[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error 18: Solaris 10 Native LDAP-Client

To: Diego Lima <lists@diegolima.org>
Subject: Re: Error 18: Solaris 10 Native LDAP-Client
From: Benjamin Griese <der.darude@gmail.com>
Date: Mon, 18 Oct 2010 16:00:45 +0200
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=CMBNm8ecGZY0iGyGzzgannqkL1Mc8W7DB2qGT+9IFKA=; b=vKpnv97wkq4BORg2sUibjUAKo41OreJiilpUShLSjGrQ0RsCIWUIDQoRMq7/ohQrk1 EngSRbRVRbKhx94wZu15F3dOPOXr0dX5FxYTUnazMUApTjskfKrqCiPx1+wMYLPeKUzI ol95YOiQn/htwX9aMRLjgOUwK+RkrrXRMugKc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=tDEB49q44wYYuUEokbZ9MOR8/iGTjvttpC5siI3APfle0phqoWMTPZSVeGHNdrTdYb vorSoYEiHc4oNmDGFDYOkKQXEOJL33k0J+KzbZucdGhe1FiA6y3HE2dczrVlyjallYZf R242Uzp58AUxOI/weqcF5bhZJ6iDk8ilWl6X8=
In-reply-to: <AANLkTi=qXtCMGfkhhN5tfhE8w1DpH3oiEP3p_oOkDgqG@mail.gmail.com>
References: <AANLkTimwvfDUTgwNyjPzPiYjT3BNg-NmzQ_j2JXs=Cn7@mail.gmail.com> <AANLkTikQGuboGdr0p3y-pb_gqje+oEvAat88TDMMnCie@mail.gmail.com> <AANLkTi=qXtCMGfkhhN5tfhE8w1DpH3oiEP3p_oOkDgqG@mail.gmail.com>

Update: the serverSort thing was a false-positive this morning, I
guess the client was still caching.
...
Oct 18 15:52:23 examplehost slapd[24946]: conn=9373 op=168 SEARCH
RESULT tag=101 err=18 nentries=0 text=serverSort control: No ordering
rule
Oct 18 15:52:23 examplehost slapd[24946]: conn=9373 op=168 do_search:
get_ctrls failed
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 fd=28 ACCEPT from
IP=10.0.0.1:35464 (IP=0.0.0.0:389)
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 op=0 BIND
dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" method=128
Oct 18 15:52:52 examplehost slapd[24946]: => bdb_entry_get: found
entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
Oct 18 15:52:52 examplehost slapd[24946]: => bdb_entry_get: found
entry: "cn=default,ou=pwdpolicy,dc=example,dc=de"
Oct 18 15:52:52 examplehost slapd[24946]: => access_allowed: result
not in cache (userPassword)
Oct 18 15:52:52 examplehost slapd[24946]: => access_allowed: auth
access to "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
"userPassword" requested
Oct 18 15:52:52 examplehost slapd[24946]: => acl_get: [1] attr userPassword
Oct 18 15:52:52 examplehost slapd[24946]: => acl_mask: access to entry
"cn=proxyuser,ou=system,ou=people,dc=example,dc=de", attr
"userPassword" requested
Oct 18 15:52:52 examplehost slapd[24946]: => acl_mask: to value by "", (=0)
Oct 18 15:52:52 examplehost slapd[24946]: <= check a_dn_pat:
cn=ldapadm,dc=example,dc=de
Oct 18 15:52:52 examplehost slapd[24946]: <= check a_dn_pat:
cn=proxyuser,ou=system,ou=people,dc=example,dc=de
Oct 18 15:52:52 examplehost slapd[24946]: <= check a_dn_pat: anonymous
Oct 18 15:52:52 examplehost slapd[24946]: <= acl_mask: [3] applying
auth(=xd) (stop)
Oct 18 15:52:52 examplehost slapd[24946]: <= acl_mask: [3] mask: auth(=xd)
Oct 18 15:52:52 examplehost slapd[24946]: => slap_access_allowed: auth
access granted by auth(=xd)
Oct 18 15:52:52 examplehost slapd[24946]: => access_allowed: auth
access granted by auth(=xd)
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 op=0 BIND
dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" mech=SIMPLE
ssf=0
Oct 18 15:52:52 examplehost slapd[24946]: => bdb_entry_get: found
entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de"
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 op=0 RESULT
tag=97 err=0 text=
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 op=1 SEARCH
RESULT tag=101 err=18 nentries=0 text=serverSort control: No ordering
rule
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 op=1 do_search:
get_ctrls failed
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 op=2 UNBIND
Oct 18 15:52:52 examplehost slapd[24946]: conn=10575 fd=28 closed
...

Is someone able to tell me what specific attributes I have to set for
simple passwd/group/sudoers listing/sorting?


Thank you.

On Mon, Oct 18, 2010 at 09:45, Benjamin Griese <der.darude@gmail.com> wrote:
> Hi diego,
>
> thanks for you advise. I created two new Overlays as you said and
> tried to set the attribute-set that I googled from some other guys.
> These are probably wrong. Finally, that solved the messages that
> appeared in the slapd log, but didn't solve the problem on the solaris
> hosts.
> Too bad. :/
>
> While reading to the log file once again, I find it quite strange,
> that the client is asking for specific objectClasses and Attributes
> that doesn't exist in my DIT.
> I've imported the solaris.schema while preparing the DIT and setup the
> "nisDomainObject" in the root Object, because the Client asked for
> that in the autoconfig-process.
> But the rest is from duaconfig.schema. By looking through the
> solaris.schema, the requested obj and attr below are in there. But
> this is all in all just guess work.
>
> for example:
>
> Oct 16 19:15:00 examplehost slapd[24946]: conn=1026 op=102 SRCH
> base="ou=people,dc=example,dc=de" scope=2 deref=3
> filter="(&(objectClass=NisKeyObject)(uidNumber=3))"
> Oct 16 19:15:00 examplehost slapd[24946]: conn=1026 op=102 SRCH
> attr=nisPublickey nisSecretkey
>
> Oct 16 19:15:00 examplehost slapd[24946]: conn=1026 op=103 SRCH
> base="ou=people,dc=example,dc=de" scope=2 deref=3
> filter="(&(?objectClass=SolarisUserAttr)(uid=sys))"
> Oct 16 19:15:00 examplehost slapd[24946]: conn=1026 op=103 SRCH
> attr=uid SolarisUserQualifier SolarisAttrReserved1
> SolarisAttrReserved2 SolarisAttrKeyValue
>
> Oct 16 19:15:00 examplehost slapd[24946]: conn=1026 op=104 SRCH
> base="ou=projects,dc=example,dc=de" scope=2 deref=3
> filter="(&(?objectClass=SolarisProject)(?=undefined))"
> Oct 16 19:15:00 examplehost slapd[24946]: conn=1026 op=104 SRCH
> attr=SolarisProjectName SolarisProjectID description memberUid
> memberGid SolarisProjectAttr
>
> LDIFs of the overlays:
>
> version: 1
>
> dn: olcOverlay={4}sssvlv,olcDatabase={1}hdb,cn=config
> objectClass: olcSssVlvConfig
> objectClass: olcOverlayConfig
> objectClass: olcConfig
> objectClass: top
> olcOverlay: {4}sssvlv
>
> =========================================
>
> version: 1
>
> dn: olcOverlay={5}valsort,olcDatabase={1}hdb,cn=config
> objectClass: olcValSortConfig
> objectClass: olcOverlayConfig
> objectClass: olcConfig
> objectClass: top
> olcOverlay: {5}valsort
> olcValSortAttr: memberuid ou=groups,dc=example,dc=de alpha-ascend
> olcValSortAttr: uid ou=people,dc=example,dc=de alpha-ascend
>
> Actually these seems to be a question to the Solaris LDAP Mailinglist,
> am I right?
> But if you have an further hints, these are much appreciated.
>
> Thanks and kind regards, Benjamin.
>
>
> On Fri, Oct 15, 2010 at 18:41, Diego Lima <lists@diegolima.org> wrote:
>> Hi Benjamin,
>>
>> It looks like your LDAP client is asking the server to return ordered
>> results from looking at this line:
>>
>>> tag=101 err=18 nentries=0 text=serverSort control: No ordering rule
>>
>> You may want to take a look at the server-side sorting overlay
>> (slapo-sssvlv) and/or the value sorting overlay (slapo-valsort) and
>> see if activating them on the server will fix your problems.
>>
>>
>> --
>> Diego Lima
>> http://www.diegolima.org
>>
>
>
>
> --
> To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
> be is to do -- Sartre | Do be do be do -- Sinatra
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra

Follow-Ups:
- Re: Error 18: Solaris 10 Native LDAP-Client
  - From: Benjamin Griese <der.darude@gmail.com>

References:
- Error 18: Solaris 10 Native LDAP-Client
  - From: Benjamin Griese <der.darude@gmail.com>
- Re: Error 18: Solaris 10 Native LDAP-Client
  - From: Diego Lima <lists@diegolima.org>
- Re: Error 18: Solaris 10 Native LDAP-Client
  - From: Benjamin Griese <der.darude@gmail.com>

Prev by Date: Re: Configuring OpenLDAP 2.2 with gdbm
Next by Date: RE: Configuring OpenLDAP 2.2 with gdbm
Index(es):
- Chronological
- Thread