[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cannot find rootDN





Quanah Gibson-Mount wrote:



--On Tuesday, February 03, 2004 3:40 PM -0500 "Tibbetts, Ric" <ric.tibbetts@ngc.com> wrote:

All;
This is a strange situation that errupted with my Solaris clients when I
upgraded my version OpenLDAP.


What verion(s) did you upgrade from/to?

(On the server)

From OpenLDAP 2.1.22

To OpenLDAP 2.1.25 w/ Berkeley DB 4.2.52

It should have been a relatively routine upgrade.
It's important to note that my AIX, and Linux clients are still able to authenticate without problem.
It's only the Solaris clients that this affected.


I've gone through the ACL's in slapd.conf, and tripple checked that proxyagent is correct (again, it worked before the upgrade).

When I did the upgrade, because I was changing the database, I exported the whole thing first with "slapcat". Then after installing the new s/w, I ran slapadd to put it all back.
It seems to have dropped something.


The logs haven't been much help.
Setting the loglevel to 128, shows the interaction with the ACLs, and I'm not seeing where anything is being denied.
Below is an example run:


---------------------------------
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 923158 local4.debug] => access_allowed: search access to "" "objectClass" requested
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 967793 local4.debug] => acl_get: [1] check attr objectClass
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 184944 local4.debug] => dn: [2]
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 462149 local4.debug] => acl_get: [2] matched
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 967793 local4.debug] => acl_get: [2] check attr objectClass
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 155642 local4.debug] <= acl_get: [2] acl attr: objectClass
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 971074 local4.debug] => acl_mask: access to entry "", attr "objectClass" requested
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 488679 local4.debug] => acl_mask: to all values by "", (=n)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 919802 local4.debug] <= check a_peername_path: 127.0.0.1
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 919802 local4.debug] <= check a_peername_path: 132.228.*.*
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 279303 local4.debug] <= acl_mask: [2] applying read(=rscx) (stop)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 804284 local4.debug] <= acl_mask: [2] mask: read(=rscx)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 384072 local4.debug] => access_allowed: search access granted by read(=rscx)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 923158 local4.debug] => access_allowed: read access to "" "entry" requested
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 967793 local4.debug] => acl_get: [1] check attr entry
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 184944 local4.debug] => dn: [2]
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 462149 local4.debug] => acl_get: [2] matched
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 967793 local4.debug] => acl_get: [2] check attr entry
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 155642 local4.debug] <= acl_get: [2] acl attr: entry
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 971074 local4.debug] => acl_mask: access to entry "", attr "entry" requested
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 488679 local4.debug] => acl_mask: to all values by "", (=n)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 919802 local4.debug] <= check a_peername_path: 127.0.0.1
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 919802 local4.debug] <= check a_peername_path: 132.228.*.*
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 279303 local4.debug] <= acl_mask: [2] applying read(=rscx) (stop)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 804284 local4.debug] <= acl_mask: [2] mask: read(=rscx)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 384072 local4.debug] => access_allowed: read access granted by read(=rscx)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 923158 local4.debug] => access_allowed: read access to "" "objectClass" requested
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 967793 local4.debug] => acl_get: [1] check attr objectClass
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 184944 local4.debug] => dn: [2]
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 462149 local4.debug] => acl_get: [2] matched
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 967793 local4.debug] => acl_get: [2] check attr objectClass
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 155642 local4.debug] <= acl_get: [2] acl attr: objectClass
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 785931 local4.debug] access_allowed: no res from state (objectClass)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 971074 local4.debug] => acl_mask: access to entry "", attr "objectClass" requested
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 488679 local4.debug] => acl_mask: to all values by "", (=n)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 919802 local4.debug] <= check a_peername_path: 127.0.0.1
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 919802 local4.debug] <= check a_peername_path: 132.228.*.*
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 279303 local4.debug] <= acl_mask: [2] applying read(=rscx) (stop)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 804284 local4.debug] <= acl_mask: [2] mask: read(=rscx)
Feb 4 08:31:21 meeng3 slapd[8838]: [ID 384072 local4.debug] => access_allowed: read access granted by read(=rscx)


--------------------------

Where else should I be looking?

Thanks again!


-Ric





--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html