ olcDbSessionTrackingReq uest $ olcDbStartTLS $ olcDbTFSupport ) ) olcObjectClasses: ( OLcfgDbOc:8.1 NAME 'olcNullConfig' DESC 'Null backend oc nfiguration' SUP olcDatabaseConfig STRUCTURAL MAY olcDbBindAllowed ) olcObjectClasses: ( OLcfgDbOc:9.1 NAME 'olcPasswdConfig' DESC 'Passwd backen d configuration' SUP olcDatabaseConfig STRUCTURAL MAY olcPasswdFile ) olcObjectClasses: ( OLcfgDbOc:5.1 NAME 'olcRelayConfig' DESC 'Relay backend configuration' SUP olcDatabaseConfig STRUCTURAL MAY olcRelay ) olcObjectClasses: ( OLcfgDbOc:10.1 NAME 'olcShellConfig' DESC 'Shell backend configuration' SUP olcDatabaseConfig STRUCTURAL MAY ( olcShellBind $ olcSh ellUnbind $ olcShellSearch $ olcShellCompare $ olcShellModify $ olcShellMod RDN $ olcShellAdd $ olcShellDelete ) ) olcObjectClasses: ( OLcfgDbOc:7.1 NAME 'olcDbSocketConfig' DESC 'Socket back end configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbSocketPath MA Y olcDbSocketExtensions ) olcObjectClasses: ( OLcfgDbOc:7.2 NAME 'olcOvSocketConfig' DESC 'Socket over lay configuration' SUP olcOverlayConfig STRUCTURAL MUST olcDbSocketPath MAY ( olcDbSocketExtensions $ olcOvSocketOps $ olcOvSocketResps ) ) olcObjectClasses: ( OLcfgOvOc:1.1 NAME 'olcSyncProvConfig' DESC 'SyncRepl Pr ovider configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcSpCheckpoint $ olcSpSessionlog $ olcSpNoPresent $ olcSpReloadHint ) ) olcObjectClasses: ( OLcfgOvOc:15.1 NAME 'olcAuditlogConfig' DESC 'Auditlog c onfiguration' SUP olcOverlayConfig STRUCTURAL MAY olcAuditlogFile ) olcObjectClasses: ( olmMDBObjectClasses:2 NAME 'olmMDBDatabase' SUP top AUXI LIARY MAY olmDbDirectory ) structuralObjectClass: olcSchemaConfig entryUUID: ba52ce04-097c-1036-94c7-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: cn={0}core,cn=schema,cn=config objectClass: olcSchemaConfig cn: {0}core olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: k nowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15{32768} ) olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial nu mber of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: tw o-letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1. 11 SINGLE-VALUE ) olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: l ocality which this object resides in' SUP name ) olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RF C2256: state or province which this object resides in' SUP name ) olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2 256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC22 56: organization this object belongs to' SUP name ) olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object belongs to' SUP name ) olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associate d with the entity' SUP name ) olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search g uide, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 25 ) olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: bus iness category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal co de' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15{40} ) olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post O ffice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RF C2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Tele phone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Nu mber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC 2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.22 ) olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Ad dress' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.36{15} ) olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC22 56: international ISDN number' EQUALITY numericStringMatch SUBSTR numericSt ringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: re gistered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121. 1.41 ) olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC22 56: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE- VALUE ) olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.43 SINGLE-VALUE ) olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'R FC2256: supported application context' EQUALITY objectIdentifierMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a g roup' SUP distinguishedName ) olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName ) olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupan t of role' SUP distinguishedName ) olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.50 9 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.8 ) olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.8 ) olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC22 56: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.9 ) olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC 2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.9 ) olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.10 ) olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: f irst name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some or all of names, but not the surname(s).' SUP name ) olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qualifier indicating a generation' SUP name ) olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.6 ) olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN quali fier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.42 ) olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.34 ) olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: hous e identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP name ) olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudon ym for the object' SUP name ) olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mail box' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR ca seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompo nent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match S UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN GLE-VALUE ) olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match S UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26{128} ) olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) ) olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SU P top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ descriptio n ) ) olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organiz ation' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicato r $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ tel ephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an o rganizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchG uide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ desti nationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalId entifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNu mber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDelive ryOfficeName $ st $ l $ description ) ) olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP to p STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAls o $ description ) ) olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ r egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNu mber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumbe r $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postal Address $ physicalDeliveryOfficeName $ ou $ st $ l ) ) olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an o rganizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ register edAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ fac simileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOffic eName $ ou $ st $ l $ description ) ) olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategor y $ seeAlso $ owner $ ou $ o $ description ) ) olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an r esidential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x1 21Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMet hod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internati onaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ stree t $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) ) olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ de scription ) ) olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MA Y ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ) olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory syste m agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformati on ) olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC22 56: a strong authentication user' SUP top AUXILIARY MUST userCertificate ) olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256 : a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair ) olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ de scription ) ) olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC225 6: a user security information' SUP top AUXILIARY MAY supportedAlgorithms ) olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP cert ificationAuthority AUXILIARY MAY deltaRevocationList ) olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTU RAL MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ del taRevocationList ) ) olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST dmdName MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ tel exNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNN umber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ po stalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' S UP top AUXILIARY MAY userCertificate ) olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRe vocationList $ cACertificate $ crossCertificatePair ) ) olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SU P top AUXILIARY MAY deltaRevocationList ) olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'R FC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY labeledURI ) olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObjec t' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPasswo rd ) olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain component object' SUP top AUXILIARY MUST dc ) olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid ob ject' SUP top AUXILIARY MUST uid ) structuralObjectClass: olcSchemaConfig entryUUID: ba560b0a-097c-1036-94c8-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: cn={1}cosine,cn=schema,cn=config objectClass: olcSchemaConfig cn: {1}cosine olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: general information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteD rink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RF C1274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274 : photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC 1274: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1 274: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 ) olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' D ESC 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DE SC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'home TelephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephone NumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.50 ) olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'R FC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 ) olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNT AX 1.3.6.1.4.1.1466.115.121.1.39 ) olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUAL ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DE SC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedName Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR ca seIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DES C 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileT elephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephon eNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.50 ) olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTel ephoneNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNu mberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.50 ) olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCou ntryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15{256} ) olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStat us' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOpti on' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 ) olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC ' RFC1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality ' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQual ity' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.13 SINGLE-VALUE ) olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQual ity' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.13 SINGLE-VALUE ) olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.23 ) olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.12 ) olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC12 74: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPi lotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rf c822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ person alSignature ) ) olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRU CTURAL MUST userid MAY ( description $ seeAlso $ localityName $ organizatio nName $ organizationalUnitName $ host ) ) olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STR UCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTU RAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNum ber ) ) olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP t op STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ localityName $ organizationName $ organizationalUnitName ) ) olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRU CTURAL MUST domainComponent MAY ( associatedName $ organizationName $ descr iption $ businessCategory $ seeAlso $ searchGuide $ userPassword $ locality Name $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ p ostalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTeleph oneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIden tifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ reg isteredAddress $ x121Address ) ) olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ tel ephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ po stOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNN umber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferr edDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) ) olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domai n STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ C NAMERecord ) ) olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST asso ciatedDomain ) olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country STRUCTURAL MUST friendlyCountryName ) olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa S TRUCTURAL MAY dSAQuality ) olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData ' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMa ximumQuality ) ) structuralObjectClass: olcSchemaConfig entryUUID: ba5ceefc-097c-1036-94c9-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: cn={2}inetorgperson,cn=schema,cn=config objectClass: olcSchemaConfig cn: {2}inetorgperson olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2 798: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2798: identifies a department within an organization' EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 ) olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'R FC2798: preferred name to be used when displaying entries' EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE ) olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC ' RFC2798: numerically identifies an employee within an organization' EQUALIT Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RF C2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RF C2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DE SC 'RFC2798: preferred written or spoken language for a person' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 SINGLE-VALUE ) olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.5 ) olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RF C2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.5 ) olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RF C2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayNam e $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddre ss $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ page r $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIden tifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) structuralObjectClass: olcSchemaConfig entryUUID: ba5fa840-097c-1036-94ca-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: cn={3}nis,cn=schema,cn=config objectClass: olcSchemaConfig cn: {3}nis olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absol ute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY int egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExac tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26 ) olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Net group triple' SYNTAX 1.3.6.1.1.1.0.0 ) olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY inte gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY i ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP addre ss' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP ne twork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128 } SINGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP ne tmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128 } SINGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC addres s' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.boo tparamd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image n ame' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseEx actIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.26{1024} SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ u idNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ ge cos $ description ) ) olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPass word $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowIna ctive $ shadowExpire $ shadowFlag $ description ) ) olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction o f a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( use rPassword $ memberUid $ description ) ) olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description ) olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o f an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ descrip tion ) MAY description ) olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an ONC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) MAY description ) olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a host, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ description $ manager ) ) olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of an IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNe tmaskNumber $ l $ description $ manager ) ) olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberN isNetgroup $ description ) ) olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstrac tion of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY de scription ) olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device with a MAC address' SUP top AUXILIARY MAY macAddress ) olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A devic e with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) structuralObjectClass: olcSchemaConfig entryUUID: ba631520-097c-1036-94cb-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: cn={4}misc,cn=schema,cn=config objectClass: olcSchemaConfig cn: {4}misc olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DES C 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNT AX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' D ESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' D ESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcObjectClasses: {0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipien t' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAd dress $ mailHost $ mailRoutingAddress ) ) olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'N IS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember ) structuralObjectClass: olcSchemaConfig entryUUID: ba664402-097c-1036-94cc-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: cn={5}ppolicy,cn=schema,cn=config objectClass: olcSchemaConfig cn: {5}ppolicy olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALI TY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALI TY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQU ALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALI TY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQ UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQU ALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInt erval' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQU ALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange ' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQU ALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'Loadable module that instantiates "check_password() function' EQUALITY cas eExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP t op AUXILIARY MAY pwdCheckModule ) olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AU XILIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdC heckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLoc kout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMu stChange $ pwdAllowUserChange $ pwdSafeModify ) ) structuralObjectClass: olcSchemaConfig entryUUID: ba68d596-097c-1036-94cd-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to dn.base="" by * read olcAccess: {1}to dn.base="cn=subschema" by * read olcAccess: {2}to dn.children="***" attrs=userPassword b y dn.base="***" write by self write by * aut h olcAccess: {3}to dn.children="***" attrs=shadowLastChang e by dn.base="***" write by self write by * read olcAccess: {4}to dn.children="***" by * read olcAccess: {5}to dn.children="***" by * read olcAccess: {6}to dn.children="***" by * read olcAccess: {7}to dn.children="***" by * read olcAccess: {8}to dn.children="***" by * read olcAccess: {9}to dn.children="dc=org" by * read olcAccess: {10}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=exte rnal,cn=auth" manage by * +0 break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: ba72394c-097c-1036-94cf-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcRootPW:: ************* olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: ba74458e-097c-1036-94d0-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcSuffix: ********* olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: ******************* olcRootPW:: ****************** olcSizeLimit: unlimited olcSyncUseSubentry: FALSE olcSyncrepl: rid=002 provider=ldaps://***:636 bindmethod=sim ple timeout=0 network-timeout=0 binddn="***" c redentials="*******" keepalive=0:0:0 starttls=no tls_cert="/***" tls_key="***" tls_cacert="***" tls_reqcert=demand tls_ciphe r_suite=HIGH filter="(objectclass=*)" searchbase="***" s cope=sub schemachecking=off type=refreshAndPersist retry="60 10 300 10" olcTimeLimit: 1800 olcUpdateRef: ldaps://*** olcMirrorMode: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap/***/mdb olcDbNoSync: FALSE olcDbIndex: objectClass eq olcDbIndex: modifyTimestamp eq olcDbIndex: cn eq,subinitial olcDbIndex: uid eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: ou eq olcDbIndex: member eq olcDbIndex: o eq olcDbIndex: mail eq,subinitial olcDbIndex: memberUid eq olcDbIndex: sn eq,subinitial olcDbIndex: givenName eq,subinitial olcDbIndex: uniqueMember pres,eq olcDbMaxReaders: 0 olcDbMaxSize: 1073741824 olcDbMode: 0600 olcDbSearchStack: 16 structuralObjectClass: olcMdbConfig entryUUID: ba77bb06-097c-1036-94d1-9395bf97badd creatorsName: cn=config createTimestamp: 20160907192632Z entryCSN: 20160907192632.339422Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160907192632Z dn: olcDatabase={2}monitor,cn=config objectClass: olcDatabaseConfig objectClass: olcMonitorConfig olcDatabase: {2}Monitor olcAccess: {0}to * by dn="cn=config" read structuralObjectClass: olcMonitorConfig entryUUID: 6b435b12-f84f-1037-8018-bf7c7cd25d0d creatorsName: cn=config createTimestamp: 20180530121917Z entryCSN: 20180530121917.976664Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20180530121917Z

6 years, 5 months

Re: Getting ldappasswd and PAM in the same page under CentOS 7

by Robert Heller

Things are still not working. Here is my olcDatabase=\{2}hdb.ldif file (which contains the access control): dn: olcDatabase={2}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=deepsoft,dc=com olcRootDN: cn=Manager,dc=deepsoft,dc=com olcRootPW: {SSHA}rAk/xVPcZRGhumUTuc2T9xngcSQwL5Sx olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn=uid=sssd,ou=People,dc=deepsoft,dc=com read by dn=uid=nslcd,ou=People,dc=deepsoft,dc=com read by * none olcAccess: {1}to * by self write by anonymous auth by * read olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub structuralObjectClass: olcHdbConfig entryUUID: 7e6a8cd4-30da-1037-9c55-458bcc6c0ce0 creatorsName: cn=config createTimestamp: 20170918163057Z entryCSN: 20170918163057.600191Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20170918163057Z And here is the log files from slapd (run with -s 128) and sssd_map (also with debugging enabled): ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2017-09-21 09:46:06 EDT; 4min 7s ago Docs: man:slapd man:slapd-config man:slapd-hdb man:slapd-mdb file:///usr/share/doc/openldap-servers/guide.html Process: 17533 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS) Process: 17495 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS) Main PID: 17535 (slapd) CGroup: /system.slice/slapd.service └─17535 /usr/sbin/slapd -u ldap -h ldapi:/// ldap://127.0.0.1/ ldap://192.168.250.98/ -s 128 Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (homeDirectory) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "homeDirectory" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr homeDirectory Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "homeDirectory" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (loginShell) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "loginShell" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr loginShell Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "loginShell" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (gecos) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "gecos" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gecos Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "gecos" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (shadowLastChange) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "shadowLastChange" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr shadowLastChange Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "shadowLastChange" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (shadowMax) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "shadowMax" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr shadowMax Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "shadowMax" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (userPassword) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "userPassword" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [1] attr userPassword Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "userPassword" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: uid=sssd,ou=people,dc=deepsoft,dc=com Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (modifyTimestamp) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr modifyTimestamp Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=test3user,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test3user,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=heller,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=heller,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=nslcd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=nslcd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=sssd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=sssd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] applying write(=wrscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] mask: write(=wrscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by write(=wrscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by write(=wrscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=9 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=10 SRCH base="dc=deepsoft,dc=com" scope=2 deref=0 filter="(&(memberUid=test2user)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=10 SRCH attr=objectClass cn userPassword gidNumber modifyTimestamp modifyTimestamp Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "dc=deepsoft,dc=com" "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr entry Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "dc=deepsoft,dc=com", attr "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= bdb_equality_candidates: (memberUid) not indexed Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=testuser,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=testuser,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Admins,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Admins,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr objectClass Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr cn Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gidNumber Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gidNumber Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr entry Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (objectClass) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr objectClass Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result was in cache (objectClass) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result was in cache (objectClass) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (cn) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr cn Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (gidNumber) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gidNumber Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (modifyTimestamp) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr modifyTimestamp Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Guests,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Guests,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Computers,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Computers,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Administrators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Administrators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Account Operators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Account Operators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Print Operators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Print Operators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Backup Operators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Backup Operators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Replicators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Replicators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=heller,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=heller,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=nslcd,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=nslcd,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=sssd,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=sssd,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 fd=19 ACCEPT from IP=192.168.250.98:32894 (IP=192.168.250.98:389) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 op=0 STARTTLS Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 op=0 RESULT oid= err=0 text= Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 fd=19 closed (TLS negotiation failure) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=1000 op=11 SRCH base="dc=deepsoft,dc=com" scope=2 deref=0 filter="(&(uid=gdm)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=1000 op=11 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap sshPublicKey mail Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "dc=deepsoft,dc=com" "entry" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr entry Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "dc=deepsoft,dc=com", attr "entry" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= bdb_equality_candidates: (uid) not indexed Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=testuser,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=testuser,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=root,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=root,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=nobody,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=nobody,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=test3user,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test3user,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=heller,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=heller,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=nslcd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=nslcd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=sssd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=sssd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] applying write(=wrscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] mask: write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=1000 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text= (Thu Sep 21 09:18:53 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[16951]. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'heller' matched without domain, user is heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16951 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/heller@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [heller] not found in PAM cache. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=heller@default:-] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bed8b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bed8b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [heller@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1bf0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1cb0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1bf0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1cb0 "ltdb_timeout" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1bf0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bedfa0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1670 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bedfa0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1670 "ltdb_timeout" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bedfa0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is heller@default (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [heller] added to PAM initgroup cache (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller@default (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16951 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:58 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [heller] removed from PAM initgroup cache (Thu Sep 21 09:19:01 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[16994]. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'heller' matched without domain, user is heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16994 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/heller@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [heller] not found in PAM cache. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=heller@default:-] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [heller@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf21c0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf2280 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf21c0 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf2280 "ltdb_timeout" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf21c0 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf0730 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf3b00 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf0730 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf3b00 "ltdb_timeout" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf0730 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is heller@default (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [heller] added to PAM initgroup cache (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller@default (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16994 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf1ca0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf1ca0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:06 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [heller] removed from PAM initgroup cache (Thu Sep 21 09:19:53 2017) [sssd[pam]] [idle_handler] (0x2000): Terminating idle client [0x7f9200be9040][23] (Thu Sep 21 09:19:53 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200be9040][23] (Thu Sep 21 09:20:01 2017) [sssd[pam]] [idle_handler] (0x2000): Terminating idle client [0x7f9200bed350][24] (Thu Sep 21 09:20:01 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200bed350][24] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[17137]. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17137 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e30 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1ef0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1ef0 "ltdb_timeout" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering pam_cmd_close_session (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CLOSE_SESSION (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17137 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e30 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1ef0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1ef0 "ltdb_timeout" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:25:01 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200bf1bd0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[17208]. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17208 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e80 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1f40 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1f40 "ltdb_timeout" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering pam_cmd_close_session (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CLOSE_SESSION (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17208 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e80 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1f40 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1f40 "ltdb_timeout" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:28:01 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200bf03e0][23] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_watch] (0x2000): 0x7f9200be0310/0x7f9200bdf130 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_watch] (0x2000): 0x7f9200be0310/0x7f9200bdf0e0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down (Thu Sep 21 09:46:10 2017) [sssd[pam]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Thu Sep 21 09:46:10 2017) [sssd[pam]] [confdb_get_domain_internal] (0x0400): No enumeration for [default]! (Thu Sep 21 09:46:10 2017) [sssd[pam]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_init_connection] (0x0400): Adding connection 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.service with path /org/freedesktop/sssd/service (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/service with D-Bus connection (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/service (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/service (Thu Sep 21 09:46:10 2017) [sssd[pam]] [monitor_common_send_id] (0x0100): Sending ID: (pam,1) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_names_init_from_args] (0x0100): Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)]. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_init_connection] (0x0400): Adding connection 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [rdp_message_send_internal] (0x0400): DP Request: /org/freedesktop/sssd/dataprovider org.freedesktop.sssd.DataProvider.Client.Register (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218de70 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sysdb_domain_init_internal] (0x0200): DB File for default: /var/lib/sss/db/cache_default.ldb (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sysdb_domain_init_internal] (0x0200): Timestamp file for default: /var/lib/sss/db/timestamps_default.ldb (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21906d0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2190790 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21906d0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2190790 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21906d0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2190870 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2190930 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2190870 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2190930 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2190870 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2190ad0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2190b90 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2190ad0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2190b90 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2190ad0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2192050 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2192110 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2192050 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2192110 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2192050 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): no modules required by the db (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): No modules specified for this database (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2192110 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c21921d0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2192110 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c21921d0 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2192110 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21922b0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2192370 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21922b0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2192370 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21922b0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_process_init] (0x0400): Responder Initialization complete (Thu Sep 21 09:46:10 2017) [sssd[pam]] [get_trusted_uids] (0x0400): All UIDs are allowed. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a268f0:domains@default] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [default][] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c2191be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a268f0:domains@default] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218de70 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c2191be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [rdp_process_pending_call] (0x0400): DP Success (Thu Sep 21 09:46:10 2017) [sssd[pam]] [rdp_register_client_done] (0x0400): Client is registered with DP (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2192a80 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2194cc0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2192a80 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2194cc0 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2192a80 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21929c0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2192a80 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21929c0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2192a80 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21929c0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c218e1a0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c218bcc0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c218e1a0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c218bcc0 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c218e1a0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a268f0:domains@default] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[513] pid[17575]. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'test2user' matched without domain, user is test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17575 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/test2user@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [test2user] not found in PAM cache. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=test2user@default:-] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c21880a0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c21880a0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [test2user@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2196940 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c219a2d0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2196940 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c219a2d0 "ltdb_timeout" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2196940 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2195d40 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c219bb90 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2195d40 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c219bb90 "ltdb_timeout" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2195d40 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [test2user@default@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is test2user@default (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [test2user] added to PAM initgroup cache (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user@default (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17575 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:28 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:28 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:28 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][default] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Thu Sep 21 09:46:28 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:46:28 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:46:28 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7ff3c2195210][23] (Thu Sep 21 09:46:32 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [test2user] removed from PAM initgroup cache (Thu Sep 21 09:46:33 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[513] pid[17576]. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'test2user' matched without domain, user is test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17576 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/test2user@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [test2user] not found in PAM cache. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=test2user@default:-] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c2195280 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c2195280 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [test2user@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21967d0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2196890 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21967d0 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2196890 "ltdb_timeout" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21967d0 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2191330 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c218fd10 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2191330 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c218fd10 "ltdb_timeout" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2191330 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is test2user@default (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [test2user] added to PAM initgroup cache (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user@default (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17576 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c21952c0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c21952c0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:46:33 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:38 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [test2user] removed from PAM initgroup cache (Thu Sep 21 09:47:09 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[513] pid[17586]. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'test2user' matched without domain, user is test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17586 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/test2user@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [test2user] not found in PAM cache. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=test2user@default:-] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218a2b0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218a2b0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [test2user@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c218da40 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c218db00 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c218da40 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c218db00 "ltdb_timeout" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c218da40 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c219bb60 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c219b940 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c219bb60 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c219b940 "ltdb_timeout" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c219bb60 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is test2user@default (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [test2user] added to PAM initgroup cache (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user@default (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17586 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c2190d20 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c2190d20 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:47:09 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:14 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [test2user] removed from PAM initgroup cache What am I missing here? At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <dieter(a)dkluenter.de> wrote: > > Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) > schrieb Robert Heller <heller(a)deepsoft.com>: > > > OK, I fixed the ACLs (I think), but it is still not working. I > > turned on verbose debugging for sssd[pam] and moderate debugging for > > slapd. > >=20 > > Here are my ACLs > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{2}hdb.ldif: > >=20 > > olcAccess: {0}to attrs=3DuserPassword > > by self write > > by anonymous auth > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write > > by * none > > olcAccess: {1}to * > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write > > by * read > >=20 > > There are also these olcAccess entries: > >=20 > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{0}config.ldif: > >=20 > > olcAccess: {0}to * by > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D= > auth" > > manage by * none > >=20 > > and in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{1}monitor.ldif: > >=20 > > olcAccess: {0}to * by > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D= > auth" > > read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * none > [...] > > You may run slapd in debugging mode 128. > > -Dieter > > --=20 > Dieter Kl=C3=BCnter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53=C2=B037'09,95"N > 10=C2=B008'02,42"E > > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller(a)deepsoft.com -- Webhosting Services

7 years, 2 months

Jump to page: