[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd runs, but nothing else works



Hi, I started with a fresh install of RedHat 7.3 (a somewhat skimpy install, getting things as I needed them) and tried to set up openldap the way that the securityfocus article describes it, like many who have posted here. I seem to have some combination of all of the most frequent errors. I have edited the /etc/openldap/slapd.conf file to look like this:
--------------------------------------------------------------------------------------------------------------------


# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema


database        ldbm
suffix          "dc=sandbox,dc=edu"
rootdn          "cn=manager,dc=sandbox,dc=edu"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw         secret
# rootpw                {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap
# Indices to maintain
index   objectClass,uid,uidNumber,gidNumber             eq
index   cn,mail,surname,givenname                       eq,subinitial

#
# ACL's
#

access to dn=".*,dc=sandbox,dc=edu"
   attr=userPassword
 by self write
 by dn="cn=manager,dc=sandbox,dc=edu" write
 by * auth

access to dn=".*,dc=sandbox,dc=edu"
 by self write
 by dn="cn=manager,dc=sandbox,dc=edu" write
 by * read

access to dn=".*,dc=sandbox,dc=edu"
 by * read
----------------------------------------------------------------------------------------------
/etc/init.d/slapd seems to work alright (but so I can see the debug spew,
I run it like this: $ slapd -f /etc/openldap/slapd.conf -d 313

if I do an 'ldapsearch -x', I get the following output:
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
[root@localhost root]# ldapsearch -x
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

I get the following from the debug spew:
----------------------------------------------------------------------------------------------
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=localhost.localdomain, r=0
daemon: conn=0 fd=9 connection from IP=127.0.0.1:1111 (IP=0.0.0.0:34049) accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x080fd140 ptr=0x080fd140 end=0x080fd14c len=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080fd140 ptr=0x080fd143 end=0x080fd14c len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080fd140 ptr=0x080fd14a end=0x080fd14c len=2
0000: 80 00 ..
do_bind: version=3 dn="" method=128
conn=0 op=0 BIND dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 9
conn=0 op=0 RESULT tag=97 err=0 text=
do_bind: v3 anonymous bind
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 54 contents:
ber_dump: buf=0x080fd110 ptr=0x080fd110 end=0x080fd146 len=54
0000: 02 01 02 63 31 04 11 64 63 3d 73 61 6e 64 62 6f ...c1..dc=sandbo
0010: 78 2c 64 63 3d 65 64 75 0a 01 02 0a 01 00 02 01 x,dc=edu........
0020: 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 .........objectc
0030: 6c 61 73 73 30 00 lass0.
do_search
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
ber_scanf fmt ({aiiiib) ber:
ber_dump: buf=0x080fd110 ptr=0x080fd113 end=0x080fd146 len=51
0000: 63 31 04 11 64 63 3d 73 61 6e 64 62 6f 78 2c 64 c1..dc=sandbox,d
0010: 63 3d 65 64 75 0a 01 02 0a 01 00 02 01 00 02 01 c=edu...........
0020: 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 ......objectclas
0030: 73 30 00 s0.
begin get_filter
PRESENT
ber_scanf fmt (o) ber:
ber_dump: buf=0x080fd110 ptr=0x080fd137 end=0x080fd146 len=15
0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 00 ..objectclass0.
end get_filter 0
ber_scanf fmt ({v}}) ber:
ber_dump: buf=0x080fd110 ptr=0x080fd144 end=0x080fd146 len=2
0000: 30 00 0.
conn=0 op=1 SRCH base="dc=sandbox,dc=edu" scope=2 filter="(objectClass=*)"
=> ldbm_back_search
dn2entry_r: dn: "DC=SANDBOX,DC=EDU"
=> dn2id( "DC=SANDBOX,DC=EDU" )
=> ldbm_cache_open( "/var/lib/ldap/dn2id.gdbm", 34, 600 )
<= ldbm_cache_open (opened 0)
<= dn2id NOID
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=32
ber_flush: 14 bytes to sd 9
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x080fd2a0 ptr=0x080fd2a0 end=0x080fd2a5 len=5
0000: 02 01 03 42 00 ...B.
do_unbind
conn=0 op=2 UNBIND
ber_get_next
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
connection_resched: reaquiring locks conn=0 sd=9
connection_resched: attempting closing conn=0 sd=9
connection_close: deferring conn=0 sd=9
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
conn=0 op=1 RESULT tag=101 err=32 text=
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
daemon: removing 9
conn=-1 fd=9 closed
----------------------------------------------------------------------------------------------


if I do 'ldapsearch -x -v -D "cn=manager,dc=sandbox,dc=edu" -W
then I type in 'secret' as the password, and get the following:

ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_bind: Invalid credentials

And I get the following debug spew for this:
----------------------------------------------------------------------------------------------
daemon: activity on 1 descriptors
daemon: new connection on 12
daemon: conn=4 fd=12 connection from IP=127.0.0.1:1117 (IP=0.0.0.0:34049) accepted.
daemon: added 12r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12): got connid=4
connection_read(12): checking for input on id=4
ber_get_next
ber_get_next: tag 0x30 len 46 contents:
ber_dump: buf=0x0811fc40 ptr=0x0811fc40 end=0x0811fc6e len=46
0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 6d 61 6e ...`).....cn=man
0010: 61 67 65 72 2c 64 63 3d 73 61 6e 64 62 6f 78 2c ager,dc=sandbox,
0020: 64 63 3d 65 64 75 80 06 73 65 63 72 65 74 dc=edu..secret
do_bind
ber_get_next
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x0811fc40 ptr=0x0811fc43 end=0x0811fc6e len=43
0000: 60 29 02 01 03 04 1c 63 6e 3d 6d 61 6e 61 67 65 `).....cn=manage
0010: 72 2c 64 63 3d 73 61 6e 64 62 6f 78 2c 64 63 3d r,dc=sandbox,dc=
0020: 65 64 75 80 06 73 65 63 72 65 74 edu..secret
ber_scanf fmt (o}) ber:
ber_dump: buf=0x0811fc40 ptr=0x0811fc66 end=0x0811fc6e len=8
0000: 80 06 73 65 63 72 65 74 ..secret
do_bind: version=3 dn="cn=manager,dc=sandbox,dc=edu" method=128
conn=4 op=0 BIND dn="CN=MANAGER,DC=SANDBOX,DC=EDU" method=128
dn2entry_r: dn: "CN=MANAGER,DC=SANDBOX,DC=EDU"
=> dn2id( "CN=MANAGER,DC=SANDBOX,DC=EDU" )
=> ldbm_cache_open( "/var/lib/ldap/dn2id.gdbm", 34, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
dn2entry_r: dn: "DC=SANDBOX,DC=EDU"
=> dn2id( "DC=SANDBOX,DC=EDU" )
=> ldbm_cache_open( "/var/lib/ldap/dn2id.gdbm", 34, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
send_ldap_result: conn=4 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 12
conn=4 op=0 RESULT tag=97 err=49 text=
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12): got connid=4
connection_read(12): checking for input on id=4
ber_get_next
ber_get_next on fd 12 failed errno=0 (Success)
connection_read(12): input error=-2 id=4, closing.
connection_closing: readying conn=4 sd=12 for close
connection_close: conn=4 sd=12
daemon: removing 12
conn=-1 fd=12 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
----------------------------------------------------------------------------------------------


So as you can see, I have serious problems. When I try to give the DN and password, I get err=49. When I try to just search for anything and everything, I get err=11 (Resource temporarily unavailable) and err 32.

Anyone know what these might be? I have read this mailing list up and down, so please don't just tell me that err=11 is normal. actually, with my particular error, it's trying to read data from a file descriptor (fd 12) that doesn't exist. At any rate, I need some serious help.

Sorry for the long post, but I wanted to be thorough.

Ben