[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3721) back-ldap/back-meta err=4 with saslauthd openldap 2.2.26
Full_Name: Andrew Reilly
Version: 2.2.26
OS: RH Linux ES 3.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (209.167.159.20)
When I point saslauthd directly at an openldap directory whether it is a master
or a slave it works, but if I point it at a back-ldap instance the result is an
err=4. Now, from my reading err=4 occurs when a search exceeds the configured
number of returns but the search being performed by saslauthd only returns one
entry. If I preform the exact same search via ldapsearch against the ldap-back
instance it works. I have tested against 2.2.23 and 2.2.26. The log files
listed below are from @(#) $OpenLDAP: slapd 2.2.26 (May 6 2005 11:18:53) $
A saslauthd query:
May 12 11:36:11 lnx-build slapd[19281]: conn=0 fd=10 ACCEPT from
IP=192.75.93.53:42290 (IP=192.75.93.41:389)
May 12 11:36:11 lnx-build slapd[19281]: connection_get(10)
May 12 11:36:11 lnx-build slapd[19281]: conn=0 op=0 BIND dn="" method=128
May 12 11:36:11 lnx-build slapd[19281]: send_ldap_result: err=0 matched=""
text=""
May 12 11:36:11 lnx-build slapd[19281]: conn=0 op=0 RESULT tag=97 err=0 text=
May 12 11:36:11 lnx-build slapd[19281]: connection_get(10)
May 12 11:36:11 lnx-build slapd[19281]: SRCH "dc=tor,dc=company,dc=com" 2 0
May 12 11:36:11 lnx-build slapd[19281]: 1 5 0
May 12 11:36:11 lnx-build slapd[19281]: filter: (uid=user)
May 12 11:36:11 lnx-build slapd[19281]: attrs:
May 12 11:36:11 lnx-build slapd[19281]:
May 12 11:36:11 lnx-build slapd[19281]: conn=0 op=1 SRCH
base="dc=tor,dc=alias,dc=com" scope=2 deref=0 filter="(uid=user)"
May 12 11:36:11 lnx-build slapd[19281]: query template of incoming query =
(uid=)
May 12 11:36:11 lnx-build slapd[19281]: QUERY NOT ANSWERABLE
May 12 11:36:11 lnx-build slapd[19281]: QUERY NOT CACHEABLE
May 12 11:36:11 lnx-build slapd[19281]: [rw] searchBase:
"dc=tor,dc=company,dc=com" -> "dc=tor,dc=company,dc=com"
May 12 11:36:11 lnx-build slapd[19281]: [rw] searchResult:
"uid=user,ou=People,dc=tor,dc=company,dc=com" ->
"uid=user,ou=People,dc=tor,dc=company,dc=com"
May 12 11:36:11 lnx-build slapd[19281]: [rw] searchAttrDN: "active" -> "active"
May 12 11:36:11 lnx-build slapd[19281]: [rw] searchAttrDN:
"0000000000000000000000000000000000000000000000000000000000000000" ->
"0000000000000000000000000000000000000000000000000000000000000000"
May 12 11:36:11 lnx-build slapd[19281]: [rw] searchAttrDN:
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" ->
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
May 12 11:36:11 lnx-build slapd[19281]: send_ldap_result: err=4 matched=""
text=""
May 12 11:36:11 lnx-build slapd[19281]: conn=0 op=1 SEARCH RESULT tag=101 err=4
nentries=1 text=
A command line query of the same parameters:
May 12 11:42:54 lnx-build slapd[19281]: conn=1 fd=12 ACCEPT from
IP=192.75.20.195:51578 (IP=192.75.93.41:389)
May 12 11:42:54 lnx-build slapd[19281]: connection_get(12)
May 12 11:42:54 lnx-build slapd[19281]: conn=1 op=0 BIND dn="" method=128
May 12 11:42:54 lnx-build slapd[19281]: send_ldap_result: err=0 matched=""
text=""
May 12 11:42:54 lnx-build slapd[19281]: conn=1 op=0 RESULT tag=97 err=0 text=
May 12 11:42:54 lnx-build slapd[19281]: connection_get(12)
May 12 11:42:54 lnx-build slapd[19281]: SRCH "dc=tor,dc=company,dc=com" 2 0
May 12 11:42:54 lnx-build slapd[19281]: 0 0 0
May 12 11:42:54 lnx-build slapd[19281]: filter: (uid=areilly)
May 12 11:42:54 lnx-build slapd[19281]: attrs:
May 12 11:42:54 lnx-build slapd[19281]:
May 12 11:42:54 lnx-build slapd[19281]: conn=1 op=1 SRCH
base="dc=tor,dc=company,dc=com" scope=2 deref=0 filter="(uid=user)"
May 12 11:42:54 lnx-build slapd[19281]: query template of incoming query =
(uid=)
May 12 11:42:54 lnx-build slapd[19281]: QUERY NOT ANSWERABLE
May 12 11:42:54 lnx-build slapd[19281]: QUERY NOT CACHEABLE
May 12 11:42:54 lnx-build slapd[19281]: [rw] searchBase:
"dc=tor,dc=company,dc=com" -> "dc=tor,dc=company,dc=com"
May 12 11:42:54 lnx-build slapd[19281]: [rw] searchResult:
"uid=user,ou=People,dc=tor,dc=company,dc=com" ->
"uid=user,ou=People,dc=tor,dc=company,dc=com"
May 12 11:42:54 lnx-build slapd[19281]: [rw] searchAttrDN: "active" -> "active"
May 12 11:42:54 lnx-build slapd[19281]: [rw] searchAttrDN:
"0000000000000000000000000000000000000000000000000000000000000000" ->
"0000000000000000000000000000000000000000000000000000000000000000"
May 12 11:42:54 lnx-build slapd[19281]: [rw] searchAttrDN:
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" ->
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
May 12 11:42:54 lnx-build slapd[19281]: send_ldap_result: err=0 matched=""
text=""
May 12 11:42:54 lnx-build slapd[19281]: conn=1 op=1 SEARCH RESULT tag=101 err=0
nentries=1 text=
May 12 11:42:54 lnx-build slapd[19281]: connection_get(12)
May 12 11:42:54 lnx-build slapd[19281]: conn=1 op=2 UNBIND
May 12 11:42:54 lnx-build slapd[19281]: conn=1 fd=12 closed
ldapsearch command and results:
ldapsearch -x -h "lnx-build.tor.company.com" -b "dc=tor,dc=company,dc=com"
uid=user
# extended LDIF
#
# LDAPv3
# base <dc=tor,dc=company,dc=com> with scope sub
# filter: uid=user
# requesting: ALL
#
# user, People, tor.company.com
dn: uid=user,ou=People,dc=tor,dc=company,dc=com
saslauthd logs in debug mode (excuse the time differences, the servers are not
synced):
May 12 11:51:07 lnx-dev saslauthd: saslauthd[27437] :rel_accept_lock : released
accept lock
May 12 11:51:07 lnx-dev saslauthd: saslauthd[27439] :get_accept_lock : acquired
accept lock
May 12 11:51:07 lnx-dev saslauthd[27437]: ldap_search_st() failed: Size limit
exceeded
May 12 11:51:07 lnx-dev saslauthd[27437]: do_auth : auth failure:
[user=user] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
May 12 11:51:07 lnx-dev saslauthd: saslauthd[27437] :do_auth : auth
failure: [user=user] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
May 12 11:51:07 lnx-dev saslauthd: saslauthd[27437] :do_request : response:
NO
saslauthd.conf:
ldap_servers: ldap://lnx-build.tor.company.com/
ldap_search_base: dc=tor,dc=company,dc=com
ldap_auth_method: bind
ldap_filter: uid=%U