[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: I can not understand the error messages

To: Stefan Nägeli <ns@kbw.ch>, <openldap-software@OpenLDAP.org>
Subject: Re: I can not understand the error messages
From: Charles Sabourdin <kaneda@dedaletechnology.com>
Date: Tue, 26 Mar 2002 13:51:59 +0100
In-reply-to: <001901c1d44a$35996bc0$0a00a8c0@zem>
References: <200203251906.g2PJ68U76719@galois.openldap.org> <001901c1d44a$35996bc0$0a00a8c0@zem>
Le Lundi 25 Mars 2002 23:12, Stefan Nägeli a écrit :
> Hi
>
> I'm not sure about this but in the ldap.conf file there may be some
> problems
>
> 1) is the ip of your ldap-server really 127.0.0.1 ?
127.0.0.1 is localhost, i should work, I try with 192.168.0.40 (the IP)
>
> 2) you could edit the base to ou=people,o=icare,dc=atlas
>     (make sure that the ou people does exist)
yes I can access it though 
using either dn="uid=test,ou=people,o=icare,dc=atlas", anonymous login or 
dn="cn=manager,o=icare,dc=atlas"
>
> 3) comment out the binddn and bindpw at the moment. Then an anonymous login
> will be tried.
>     (normally you should bind as a person. For example
> uid=login,ou=people,o=icare,dc=atlas)
>
> 4) make sure your test user is in the objectClass posixAccount otherwise
> comment out the pam_filter rule in the ldap.conf file

the ldif for user test is :

dn: uid=test,ou=people, O=ICARE,DC=ATLAS
mssfuhomedirectory: /home/sites/site2/users/test/ 
userpassword:: dGVzdA==
loginshell: /bin/bash
uidnumber: 500
gidnumber: 115
shadowflag: 13450060
shadowexpire: -1
shadowmax: 99999
uid: test
objectclass: top
objectclass: account
objectclass: posixAccount
objectclass: shadowAccount
shadowlastchange: 11740
cn: test
shadowinactive: -1
shadowwarning: 7

shall I use objectClass = posixAccount or objectClass = shadowAccount ?
I commented the pam_filter anyway.
>
> Hope this helps.
I does I search.
After changing host form 12.0.0.1 to 192.168.0.40. 
I comment all the pam_* set and then I have the following information when I 
try to do a su -l test (the directory " /home/sites/site2/users/test/ " exist)

do_bind
do_bind: version 2 dn () method 128
send_ldap_result 0::
ber_get_next on fd 12 failed errno 0 (Success)
*** got 0 of 0 so far
do_unbind
do_bind
do_bind: version 2 dn () method 128
send_ldap_result 0::
do_search
using base "O=ICARE,DC=ATLAS"
subtree_candidates: base: "O=ICARE,DC=ATLAS" lookupbase
dn2entry_r: dn: "O=ICARE,DC=ATLAS"
=> dn2id( "O=ICARE,DC=ATLAS" )
====> cache_find_entry_dn2id: found dn: O=ICARE,DC=ATLAS
<= dn2id 1 (in cache)
=> id2entry_r( 1 )
====> cache_find_entry_dn2id: found id: 1 rw: 0
<= id2entry_r 0x808efc0 (cache)
====> cache_return_entry_r
=> filter_candidates
=> list_candidates 0xa1
=> filter_candidates
=> ava_candidates 0xa3
=> index_read( "objectclass" "=" "REFERRAL" )
=> ldbm_cache_open( "/var/lib/ldap/objectclass.dbb", 7, 600 )
<= ldbm_cache_open (cache 3)
<= index_read 0 candidates
<= ava_candidates 0
<= filter_candidates 0
=> filter_candidates
=> list_candidates 0xa0
=> filter_candidates
=> ava_candidates 0xa3
=> index_read( "objectclass" "=" "POSIXACCOUNT" )
=> ldbm_cache_open( "/var/lib/ldap/objectclass.dbb", 7, 600 )
<= ldbm_cache_open (cache 3)
<= index_read 4 candidates
<= ava_candidates 4
<= filter_candidates 4
=> filter_candidates
=> ava_candidates 0xa3
=> index_read( "uid" "=" "TEST" )
<= index_read 10 candidates (allids - not indexed)
<= ava_candidates 10
<= filter_candidates 10
<= list_candidates 4
<= filter_candidates 4
<= list_candidates 4
<= filter_candidates 4
=> id2entry_r( 5 )
====> cache_find_entry_dn2id: found id: 5 rw: 0
<= id2entry_r 0x808e900 (cache)
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> send_search_entry (uid=test,ou=people,o=icare,dc=atlas)
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
<= send_search_entry
====> cache_return_entry_r
=> id2entry_r( 7 )
====> cache_find_entry_dn2id: found id: 7 rw: 0
<= id2entry_r 0x80a6ac8 (cache)
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: .*
=> string_expand: pattern:  .*
=> string_expand: expanded: .*
=> regex_matches: string:
=> regex_matches: rc: 0 matches
====> cache_return_entry_r
send_ldap_result 4::
ber_get_next on fd 12 failed errno 0 (Success)
*** got 0 of 0 so far




>
>
>
> ----- Original Message -----
> From: "Charles Sabourdin" <kaneda@dedaletechnology.com>
> To: <openldap-software@OpenLDAP.org>
> Sent: Monday, March 25, 2002 8:04 PM
> Subject: I can not understand the error messages
>
> >   Hello,
> >   I join the mailing list, because I can not understand what my problems
> > are since I look a lot though google and the archives mailing list I
> > still do not understand what I am doing wrong.
> >
> >   Here is the story. I try to install openLDAP in order to link it to the
>
> pam
>
> > interface and make openLDAP my authentification system.
> > At first I could not add test.ldif  so I skip the schema check, then now
> > I can connect to my ldap server (I allow anyone to write because I am in
>
> debug
>
> > mod)
> >
> > after allowing connection to the ldap base, I try to make the connection
>
> to
>
> > pam (su) so when I do "su -l test" I have "su: user test does not exist"
> > answer I try to understand what my ldap server says (in order to correct
>
> the
>
> > parameter file but I don't find any information about that).
> >
> > slapd -d 1
> > result is :
> >
> > do_bind
> > do_bind: version 2 dn (         ou=people,o=icare,dc=atlas) method 128
> > dn2entry_r: dn: "OU=PEOPLE,O=ICARE,DC=ATLAS"
> > => dn2id( "OU=PEOPLE,O=ICARE,DC=ATLAS" )
> > ====> cache_find_entry_dn2id: found dn: OU=PEOPLE,O=ICARE,DC=ATLAS
> > <= dn2id 3 (in cache)
> > => id2entry_r( 3 )
> > ====> cache_find_entry_dn2id: found id: 3 rw: 0
> > <= id2entry_r 0x808e7e8 (cache)
> > send_ldap_result 48::
> > ====> cache_return_entry_r
> > ber_get_next on fd 7 failed errno 0 (Success)
> > *** got 0 of 0 so far
> > do_unbind
> >
> > I would like to undestand what the server is doing.
> > I join file :
> >
> > --/etc/openldap/sldap (I erease the comment ) --
> > include         /etc/openldap/slapd.at.conf
> > include         /etc/openldap/slapd.oc.conf
> > schemacheck     off
> >
> > pidfile         /var/run/slapd.pid
> > argsfile        /var/run/slapd.args
> >
> > database        ldbm
> > suffix         "o=icare,dc=atlas"
> > rootdn         "cn=manager,o=icare,dc=atlas"
> > rootpw          pass
> > access to * by * write
> > directory       /var/lib/ldap
> >
> > -- /etc/ldap.conf (I erease the comment ) --
> > #
> > # ...
> >
> > # Your LDAP server. Must be resolvable without using LDAP.
> > host 127.0.0.1
> >
> > # The distinguished name of the search base.
> > directory       /var/lib/ldap
> > base            o=icare,dc=atlas
> > suffix          o=icare,dc=atlas
> > binddn          ou=people,o=icare,dc=atlas
> > bindpw          pass
> > scope           sub
> >
> > pam_filter objectclass=posixAccount
> > pam_login_attribute uid
> > pam_member_attribute gidnumber
> > pam_crypt local
> >
> > --
> > ressources
> > http://www.linux.org/docs/ldp/howto/LDAP-Implementation-HOWTO/pamnss.html
> >
> > (in french)
> > http://jfgiraud.free.fr/programmation/ldapauth/vinitial/
> >
> > ---------------
> > server config RPM :
> >
> > openldap-1.2.9-6
> > --
> > pam-0.72-7
> > pamconfig-cobalt-2.0-3
> > Authen-PAM.pm-0.04-1
> > cobalt_nsswitch-1.0-1C1
> > --
> > migration tools:
> > ftp://ftp.padl.com/pub/MigrationTools.tar.gz ( $Id: migrate_common.ph,v
>
> 1.1
>
> > 2001/08/12 15:19:36 lukeh Exp $)
> >
> > --
> > thank you for any help you can give
References:
- I can not understand the error messages
  - From: Charles Sabourdin <kaneda@dedaletechnology.com>
- Re: I can not understand the error messages
  - From: Stefan Nägeli <ns@kbw.ch>
Prev by Date: Re: adding all entries in ldif file
Next by Date: Re: about server type
Index(es):
- Chronological
- Thread