[Date Prev][Date Next] [Chronological] [Thread] [Top]
Getting output from proxied Active Directory connection

To: <openldap-technical@openldap.org>
Subject: Getting output from proxied Active Directory connection
From: "Clemson, Chris \(IHG\)" <Chris.Clemson@ihg.com>
Date: Wed, 9 Apr 2008 16:45:59 +0100
Content-class: urn:content-classes:message
Thread-index: AchoLCW7J6Vh/XDXRjyw/kX6ZHUmiwyIkIogAAKPpIA=
Thread-topic: Getting output from proxied Active Directory connection
Please excuse the long email, but I wanted to include everything that
might be useful for a diagnosis:

I am having trouble setting up my OpenLDAP proxy.
Eventually, I would like it to authenticate to our domain controller
using idassert-bind, but I'm not worried about that at the moment.
When I issue an ldapsearch command against the domain controller:

ldapsearch -Hldap://LOCALDC -b "" -s base -x -D "cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,DC=emea,DC=corp,DC=local" -W

It works and I get a reply.
When I try it via slapd (running on my machine), It seems to
authenticate me ok (wrong passwords and "-D" options return errors), but
I don't get my details back, other than a success and no results:

 ldapsearch  -b "" -s base -x -D "cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery
,DC=emea,DC=corp,DC=local" -W '(samaccountname=clemsoc)'
 Enter LDAP Password:
 # extended LDIF
 #
 # LDAPv3
 # base <> with scope baseObject
 # filter: (samaccountname=clemsoc)
 # requesting: ALL
 #

 # search result
 search: 2
 result: 0 Success

 # numResponses: 1

"ldapsearch  -b "" -s base -x '(samaccountname=clemsoc)'" also returns
the same result.
When I do the following (ie, not search for anything):
ldapsearch -b "" -s base -x -D "cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,DC=emea,DC=corp,DC=local" -W
I get the following output:

 Enter LDAP Password:
 # extended LDIF
 #
 # LDAPv3
 # base <> with scope baseObject
 # filter: (objectclass=*)
 # requesting: ALL
 #

 #
 dn:
 objectClass: top
 objectClass: OpenLDAProotDSE 

 # search result
 search: 2
 result: 0 Success

 # numResponses: 2
 # numEntries: 1

I am running slapd with -d 9, but can't really see anything that helps
me.

I guess I am missing something, or am not specific enough with my Base
DN.
Basically, all my users (that I want to search for) are in various OUs
under the "Service Delivery" OU in Active Directory.

Ldap.conf
---------
BASE ou=Service Delivery, dc=emea, dc=corp, dc=local
URI ldap://MYMACHINE

Slapd.conf
----------
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/MSOutlook.schema <- custom one I
found on for other attributes
pidfile		/var/openldap/run/slapd.pid
argsfile		/var/openldap/run/slapd.args
Moduleload		back_ldap.la
access to * by * read
database		ldap
uri			ldap://LOCALDC
suffix		"dc=emea,dc=corp,dc=local"
idassert-bind
	bindmethod=simple
	binddn="cn=OpenLDAP Access
Account,cn=users,DC=emea,DC=corp,DC=local"
	credentials="xxxxx"
	mode=none

Below is the "slapd -d 9" output of a request attempt:

@(#) $OpenLDAP: slapd 2.3.39 (Nov 24 2007 18:26:23) $
	vzell@vzell-de:/usr/src/openldap-2.3.39-1/build/servers/slapd
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.5.20: (December 17, 2007)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.5.20: (December 17, 2007)
ldap_url_parse_ext(ldap://LOCALDC)
>>> dnPrettyNormal: <dc=emea,dc=corp,dc=local>
<<< dnPrettyNormal: <dc=emea,dc=corp,dc=local>,
<dc=emea,dc=corp,dc=local>
>>> dnNormalize: <cn=OpenLDAP Access
Account,cn=users,DC=emea,DC=corp,DC=local>
<<< dnNormalize: <cn=openldap access
account,cn=users,dc=emea,dc=corp,dc=local>
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree
$ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $
olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $
olcDbConnectionPoolMax $ reqResult $ reqId $ reqVersion $ reqSizeLimit $
reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $
errSleepTime $ olcSpSessionlog $ mailPreferenceOption ) )
    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree
$ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $
olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $
olcDbConnectionPoolMax $ reqResult $ reqId $ reqVersion $ reqSizeLimit $
reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $
errSleepTime $ olcSpSessionlog $ mailPreferenceOption ) )
    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer
$ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox ) )
    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer
$ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox ) )
    2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
    2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes
$ supportedApplicationContext ) )
    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29
NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $
uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $
olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $
olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $
olcDbProtocolVersion $ olcDbConnectionPoolMax $ reqResult $ reqId $
reqVersion $ reqSizeLimit $ reqTimeLimit $ reqEntries $
olcProxyCacheQueries $ errCode $ errSleepTime $ olcSpSessionlog $
mailPreferenceOption ) )
    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $
reqStart $ reqEnd $ pwdChangedTime $ pwdAccountLockedTime $
pwdFailureTime $ pwdGraceUseTime ) )
    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24
NAME 'protocolInformationMatch' APPLIES protocolInformation )
    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22
NAME 'presentationAddressMatch' APPLIES presentationAddress )
    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $
pager $ otherFacsimiletelephoneNumber $ IPPhone ) )
    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES ( userPassword $ reqControls $
reqRespControls $ reqMod $ reqOld $ reqData $ pwdHistory $ queryid ) )
    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $
olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree
$ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $
olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $
olcDbConnectionPoolMax $ reqResult $ reqId $ reqVersion $ reqSizeLimit $
reqTimeLimit $ reqEntries $ olcProxyCacheQueries $ errCode $
errSleepTime $ olcSpSessionlog $ mailPreferenceOption ) )
    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $
olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $
olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $
olcDbSingleConn $ olcDbUseTemporaryConn $ olcAccessLogSuccess $
reqDeleteOldRDN $ reqAttrsOnly $ pwdReset $ olcPPolicyHashCleartext $
olcPPolicyUseLockout $ olcSpNoPresent $ olcSpReloadHint ) )
    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7
NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $
destinationIndicator $ dnQualifier ) )
    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $
olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile
$ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $
olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $
olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $
olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $
olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $
olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile
$ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $
olcDbIndex $ olcDbLockDetect $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd
$ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $
olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $
olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $
olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $
olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $
reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $
reqAttr $ olcAuditlogFile $ olcDLattrSet $ olcProxyCache $
olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $
errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $
serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $
postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $
dnQualifier $ houseIdentifier $ dmdName $ pseudonym $
textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $
documentIdentifier $ documentTitle $ documentVersion $ documentLocation
$ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $
buildingName $ documentPublisher $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ preferredLanguage $ rdn $
URL $ comment $ conferenceInformation ) )
    2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4
NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $
destinationIndicator $ dnQualifier ) )
    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator
$ dnQualifier ) )
    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $
olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $
olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile
$ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $
olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $
olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $
olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $
olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $
olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile
$ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $
olcDbIndex $ olcDbLockDetect $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd
$ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $
olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $
olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $
olcDbCancel $ olcDbQuarantine $ olcAccessLogOps $ olcAccessLogPurge $
olcAccessLogOld $ reqType $ reqSession $ reqMessage $ reqReferral $
reqMethod $ reqAssertion $ reqScope $ reqDerefAliases $ reqFilter $
reqAttr $ olcAuditlogFile $ olcDLattrSet $ olcProxyCache $
olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ errOp $
errText $ olcSpCheckpoint $ olcValSortAttr $ knowledgeInformation $ sn $
serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $
postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $
dnQualifier $ houseIdentifier $ dmdName $ pseudonym $
textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $
documentIdentifier $ documentTitle $ documentVersion $ documentLocation
$ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $
buildingName $ documentPublisher $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ preferredLanguage $ rdn $
URL $ comment $ conferenceInformation ) )
    1.2.36.79672281.1.13.3 (rdnMatch):     2.5.13.1
(distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
subschemaSubentry $ namingContexts $ aliasedObjectName $
distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $
olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $
olcDbIDAssertAuthcDn $ olcAccessLogDB $ reqDN $ reqAuthzID $ reqNewRDN $
reqNewSuperior $ pwdPolicySubentry $ olcPPolicyDefault $ errMatchedDN $
member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $
associatedName $ dITRedirect $ reports ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension
$ supportedFeatures $ supportedApplicationContext ) )
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=include{0}"
config_build_entry: "cn=include{1}"
config_build_entry: "cn=include{2}"
config_build_entry: "cn=include{3}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}inetorgperson"
config_build_entry: "cn={3}MSOutlook"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}ldap"
backend_startup_one: starting "dc=emea,dc=corp,dc=local"
ldap_back_db_open: URI=ldap://LOCALDC
slapd starting
daemon: added 3r listener=0x0
daemon: added 5r listener=0x10041fc8
daemon: select: listen=5 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
>>> slap_listener(ldap:///)
daemon: listen=5, new connection on 6
daemon: added 6r (active) listener=0x0
daemon: select: listen=5 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 6r
daemon: read activity on 6
connection_get(6): got connid=0
connection_read(6): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 121 contents:
ber_get_next
daemon: select: listen=5 active_threads=0 tvp=NULL
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,DC=emea,DC=corp,DC=local>
<<< dnPrettyNormal: <cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,dc=emea,dc=corp,dc=local>, <cn=chris
clemson,ou=users,ou=SITE,ou=corp,ou=service
delivery,dc=emea,dc=corp,dc=local>
do_bind: version=3 dn="cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,dc=emea,dc=corp,dc=local" method=128
ldap_create
ldap_url_parse_ext(ldap://LOCALDC)
=>ldap_back_getconn: conn=0 op=0: lc=0x10076828 inserted refcnt=1 rc=0
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP LOCALDC:389
ldap_new_socket: 7
ldap_prepare_socket: 7
ldap_connect_to_host: Trying LOCALDCIP:389
ldap_connect_timeout: fd: 7 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush: 123 bytes to sd 7
ldap_result ld 0x100a60b0 msgid 1
ldap_chkResponseList ld 0x100a60b0 msgid 1 all 1
ldap_chkResponseList returns ld 0x100a60b0 NULL
wait4msg ld 0x100a60b0 msgid 1 (timeout 100000 usec)
wait4msg continue ld 0x100a60b0 msgid 1 all 1
** ld 0x100a60b0 Connections:
* host: LOCALDC  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Wed Apr  9 16:36:19 2008

** ld 0x100a60b0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x100a60b0 Response Queue:
   Empty
ldap_chkResponseList ld 0x100a60b0 msgid 1 all 1
ldap_chkResponseList returns ld 0x100a60b0 NULL
ldap_int_select
read1msg: ld 0x100a60b0 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 16 contents:
read1msg: ld 0x100a60b0 msgid 1 message type bind
ber_scanf fmt ({eaa) ber:
ber_scanf fmt ({eaa}) ber:
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg: ld 0x100a60b0 0 new referrals
read1msg:  mark request completed, ld 0x100a60b0 msgid 1
request done: ld 0x100a60b0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
do_bind: v3 bind: "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,dc=emea,dc=corp,dc=local" to "cn=Chris
Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,dc=emea,dc=corp,dc=local"
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 6
daemon: activity on 1 descriptor
daemon: activity on: 6r
daemon: read activity on 6
connection_get(6): got connid=0
connection_read(6): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 51 contents:
ber_get_next
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <>
daemon: select: listen=5 active_threads=0 tvp=NULL
<<< dnPrettyNormal: <>, <>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 6
daemon: activity on 1 descriptor
daemon: activity on: 6r
daemon: read activity on 6
connection_get(6): got connid=0
connection_read(6): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 6 failed errno=0 (No error)
connection_read(6): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=6 for close
connection_close: deferring conn=0 sd=6
daemon: select: listen=5 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: waked
daemon: select: listen=5 active_threads=0 tvp=NULL
do_unbind
connection_resched: attempting closing conn=0 sd=6
connection_close: conn=0 sd=6
=>ldap_back_conn_destroy: fetching conn 0
daemon: removing 6
daemon: shutdown requested and initiated.
daemon: closing 5
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
slapd destroy: freeing system resources.
ldap_free_connection 1 1
ldap_send_unbind
ber_flush: 7 bytes to sd 7
ldap_free_connection: actually freed
slapd stopped.

Thank you,

Chris
Follow-Ups:
- RE: Getting output from proxied Active Directory connection
  - From: "Clemson, Chris \(IHG\)" <Chris.Clemson@ihg.com>
Prev by Date: Re: Xen with OpenLDAP
Next by Date: Re: Xen with OpenLDAP
Index(es):
- Chronological
- Thread