[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error 18: Solaris 10 Native LDAP-Client

Hello there,

I feel like spamming the list, but I now think its a more and more
OpenLDAP Server-related "problem" (for me its not a feature ;) ).

http://bacedifo.blogspot.com/2009/09/server-side-sort-with-openldap2418.html

I could reproduce the problem an 2.4.20, but havn't been able to setup
an older version to test that, yet.

Some ideas related to that? :/

Bye.

On Fri, Oct 15, 2010 at 15:28, Benjamin Griese <der.darude@gmail.com> wrote:
> Hello guys,
> I got a problem while pulling information with the native ldap client
> on my various solaris 10 machines from an openldap2-2.4.23-116.1
> Maybe someone has any ideas, because I am on the end of mine.
> I don't know what to do in the further steps to solve the problem.
> the important information are below.
>
> thanks for your help.
>
> kind regards, benjamin.
>
> =============================================================
>
> on the solaris box:
>
> solaris profile pulled from DIT, runs absolutly fine, but is maybe not
> perfect for openldap
> # ldapclient list
> NS_LDAP_FILE_VERSION= 2.0
> NS_LDAP_BINDDN= cn=proxyuser,ou=system,ou=people,dc=example,dc=de
> NS_LDAP_BINDPASSWD= secret
> NS_LDAP_SERVERS= ldap01 ldap02
> NS_LDAP_SEARCH_BASEDN= dc=example,dc=de
> NS_LDAP_AUTH= simple
> NS_LDAP_SEARCH_REF= FALSE
> NS_LDAP_SEARCH_SCOPE= sub
> NS_LDAP_SEARCH_TIME= 30
> NS_LDAP_CACHETTL= 60
> NS_LDAP_PROFILE= solaris_profile
> NS_LDAP_CREDENTIAL_LEVEL= proxy
> NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=example,dc=de?sub
> NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=example,dc=de?sub
> NS_LDAP_SERVICE_SEARCH_DESC= sudoers: ou=SUDOers,dc=example,dc=de?sub
> NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=people,dc=example,dc=de?sub
> NS_LDAP_BIND_TIME= 10
> NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixGroup
> NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=posixAccount
> NS_LDAP_OBJECTCLASSMAP= sudoers:sudoRole=sudoRole
>
> # ldaplist passwd
> ldaplist: Object not found (LDAP ERROR (18): Inappropriate matching.)
> getent passwd/group dont show anything, but strangely, single "id
> <username>" show the user information I was expecting.
>
> on sles11sp1/openldap2-2.4.23-116.1
> (http://download.opensuse.org/repositories/network:/ldap:/OpenLDAP:/RE24/SLE_11_SP1/)
>
> thats what I see in the logs on the openldap-server, right after
> typing "ldaplist passwd" on the solaris box
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 ACCEPT from
> IP=10.0.0.1:45604 (IP=0.0.0.0:389)
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND
> dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" method=128
> Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found
> entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
> Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found
> entry: "cn=default,ou=pwdpolicy,dc=example,dc=de"
> Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: result not
> in cache (userPassword)
> Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth
> access to "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
> "userPassword" requested
> Oct 15 14:37:33 examplehost slapd[8339]: => acl_get: [1] attr userPassword
> Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: access to entry
> "cn=proxyuser,ou=system,ou=people,dc=example,dc=de", attr
> "userPassword" requested
> Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: to value by "", (=0)
> Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat:
> cn=ldapadm,dc=example,dc=de
> Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat:
> cn=proxyuser,ou=system,ou=people,dc=example,dc=de ## just for testing
> purpose
> Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: anonymous
> Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] applying
> auth(=xd) (stop)
> Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] mask: auth(=xd)
> Oct 15 14:37:33 examplehost slapd[8339]: => slap_access_allowed: auth
> access granted by auth(=xd)
> Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth
> access granted by auth(=xd)
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND
> dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" mech=SIMPLE
> ssf=0
> Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found
> entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 RESULT tag=97
> err=0 text=
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 SEARCH RESULT
> tag=101 err=18 nentries=0 text=serverSort control: No ordering rule
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 do_search:
> get_ctrls failed
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=2 UNBIND
> Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 closed
>
> that seems to be a problem with a supportedControl of the ldap-server
> which the solaris ldap client is unable to handle, because the local
> openldap-client in the sles-server has absolutly no problem binding
> and getting infos.
> is this kind of offtopic for this list?
>
> http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc_5.2/admin_gd368.htm
>
> says 18 LDAP_INAPPROPRIATE_MATCHING Inappropriate matchingFilter type
> not supported for the specified attribute.
>
> but I don't know what to do
> this seems kind of related to this problem, maybe its the same:
> http://markmail.org/message/dgtk3rpihvkqndqx#query:serverSort%20control%3A%20No%20ordering%20rule+page:2+mid:y4wsxfbqdwtreerp+state:results
>
> --
> To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
> be is to do -- Sartre | Do be do be do -- Sinatra
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra