[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Auth with pam,nss and ldap processing ACL's
Hi all,
I have a problem with my ldapserver.
I want to authenticate through pam and nss with the help of ldap.
I've build the DIT with slapadd and I'm using the Berkely db.
I've set up the server and the client and I can see my ldapdata on the
server using the
ldap-tools like ldapsearch ( on the commandline) or gq on a GUI. So long so
good.
Problem:
When i try to log in (using su) over ldap on a configured ldap client i get
the
errormessage "Resource temporarily unavailable" on the server (see listing
attached)
and the client (respective su) tells me that the requested user isn't
existent.
I have no clue if this is a problem with the ACL's or of the used db.
I would appreciate every help i can get because I'm on this problem for
about
one week and i have no clue how to proceed.
Norbert Pieroth
Mail: pieroth.n@zdf.de
Tel: (049) 6131 70 8290
****************************************************************************
**************************
****************************************************************************
**************************
START Used Software
****************************************************************************
**************************
****************************************************************************
**************************
Server:
openldap2-2.0.11-6
openldap2-devel-2.0.11-6
openldap2-client-2.0.11-6
db-utils-3.1.17-56
db-3.1.17-56
gdbm-1.8.0-282
Client:
nss_ldap-150-15
pam_ldap-105-31
nss_db-2.1.92-49
gq-0.4.0-48
****************************************************************************
**************************
****************************************************************************
**************************
END Used Software
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
START Listing of ldap.conf
****************************************************************************
**************************
****************************************************************************
**************************
second:~ # more /etc/openldap/ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05
17:54:38 kurt Exp $
#
# LDAP Defaults
#
HOST 192.168.44.200
PORT 389
DEREF always
BASE ou=dbc
SCOPE sub
TIMELIMIT 2
#PAM-specific parameters
#pam_groupdn cn=sshd, ou=group, ou=dbcintern, ou=dbc
#pam_member_attribute uid
#NSS-specific parameters
nss_base_passwd ou=people, ou=dbcintern, ou=dbc
nss_base_group ou=group, ou=dbcintern, ou=dbc
****************************************************************************
**************************
****************************************************************************
**************************
END Listing of ldap.conf
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
START Listing of /etc/nsswitch.conf
****************************************************************************
**************************
****************************************************************************
**************************
passwd: files ldap
shadow: files ldap
group: files ldap
#passwd: compat
#group: compat
hosts: files dns
networks: files dns
... and so on!
****************************************************************************
*************************
****************************************************************************
**************************
END Listing of /etc/nsswitch.conf
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
START Listing of /etc/pam.d/su
****************************************************************************
**************************
****************************************************************************
**************************
#%PAM-1.0
auth required /lib/security/pam_ldap.so
auth optional /lib/security/pam_warn.so
auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_unix.so nullok #set_secrpc
account required /lib/security/pam_unix.so
password required /lib/security/pam_unix.so
#session required /lib/security/pam_homecheck.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
auth optional /lib/security/pam_warn.so
session required /lib/security/pam_unix.so debug # none or
trace
****************************************************************************
**************************
****************************************************************************
**************************
END Listing of /etc/pam.d/su
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
START SLAPD.CONF
****************************************************************************
**************************
****************************************************************************
**************************
# slapd.conf, ldap server einstellungen
argsfile /var/run/slapd.args
pidfile /var/run/slapd.pid
# Schema and objectClass definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/krb5-kdc.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
backend ldbm
database ldbm
directory /var/lib/ldap
suffix "ou=dbc"
rootdn "cn=ldapcheffe, ou=dbc"
updatedn "cn=ldapcheffe, ou=dbc"
rootpw {crypt}cr5UGtIiuf17s
#index default pres,eq
#index objectclass,uid
schemacheck on
include /usr/local/etc/openldap/slapd.access
****************************************************************************
**************************
****************************************************************************
**************************
END SLAPD.CONF
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
START SLAPD.ACCESS
****************************************************************************
**************************
****************************************************************************
**************************
# ACL List for /usr/local/etc/openldap/slapd.conf - file
#defaultaccess read
access to attrs=userpassword
by self write
by anonymous auth
access to dn="(.*,)?ou=people,ou=dbcintern,ou=dbc"
by self write
by anonymous auth
access to dn="(.*,)?ou=group,ou=dbcintern,ou=dbc"
by self write
by anonymous auth
access to *
by * read
****************************************************************************
**************************
****************************************************************************
**************************
END SLAPD.ACCESS
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
****************************************************************************
**************************
START DEBUGMESSAGES FROM SLAPD (look for (Resource temporarily
unavailable) )
Client trys to login with su -l <client-name>
****************************************************************************
**************************
****************************************************************************
**************************
first:~ # /usr/lib/openldap/slapd -d -1
@(#) $OpenLDAP: slapd 2.0.11-Release (Tue Jul 17 18:02:56 GMT 2001) $
root@D136:/usr/src/packages/BUILD/openldap-2.0.11/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
reading config file /etc/openldap/slapd.conf
line 2 (argsfile /var/run/slapd.args)
line 3 (pidfile /var/run/slapd.pid)
line 6 (include /etc/openldap/schema/core.schema)
reading config file /etc/openldap/schema/core.schema
line 29 (attributetype ( 2.5.18.1 NAME 'createTimestamp' EQUALITY
generalizedTimeMatch ORDERING
generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ))
line 35 (attributetype ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY
generalizedTimeMatch ORDERING
generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ))
line 40 (attributetype ( 2.5.18.3 NAME 'creatorsName' EQUALITY
distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperation ))
line 45 (attributetype ( 2.5.18.4 NAME 'modifiersName' EQUALITY
distinguishedNameMatch SYNTAX 1.3.6.1.4
# Debugmessages of the schemas used
.
.
.
line 37 (objectclass ( 2.16.840.1.113730.3.2.TBD NAME
'inetLocalMailRecipient' DESC 'Internet
local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost
$ mailRoutingAddress ) ))
line 47 (attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember'
DESC 'rfc822 mail
address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 ))
line 57 (objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC
'NIS mail alias' SUP
top STRUCTURAL MUST cn MAY rfc822MailMember ))
line 16 (backend ldbm)
line 17 (database ldbm)
line 18 (directory /var/lib/ldap)
line 20 (suffix "ou=dbc")
line 21 (rootdn "cn=ldapcheffe, ou=dbc")
line 22 (updatedn "cn=ldapcheffe, ou=dbc")
line 23 (rootpw {crypt}cr5UGtIiuf17s )
line 26 (schemacheck on)
line 29 (include /usr/local/etc/openldap/slapd.access)
reading config file /usr/local/etc/openldap/slapd.access
line 6 (access to attrs=userpassword by self write by anonymous
auth)
Backend ACL: access to attrs=userpassword
by self write (=wrscx)
by anonymous auth (=x)
line 14 (access to dn="(.*,)?ou=people,ou=dbcintern,ou=dbc" by self write by
anonymous auth)
Backend ACL: access to dn.regex=(.*,)?ou=people,ou=dbcintern,ou=dbc
by self write (=wrscx)
by anonymous auth (=x)
line 18 (access to dn="(.*,)?ou=group,ou=dbcintern,ou=dbc" by self write by
anonymous auth)
Backend ACL: access to dn.regex=(.*,)?ou=group,ou=dbcintern,ou=dbc
by self write (=wrscx)
by anonymous auth (=x)
line 21 (access to * by * read)
Backend ACL: access to *
by * read (=rscx)
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
###############################################################
########### START su ######################################
###############################################################
daemon: activity on 1 descriptors
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=first, r=0
daemon: conn=0 fd=9 connection from IP=192.168.44.201:32830 (IP=:: 34049)
accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 0c .
ldap_read: want=12, got=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x080d7b30 ptr=0x080d7b30 end=0x080d7b3c len=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
do_bind
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
<===== error
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080d7b30 ptr=0x080d7b33 end=0x080d7b3c len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080d7b30 ptr=0x080d7b3a end=0x080d7b3c len=2
0000: 80 00 ..
do_bind: version=3 dn="" method=128
daemon: select: listen=6 active_threads=1 tvp=NULL
conn=0 op=0 BIND dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: 0::
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 9
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
conn=0 op=0 RESULT tag=97 err=0 text=
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 81 .
ldap_read: want=1, got=1
0000: ce .
ldap_read: want=206, got=206
0000: 02 01 02 63 81 c8 04 1f 6f 75 3d 70 65 6f 70 6c ...c....ou=peopl
0010: 65 2c 20 6f 75 3d 64 62 63 69 6e 74 65 72 6e 2c e, ou=dbcintern,
0020: 20 6f 75 3d 64 62 63 0a 01 02 0a 01 03 02 01 01 ou=dbc.........
0030: 02 01 02 01 01 00 a0 2b a3 1b 04 0b 6f 62 6a 65 .......+....obje
0040: 63 74 63 6c 61 73 73 04 0c 70 6f 73 69 78 41 63 ctclass..posixAc
0050: 63 6f 75 6e 74 a3 0c 04 03 75 69 64 04 05 50 75 count....uid..Pu
0060: 63 6b 53 30 69 04 03 75 69 64 04 0c 75 73 65 72 ckS0i..uid..user
0070: 50 61 73 73 77 6f 72 64 04 09 75 69 64 4e 75 6d Password..uidNum
0080: 62 65 72 04 09 67 69 64 4e 75 6d 62 65 72 04 02 ber..gidNumber..
0090: 63 6e 04 0d 68 6f 6d 65 44 69 72 65 63 74 6f 72 cn..homeDirector
00a0: 79 04 0a 6c 6f 67 69 6e 53 68 65 6c 6c 04 05 67 y..loginShell..g
00b0: 65 63 6f 73 04 0b 64 65 73 63 72 69 70 74 69 6f ecos..descriptio
00c0: 6e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 n..objectClass
ber_get_next: tag 0x30 len 206 contents:
ber_dump: buf=0x080d7c50 ptr=0x080d7c50 end=0x080d7d1e len=206
0000: 02 01 02 63 81 c8 04 1f 6f 75 3d 70 65 6f 70 6c ...c....ou=peopl
0010: 65 2c 20 6f 75 3d 64 62 63 69 6e 74 65 72 6e 2c e, ou=dbcintern,
0020: 20 6f 75 3d 64 62 63 0a 01 02 0a 01 03 02 01 01 ou=dbc.........
0030: 02 01 02 01 01 00 a0 2b a3 1b 04 0b 6f 62 6a 65 .......+....obje
0040: 63 74 63 6c 61 73 73 04 0c 70 6f 73 69 78 41 63 ctclass..posixAc
0050: 63 6f 75 6e 74 a3 0c 04 03 75 69 64 04 05 50 75 count....uid..Pu
0060: 63 6b 53 30 69 04 03 75 69 64 04 0c 75 73 65 72 ckS0i..uid..user
0070: 50 61 73 73 77 6f 72 64 04 09 75 69 64 4e 75 6d Password..uidNum
0080: 62 65 72 04 09 67 69 64 4e 75 6d 62 65 72 04 02 ber..gidNumber..
0090: 63 6e 04 0d 68 6f 6d 65 44 69 72 65 63 74 6f 72 cn..homeDirector
00a0: 79 04 0a 6c 6f 67 69 6e 53 68 65 6c 6c 04 05 67 y..loginShell..g
00b0: 65 63 6f 73 04 0b 64 65 73 63 72 69 70 74 69 6f ecos..descriptio
00c0: 6e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 n..objectClass
deferring operation
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
<===== error
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind: v3 anonymous bind
daemon: select: listen=6 active_threads=1 tvp=NULL
do_search
ber_scanf fmt ({aiiiib) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7c53 end=0x080d7d1e len=203
0000: 63 81 c8 04 1f 6f 75 3d 70 65 6f 70 6c 65 2c 20 c....ou=people,
0010: 6f 75 3d 64 62 63 69 6e 74 65 72 6e 2c 20 6f 75 ou=dbcintern, ou
0020: 3d 64 62 63 0a 01 02 0a 01 03 02 01 01 02 01 02 =dbc............
0030: 01 01 00 a0 2b a3 1b 04 0b 6f 62 6a 65 63 74 63 ....+....objectc
0040: 6c 61 73 73 04 0c 70 6f 73 69 78 41 63 63 6f 75 lass..posixAccou
0050: 6e 74 a3 0c 04 03 75 69 64 04 05 50 75 63 6b 53 nt....uid..PuckS
0060: 30 69 04 03 75 69 64 04 0c 75 73 65 72 50 61 73 0i..uid..userPas
0070: 73 77 6f 72 64 04 09 75 69 64 4e 75 6d 62 65 72 sword..uidNumber
0080: 04 09 67 69 64 4e 75 6d 62 65 72 04 02 63 6e 04 ..gidNumber..cn.
0090: 0d 68 6f 6d 65 44 69 72 65 63 74 6f 72 79 04 0a .homeDirectory..
00a0: 6c 6f 67 69 6e 53 68 65 6c 6c 04 05 67 65 63 6f loginShell..geco
00b0: 73 04 0b 64 65 73 63 72 69 70 74 69 6f 6e 04 0b s..description..
00c0: 6f 62 6a 65 63 74 43 6c 61 73 73 objectClass
SRCH "ou=people, ou=dbcintern, ou=dbc" 2 3 1 2 0
begin get_filter
AND
begin get_filter_list
begin get_filter
EQUALITY
ber_scanf fmt ({oo}) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7c88 end=0x080d7d1e len=150
0000: a3 1b 04 0b 6f 62 6a 65 63 74 63 6c 61 73 73 04 ....objectclass.
0010: 0c 70 6f 73 69 78 41 63 63 6f 75 6e 74 a3 0c 04 .posixAccount...
0020: 03 75 69 64 04 05 50 75 63 6b 53 30 69 04 03 75 .uid..PuckS0i..u
0030: 69 64 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 id..userPassword
0040: 04 09 75 69 64 4e 75 6d 62 65 72 04 09 67 69 64 ..uidNumber..gid
0050: 4e 75 6d 62 65 72 04 02 63 6e 04 0d 68 6f 6d 65 Number..cn..home
0060: 44 69 72 65 63 74 6f 72 79 04 0a 6c 6f 67 69 6e Directory..login
0070: 53 68 65 6c 6c 04 05 67 65 63 6f 73 04 0b 64 65 Shell..gecos..de
0080: 73 63 72 69 70 74 69 6f 6e 04 0b 6f 62 6a 65 63 scription..objec
0090: 74 43 6c 61 73 73 tClass
end get_filter 0
begin get_filter
EQUALITY
ber_scanf fmt ({oo}) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7ca5 end=0x080d7d1e len=121
0000: a3 0c 04 03 75 69 64 04 05 50 75 63 6b 53 30 69 ....uid..PuckS0i
0010: 04 03 75 69 64 04 0c 75 73 65 72 50 61 73 73 77 ..uid..userPassw
0020: 6f 72 64 04 09 75 69 64 4e 75 6d 62 65 72 04 09 ord..uidNumber..
0030: 67 69 64 4e 75 6d 62 65 72 04 02 63 6e 04 0d 68 gidNumber..cn..h
0040: 6f 6d 65 44 69 72 65 63 74 6f 72 79 04 0a 6c 6f omeDirectory..lo
0050: 67 69 6e 53 68 65 6c 6c 04 05 67 65 63 6f 73 04 ginShell..gecos.
0060: 0b 64 65 73 63 72 69 70 74 69 6f 6e 04 0b 6f 62 .description..ob
0070: 6a 65 63 74 43 6c 61 73 73 jectClass
end get_filter 0
end get_filter_list
end get_filter 0
filter: (&(objectClass=posixAccount)(uid=PuckS))
ber_scanf fmt ({v}}) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7cb3 end=0x080d7d1e len=107
0000: 30 69 04 03 75 69 64 04 0c 75 73 65 72 50 61 73 0i..uid..userPas
0010: 73 77 6f 72 64 04 09 75 69 64 4e 75 6d 62 65 72 sword..uidNumber
0020: 04 09 67 69 64 4e 75 6d 62 65 72 04 02 63 6e 04 ..gidNumber..cn.
0030: 0d 68 6f 6d 65 44 69 72 65 63 74 6f 72 79 04 0a .homeDirectory..
0040: 6c 6f 67 69 6e 53 68 65 6c 6c 04 05 67 65 63 6f loginShell..geco
0050: 73 04 0b 64 65 73 63 72 69 70 74 69 6f 6e 04 0b s..description..
0060: 6f 62 6a 65 63 74 43 6c 61 73 73 objectClass
attrs: uid userPassword uidNumber gidNumber cn homeDirectory loginShell
gecos description objectClass
conn=0 op=1 SRCH base="ou=people, ou=dbcintern, ou=dbc" scope=2
filter="(&(objectClass=posixAccount)(uid=PuckS))"
=> ldbm_back_search
dn2entry_r: dn: "OU=PEOPLE,OU=DBCINTERN,OU=DBC"
=> dn2id( "OU=PEOPLE,OU=DBCINTERN,OU=DBC" )
=> ldbm_cache_open( "/var/lib/ldap/dn2id.dbb", 7, 600 )
ldbm_cache_open (blksize 4096) (maxids 1022) (maxindirect 9)
<= ldbm_cache_open (opened 0)
<= dn2id 6
=> id2entry_r( 6 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
ldbm_cache_open (blksize 4096) (maxids 1022) (maxindirect 9)
<= ldbm_cache_open (opened 1)
=> str2entry
<= str2entry(ou=people, ou=dbcintern, ou=dbc) -> -1 (0x80d8bd0)
entry_rdwr_rlock: ID: 6
<= id2entry_r( 6 ) 0x80d8bd0 (disk)
search_candidates: base="OU=PEOPLE,OU=DBCINTERN,OU=DBC" s=2 d=3
=> filter_candidates
AND
... break because to much debugging
====> cache_return_entry_r( 6 ): created (0)
=> id2entry_r( 6 )
entry_rdwr_rtrylock: ID: 6
====> cache_find_entry_id( 6 ) "ou=people, ou=dbcintern, ou=dbc" (found) (1
tries)
<= id2entry_r( 6 ) 0x80d8bd0 (cache)
=> test_filter
AND
=> test_filter_and
=> test_filter
EQUALITY
=> access_allowed: search access to "ou=people, ou=dbcintern, ou=dbc"
"objectClass" requested
=> acl_get: [1] check attr objectClass
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl ou=people, ou=dbcintern, ou=dbc attr: objectClass
=> acl_mask: access to entry "ou=people, ou=dbcintern, ou=dbc", attr
"objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
=> test_filter
EQUALITY
=> access_allowed: search access to "ou=people, ou=dbcintern, ou=dbc" "uid"
requested
=> acl_get: [1] check attr uid
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr uid
<= acl_get: [2] acl ou=people, ou=dbcintern, ou=dbc attr: uid
=> acl_mask: access to entry "ou=people, ou=dbcintern, ou=dbc", attr "uid"
requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
<= test_filter_and 50
<= test_filter 50
ldbm_search: candidate 6 does not match filter
entry_rdwr_runlock: ID: 6
====> cache_return_entry_r( 6 ): returned (0)
=> id2entry_r( 7 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(uid=PuckS, ou=people, ou=dbcintern, ou=dbc) -> -1 (0x80d8e40)
entry_rdwr_rlock: ID: 7
<= id2entry_r( 7 ) 0x80d8e40 (disk)
=> test_filter
AND
=> test_filter_and
=> test_filter
EQUALITY
=> access_allowed: search access to "uid=PuckS, ou=people, ou=dbcintern,
ou=dbc" "objectClass" requested
=> acl_get: [1] check attr objectClass
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl uid=PuckS, ou=people, ou=dbcintern, ou=dbc attr:
objectClass
=> acl_mask: access to entry "uid=PuckS, ou=people, ou=dbcintern, ou=dbc",
attr "objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
=> test_filter
EQUALITY
=> access_allowed: search access to "uid=PuckS, ou=people, ou=dbcintern,
ou=dbc" "uid" requested
=> acl_get: [1] check attr uid
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr uid
<= acl_get: [2] acl uid=PuckS, ou=people, ou=dbcintern, ou=dbc attr: uid
=> acl_mask: access to entry "uid=PuckS, ou=people, ou=dbcintern, ou=dbc",
attr "uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
<= test_filter_and 50
<= test_filter 50
ldbm_search: candidate 7 does not match filter
entry_rdwr_runlock: ID: 7
====> cache_return_entry_r( 7 ): created (0)
=> id2entry_r( 8 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(uid=MayerRa, ou=people, ou=dbcintern, ou=dbc) -> -1 (0x80d9460)
entry_rdwr_rlock: ID: 8
<= id2entry_r( 8 ) 0x80d9460 (disk)
=> test_filter
AND
=> test_filter_and
=> test_filter
... break because of too much debugging
=> access_allowed: search access to "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc" "objectClass" requested
=> acl_get: [1] check attr objectClass
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl uid=PierothN, ou=people, ou=dbcintern, ou=dbc attr:
objectClass
=> acl_mask: access to entry "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc", attr "objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
=> test_filter
EQUALITY
=> access_allowed: search access to "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc" "uid" requested
=> acl_get: [1] check attr uid
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr uid
<= acl_get: [2] acl uid=PierothN, ou=people, ou=dbcintern, ou=dbc attr: uid
=> acl_mask: access to entry "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc", attr "uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
<= test_filter_and 50
<= test_filter 50
ldbm_search: candidate 10 does not match filter
entry_rdwr_runlock: ID: 10
====> cache_return_entry_r( 10 ): created (0)
=> id2entry_r( 11 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(uid=GoeldnerL, ou=people, ou=dbcintern, ou=dbc) -> -1
(0x80db1f0)
entry_rdwr_rlock: ID: 11
<= id2entry_r( 11 ) 0x80db1f0 (disk)
=> test_filter
AND
=> test_filter_and
=> test_filter
... break because of too much debugging
====> cache_return_entry_r( 12 ): created (0)
send_ldap_search_result 0::
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 9
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
conn=0 op=1 SEARCH RESULT tag=101 err=0 text=
##########################
##### End su #############
##########################
****************************************************************************
**************************
****************************************************************************
**************************
END DEBUGMESSAGES FROM SLAPD (look for (Resource temporarily
unavailable) )
****************************************************************************
**************************
****************************************************************************
**************************