[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP issue - Puzzling
There are no errors in those logs. What is the problem? What are you
trying to do and what are you expecting to happen? What are the relevant
parts of your config?
You may consider adjusting the log level and/or running slapd in debug
mode ('-d -1' gets you everything). See the slapd.conf man page for info
on available log levels.
On Thu, 26 Jan 2006, Marc Suttle wrote:
>Hello list,
> I have an encryption system that is doing LDAP queries for user
>authentication. On my test systems everything went perfect.
>
>Here is a snippet from the log on the successful server with
>loglevel=256:
>
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 fd=10 ACCEPT from
>IP=172.16.1.50:35266 (IP=0.0.0.0:389)
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" method=128
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=0 RESULT tag=97 err=0
>text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=1 SRCH base="" scope=0
>deref=0 filter="(objectClass=*)"
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=1 SRCH
>attr=namingContexts
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=1 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=2 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0
>filter="(|(uid=msuttle)(?=undefined))"
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=2 SRCH attr=uid
>sAMAccountName
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=2 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=3 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0
>filter="(|(uid=msuttle)(?=undefined))"
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=3 SRCH attr=dn
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=3 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=6 fd=10 closed
>Jan 26 00:44:03 openldap slapd[29775]: conn=7 fd=13 ACCEPT from
>IP=172.16.1.50:35267 (IP=0.0.0.0:389)
>Jan 26 00:44:03 openldap slapd[29775]: conn=7 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" method=128
>Jan 26 00:44:03 openldap slapd[29775]: conn=7 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0
>Jan 26 00:44:03 openldap slapd[29775]: conn=7 op=0 RESULT tag=97 err=0
>text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=7 fd=13 closed
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 fd=10 ACCEPT from
>IP=172.16.1.50:35268 (IP=0.0.0.0:389)
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" method=128
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=0 RESULT tag=97 err=0
>text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=1 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)"
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=1 SRCH attr=mail
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=1 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=2 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)"
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=2 SRCH attr=cn
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=2 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=3 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)"
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=3 SRCH attr=uid
>sAMAccountName
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=3 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=4 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)"
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=4 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=5 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)"
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=5 SRCH
>attr=userCertificate;binary
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=5 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:03 openldap slapd[29775]: conn=8 fd=10 closed
>Jan 26 00:44:04 openldap slapd[29775]: conn=9 fd=10 ACCEPT from
>IP=172.16.1.50:35270 (IP=0.0.0.0:389)
>Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" method=128
>Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=0 BIND
>dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0
>Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=0 RESULT tag=97 err=0
>text=
>Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=1 SRCH
>base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)"
>Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=1 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 26 00:44:04 openldap slapd[29775]: conn=9 fd=10 closed
>
>
>Here is a snippet from the log on the unsuccessful server with
>loglevel=256:
>
>
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 fd=12 ACCEPT from
>IP=10.10.10.4:33561 (IP=0.0.0.0:389)
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=0 BIND
>dn="cn=msuttle,dc=anisecured,dc=com" method=128
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=0 BIND
>dn="cn=msuttle,dc=anisecured,dc=com" mech=SIMPLE ssf=0
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=0 RESULT tag=97 err=0
>text=
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=1 SRCH base="" scope=0
>deref=0 filter="(objectClass=*)"
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=1 SRCH attr=namingContexts
>
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=1 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=2 SRCH
>base="dc=anisecured,dc=com" scope=2 deref=0
>filter="(|(uid=lcompton)(?=undefined))"
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=2 SRCH attr=uid
>sAMAccountName
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=2 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=3 SRCH
>base="dc=anisecured,dc=com" scope=2 deref=0
>filter="(|(uid=lcompton)(?=undefined))"
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=3 SRCH attr=dn
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=3 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 fd=12 closed
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 fd=12 ACCEPT from
>IP=10.10.10.4:33562 (IP=0.0.0.0:389)
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 op=0 BIND
>dn="cn=lcompton,dc=anisecured,dc=com" method=128
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 op=0 BIND
>dn="cn=lcompton,dc=anisecured,dc=com" mech=SIMPLE ssf=0
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 op=0 RESULT tag=97 err=0
>text=
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 fd=12 closed
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 fd=21 ACCEPT from
>IP=10.10.10.4:33563 (IP=0.0.0.0:389)
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=0 BIND
>dn="cn=msuttle,dc=anisecured,dc=com" method=128
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=0 BIND
>dn="cn=msuttle,dc=anisecured,dc=com" mech=SIMPLE ssf=0
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=0 RESULT tag=97 err=0
>text=
>Jan 25 16:33:21 ldap1 slapd[5311]: connection_input: conn=56 deferring
>operation: binding
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=1 SRCH
>base="dc=anisecured,dc=com" scope=2 deref=0 filter="(uid=lcompton)"
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=1 SRCH attr=mail
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=1 SEARCH RESULT tag=101
>err=0 nentries=1 text=
>Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 fd=21 closed
>
>
>Both systems are running CentOS 4.2 and the same version of OpenLDAP
>from the cd's and updated with yum. The new system has the default tls
>certs in use. I also have a third centos system I can test from. I
>really need help on this one as I am facing a deadline to get the
>encryption system up and running.
>
>Any help is appreciated,
>
>Marc
>
--
Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342