[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Error 18: Solaris 10 Native LDAP-Client
- To: openldap-technical@openldap.org
- Subject: Error 18: Solaris 10 Native LDAP-Client
- From: Benjamin Griese <der.darude@gmail.com>
- Date: Fri, 15 Oct 2010 15:28:11 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type:content-transfer-encoding; bh=DyxKXGhzD3lfP0VZkhGECZHxo1v5DY9NvJEVwyRLkAM=; b=qvvVXY7fVELVa7FsIkoCK7EVpEBrA92bChEqhwLmS1EvhFcRyDFIT/zEoUV+eOTyix iGMOer53wsn7nzdWjBWaijkU5m29Vjbz5EOcrU77t/yg7IEkI+LhtDE5wQ7hywQmLeG+ PalSJJP7F/mwJa8Rw0aOrx2H3qdak2ES7x3hM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=vqBRa9BhokmS6Tm9JrRK+Rvq4C8PiQqMxus7AWq0gjiB8fqBzT4qgmDzolTKviJcyZ GOZQQ3Lv1OLKlyGAY35no0IyEQQ7hpp3wP47JBsNFaAp2e+xNXPecKMXxadmZ45Sq13Y hw4e0f4/UJDbzQCR25Kyb73vsIzRY570SQIrk=
Hello guys,
I got a problem while pulling information with the native ldap client
on my various solaris 10 machines from an openldap2-2.4.23-116.1
Maybe someone has any ideas, because I am on the end of mine.
I don't know what to do in the further steps to solve the problem.
the important information are below.
thanks for your help.
kind regards, benjamin.
=============================================================
on the solaris box:
solaris profile pulled from DIT, runs absolutly fine, but is maybe not
perfect for openldap
# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyuser,ou=system,ou=people,dc=example,dc=de
NS_LDAP_BINDPASSWD= secret
NS_LDAP_SERVERS= ldap01 ldap02
NS_LDAP_SEARCH_BASEDN= dc=example,dc=de
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 60
NS_LDAP_PROFILE= solaris_profile
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=example,dc=de?sub
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=example,dc=de?sub
NS_LDAP_SERVICE_SEARCH_DESC= sudoers: ou=SUDOers,dc=example,dc=de?sub
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=people,dc=example,dc=de?sub
NS_LDAP_BIND_TIME= 10
NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixGroup
NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=posixAccount
NS_LDAP_OBJECTCLASSMAP= sudoers:sudoRole=sudoRole
# ldaplist passwd
ldaplist: Object not found (LDAP ERROR (18): Inappropriate matching.)
getent passwd/group dont show anything, but strangely, single "id
<username>" show the user information I was expecting.
on sles11sp1/openldap2-2.4.23-116.1
(http://download.opensuse.org/repositories/network:/ldap:/OpenLDAP:/RE24/SLE_11_SP1/)
thats what I see in the logs on the openldap-server, right after
typing "ldaplist passwd" on the solaris box
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 ACCEPT from
IP=10.0.0.1:45604 (IP=0.0.0.0:389)
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND
dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" method=128
Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found
entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found
entry: "cn=default,ou=pwdpolicy,dc=example,dc=de"
Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: result not
in cache (userPassword)
Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth
access to "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
"userPassword" requested
Oct 15 14:37:33 examplehost slapd[8339]: => acl_get: [1] attr userPassword
Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: access to entry
"cn=proxyuser,ou=system,ou=people,dc=example,dc=de", attr
"userPassword" requested
Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: to value by "", (=0)
Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat:
cn=ldapadm,dc=example,dc=de
Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat:
cn=proxyuser,ou=system,ou=people,dc=example,dc=de ## just for testing
purpose
Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: anonymous
Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] applying
auth(=xd) (stop)
Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] mask: auth(=xd)
Oct 15 14:37:33 examplehost slapd[8339]: => slap_access_allowed: auth
access granted by auth(=xd)
Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth
access granted by auth(=xd)
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND
dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" mech=SIMPLE
ssf=0
Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found
entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 RESULT tag=97
err=0 text=
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 SEARCH RESULT
tag=101 err=18 nentries=0 text=serverSort control: No ordering rule
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 do_search:
get_ctrls failed
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=2 UNBIND
Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 closed
that seems to be a problem with a supportedControl of the ldap-server
which the solaris ldap client is unable to handle, because the local
openldap-client in the sles-server has absolutly no problem binding
and getting infos.
is this kind of offtopic for this list?
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc_5.2/admin_gd368.htm
says 18 LDAP_INAPPROPRIATE_MATCHING Inappropriate matchingFilter type
not supported for the specified attribute.
but I don't know what to do
this seems kind of related to this problem, maybe its the same:
http://markmail.org/message/dgtk3rpihvkqndqx#query:serverSort%20control%3A%20No%20ordering%20rule+page:2+mid:y4wsxfbqdwtreerp+state:results
--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra