[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Solaris Replica Problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've created multiple Linux replica servers and am working on getting a
Solaris 8 replica server running. I have followed the same steps as I did
for the Linux replicas but am unable to authenticate against my Solaris
replica server.
Here is the output slapd -d 1:
connection_get(21): got connid=43
connection_read(21): checking for input on id=43
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
ber_get_next on fd 21 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=43 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 21
do_bind: v3 anonymous bind
connection_get(21): got connid=43
connection_read(21): checking for input on id=43
ber_get_next
ber_get_next: tag 0x30 len 79 contents:
ber_get_next
ber_get_next on fd 21 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=office,ou=projects,dc=cellnet,dc=com>
=> ldap_bv2dn(ou=office,ou=projects,dc=cellnet,dc=com,0)
<= ldap_bv2dn(ou=office,ou=projects,dc=cellnet,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=office,ou=projects,dc=cellnet,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=office,ou=projects,dc=cellnet,dc=com,272)=0
<<< dnPrettyNormal: <ou=office,ou=projects,dc=cellnet,dc=com>,
<ou=office,ou=projects,dc=cellnet,dc=com>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> bdb_search
bdb_dn2entry("ou=office,ou=projects,dc=cellnet,dc=com")
search_candidates: base="ou=office,ou=projects,dc=cellnet,dc=com" (0x000000ba)
scope=1
=> bdb_dn2idl( "ou=office,ou=projects,dc=cellnet,dc=com" )
<= bdb_dn2idl: id=93 first=187 last=402
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_equality_candidates (uid)
=> key_read
<= bdb_index_read 17 candidates
<= bdb_equality_candidates: id=17, first=3, last=402
bdb_search_candidates: id=1 first=402 last=402
=> send_search_entry: dn="uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com"
ber_flush: 393 bytes to sd 21
<= send_search_entry
send_ldap_result: conn=43 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 21
connection_get(21): got connid=43
connection_read(21): checking for input on id=43
ber_get_next
ber_get_next: tag 0x30 len 101 contents:
ber_get_next
ber_get_next on fd 21 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="1.3.6.1.4.1.42.2.27.8.5.1" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
>>> dnPrettyNormal: <uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com>
=> ldap_bv2dn(uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com,0)
<= ldap_bv2dn(uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com,272)=0
<<< dnPrettyNormal: <uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com>,
<uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com>
do_bind: version=3 dn="uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com"
method=128
bdb_dn2entry("uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com")
send_ldap_result: conn=43 op=2 p=3
send_ldap_response: msgid=3 tag=97 err=49
ber_flush: 14 bytes to sd 21
connection_get(21): got connid=43
connection_read(21): checking for input on id=43
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
ber_get_next on fd 21 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=43 op=3 p=3
send_ldap_response: msgid=4 tag=97 err=0
ber_flush: 14 bytes to sd 21
do_bind: v3 anonymous bind
connection_get(22): got connid=44
connection_read(22): checking for input on id=44
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
ber_get_next on fd 22 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=44 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 22
do_bind: v3 anonymous bind
connection_get(22): got connid=44
connection_read(22): checking for input on id=44
ber_get_next
ber_get_next: tag 0x30 len 216 contents:
ber_get_next
ber_get_next on fd 22 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=office,ou=projects,dc=cellnet,dc=com>
=> ldap_bv2dn(ou=office,ou=projects,dc=cellnet,dc=com,0)
<= ldap_bv2dn(ou=office,ou=projects,dc=cellnet,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=office,ou=projects,dc=cellnet,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=office,ou=projects,dc=cellnet,dc=com,272)=0
<<< dnPrettyNormal: <ou=office,ou=projects,dc=cellnet,dc=com>,
<ou=office,ou=projects,dc=cellnet,dc=com>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> bdb_search
bdb_dn2entry("ou=office,ou=projects,dc=cellnet,dc=com")
search_candidates: base="ou=office,ou=projects,dc=cellnet,dc=com" (0x000000ba)
scope=1
=> bdb_dn2idl( "ou=office,ou=projects,dc=cellnet,dc=com" )
<= bdb_dn2idl: id=93 first=187 last=402
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read 222 candidates
<= bdb_equality_candidates: id=222, first=3, last=404
=> bdb_equality_candidates (uid)
=> key_read
<= bdb_index_read 17 candidates
<= bdb_equality_candidates: id=17, first=3, last=402
bdb_search_candidates: id=1 first=402 last=402
is_object_subclass(1.3.6.1.1.1.2.1,2.5.6.0) 0
is_object_subclass(1.3.6.1.1.1.2.1,2.5.6.6) 0
is_object_subclass(1.3.6.1.1.1.2.1,2.5.6.0) 0
is_object_subclass(1.3.6.1.1.1.2.1,1.3.6.1.1.1.2.0) 0
is_object_subclass(1.3.6.1.1.1.2.1,2.5.6.0) 0
is_object_subclass(1.3.6.1.1.1.2.1,1.3.6.1.1.1.2.1) 1
=> send_search_entry: dn="uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com"
ber_flush: 178 bytes to sd 22
<= send_search_entry
send_ldap_result: conn=44 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 22
connection_get(22): got connid=44
connection_read(22): checking for input on id=44
ber_get_next
ber_get_next on fd 22 failed errno=0 (Error 0)
connection_read(22): input error=-2 id=44, closing.
connection_closing: readying conn=44 sd=22 for close
connection_close: conn=44 sd=22
connection_get(21): got connid=43
connection_read(21): checking for input on id=43
ber_get_next
ber_get_next on fd 21 failed errno=0 (Error 0)
connection_read(21): input error=-2 id=43, closing.
connection_closing: readying conn=43 sd=21 for close
connection_close: conn=43 sd=21
I've been searching the archives and google but have not yet found the fix.
Can anyone help point me in the right direction(s)?
Here is my slapd.conf on the Solaris replica:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /opt/ldap/etc/openldap/schema/core.schema
include /opt/ldap/etc/openldap/schema/cosine.schema
include /opt/ldap/etc/openldap/schema/inetorgperson.schema
include /opt/ldap/etc/openldap/schema/nis.schema
include /opt/ldap/etc/openldap/schema/misc.schema
include /opt/ldap/etc/openldap/schema/solaris.schema
# Allow LDAPv2 client connections
allow bind_v2 bind_anon_dn
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
referral ldap://148.80.158.218
loglevel 256
pidfile /opt/ldap/var/run/slapd.pid
argsfile /opt/ldap/var/run/slapd.args
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile /opt/ldap/etc/openldap/slapd-cert.pem
TLSCertificateKeyFile /opt/ldap/etc/openldap/slapd-key.pem
# Load dynamic backend modules:
# modulepath /opt/ldap/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=cellnet,dc=com"
rootdn "cn=replica,dc=cellnet,dc=com"
updatedn "cn=replica,dc=cellnet,dc=com"
updateref "ldap://148.80.158.218";
rootpw {SSHA}o+DILbBGHbxPDrzEJjkglivhEPw0FQI9
directory /opt/ldap/var/openldap-data
mode 0700
cachesize 10000
sizelimit 50000
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index nisNetgroupTriple pres
#Restrict userPassword to be used for authentications only
access to attrs=userPassword,telephoneNumber,mobile,mail,shadowExpire
by self write
by anonymous auth
by group.base="cn=ldapAdmin,dc=cellnet,dc=com" write
by * none
#ACL allowing read access to everyone
access to *
by group.base="cn=ldapAdmin,dc=cellnet,dc=com" write
by * read
and here is the slapd.conf on one of my Linux replicas:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /opt/ldap/etc/openldap/schema/core.schema
include /opt/ldap/etc/openldap/schema/cosine.schema
include /opt/ldap/etc/openldap/schema/inetorgperson.schema
include /opt/ldap/etc/openldap/schema/nis.schema
include /opt/ldap/etc/openldap/schema/misc.schema
include /opt/ldap/etc/openldap/schema/solaris.schema
#include /opt/ldap/etc/openldap/schema/redhat/autofs.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2 bind_anon_dn
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
referral ldap://konldap1.cellnet.com
loglevel 256
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile /opt/ldap/etc/openldap/slapd-cert.pem
TLSCertificateKeyFile /opt/ldap/etc/openldap/slapd-key.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
#password-hash {CRYPT}
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
readonly off
suffix "dc=cellnet,dc=com"
rootdn "cn=replica,dc=cellnet,dc=com"
updatedn "cn=replica,dc=cellnet,dc=com"
updateref "ldap://148.80.158.218";
rootpw {SSHA}o+DILbBGHbxPDrzEJjkglivhEPw0FQI9
directory /var/lib/ldap
mode 0700
cachesize 10000
sizelimit 10000
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index nisNetgroupTriple pres
#Restrict userPassword to be used for authentications only
access to attrs=userPassword,telephoneNumber,mobile,mail,shadowExpire
by self write
by anonymous auth
by group.base="cn=ldapAdmin,dc=cellnet,dc=com" write
by * none
#ACL allowing read access to everyone
access to *
by group.base="cn=ldapAdmin,dc=cellnet,dc=com" write
by * read
Ideas of where to look anyone?
p.s. a ldapsearch and id do return the username, uid and gid.
TIA!
- --
Aaron M. Hirsch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iQCVAwUBQHWz6Tt2cqYtCmgKAQJSQQP/RsemMUh/bKxmNB/R1GNB593wWaVwcaUJ
itl5hvjkYZWbzdLWIOpJisGVUXpKxOIP++kRObGLyCVRI8FD2wgANDFEe/5YaVsr
mj0+01rS8uAklILYkYy7kClysly3uGylBsfaHwrKT4h+JqFjAaRfKu3UVZKWFyaE
tGgMfKranqM=
=/UG7
-----END PGP SIGNATURE-----