[Date Prev][Date Next] [Chronological] [Thread] [Top]

"control unavailable in context" error even while using back-bdb



Hi All,

I am struggling to get a client machine to authenticate against an
openldap server. Any help greatly appreciated.

Server OS - SuSE 9.2 Pro
OpenLDAP - openldap2-2.3.3beta-0.1 (using a binary rpm from SuSE mirror)

This version of OL is supposed to support ppolicy schema and that is the
main reason I am testing it. Here are some observations that I have
made, please correct me if I am wrong.

The default backend database is BDB. But if the checkpointing directive
is enabled with BDB, slapd server segfaults (invariably). If I disable
this directive, issue goes away. If I change the backend to LDBM (as
that is what I use in my current production OpenLDAP server), then there
is no segfault issue, but looks like only back-bdb or back-hdb can
handle pagedResultsControl, so I decided to stick with BDB.

I can successfully do a "ldapsearch" to the server, but I can't
authenticate against it. The following lines can be seen in the server's
log.

Jun 20 11:54:57 huttonlinux slapd[15029]: conn=3 op=2 RESULT tag=97
err=53 text=control unavailable in context

A detailed log (-d 9) gives this:

slap_global_control: unavailable control: 1.3.6.1.4.1.42.2.27.8.5.1
(seems to be ppolicy related control)
send_ldap_result: conn=16 op=2 p=3
send_ldap_response: msgid=3 tag=97 err=53

Here is my slapd.conf:

##################################################################
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

allow bind_v2 bind_anon_dn

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/samba3.schema
include         /etc/openldap/schema/ppolicy.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath      /usr/lib/openldap/modules

access to dn.base=""
       by * read

access to dn.base="cn=Subschema"
       by * read

access to attr=userPassword,userPKCS12,sambaNTPassword,sambaLMPassword
       by self write
       by anonymous auth
       by * read

access to attr=shadowLastChange
       by self write
       by * auth

access to *
       by * read

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/keys/cacert.pem
TLSCertificateFile /etc/openldap/keys/servercrt.pem
TLSCertificateKeyFile /etc/openldap/keys/serverkey.pem

TLSVerifyClient demand

password-hash   {SSHA}

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
cachesize       10000
suffix          "o=example,c=com"
rootdn          "cn=Manager,o=example,c=com"

rootpw          secret

directory       /var/lib/ldap

index  objectClass,uid,uidNumber,gidNumber     pres,eq
index  cn,mail,sn,givenname               eq,sub
index  memberUID,sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq

#################################################################################

Here is my /etc/openldap/ldap.conf

###############################################################################
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04
19:57:01 kurt Exp $
#
# LDAP Defaults
#

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
TLS_REQCERT     demand
TLS_CACERT      /etc/openldap/keys.new/cacert.pem
TLS_CERT        /etc/openldap/keys.new/servercrt.pem
TLS_KEY         /etc/openldap/keys.new/serverkey.pem
HOST    ldapserver.example.com
base    o=example,c=com
PORT   636

########################################################################


Thanks,
Prakash