[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS/clear indication in logs?

To: Digant C Kasundra <digant@uta.edu>, "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: SSL/TLS/clear indication in logs?
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 27 Sep 2005 14:56:14 -0700
Cc: Openldap-Software <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <1127856615.4280.12.camel@localizer.uta.edu>
References: <1127838498.32620.41.camel@localizer.uta.edu> <6.2.1.2.0.20050927130342.032380a8@mail.openldap.org> <1127856615.4280.12.camel@localizer.uta.edu>

--On Tuesday, September 27, 2005 4:30 PM -0500 Digant C Kasundra <digant@uta.edu> wrote:

My logs start with the connection being accepted:

conn=1454211 fd=29 ACCEPT from IP=129.107.38.190:49369 (IP=0.0.0.0:389)

This is followed by the bind message I included in the previous email.
What should my loglevel be to see the addition information you speak of?

On 2.2 with loglevel 256 (which I was using in my 2.3 tests), I see no information about TLS/SSL levels on port 389 or port 636.

636 shows: Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 848112 local4.debug] conn=37071 fd=120 ACCEPT from IP=171.64.19.55:33829 (IP=0.0.0.0:636) Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 347666 local4.debug] conn=37071 op=0 BIND dn="" method=128 Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 217296 local4.debug] conn=37071 op=0 RESULT tag=97 err=0 text= Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 998954 local4.debug] conn=37071 op=1 SRCH base="dc=stanford,dc=edu" scope=2 deref=0 filter="(uid=quanah)" Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 706578 local4.debug] conn=37071 op=1 SRCH attr=uid Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 362707 local4.debug] conn=37071 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 338319 local4.debug] conn=37071 op=2 UNBIND Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 952275 local4.debug] conn=37071 fd=120 closed

389 shows: Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 848112 local4.debug] conn=37167 fd=119 ACCEPT from IP=171.64.19.55:33833 (IP=0.0.0.0:389) Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 347666 local4.debug] conn=37167 op=1 BIND dn="" method=128 Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 217296 local4.debug] conn=37167 op=1 RESULT tag=97 err=0 text= Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 998954 local4.debug] conn=37167 op=2 SRCH base="dc=stanford,dc=edu" scope=2 deref=0 filter="(uid=quanah)" Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 706578 local4.debug] conn=37167 op=2 SRCH attr=uid Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 362707 local4.debug] conn=37167 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 338319 local4.debug] conn=37167 op=3 UNBIND Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 952275 local4.debug] conn=37167 fd=119 closed

So no TLS/SSL stuff in OpenLDAP 2.2 at loglevel 256... Which is somewhat unfortunate, I suppose. Perhaps you should upgrade to 2.3. ;) Although I'd wait until 2.3.8 comes out.


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

References:
- SSL/TLS/clear indication in logs?
  - From: Digant C Kasundra <digant@uta.edu>
- Re: SSL/TLS/clear indication in logs?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: SSL/TLS/clear indication in logs?
  - From: Digant C Kasundra <digant@uta.edu>

Prev by Date: Re: SSL/TLS/clear indication in logs?
Next by Date: Re: SSL/TLS/clear indication in logs?
Index(es):
- Chronological
- Thread