LDAP+SASL
Michael Peek
peek at tiem.utk.edu
Fri Feb 20 14:30:47 UTC 2009
I feel like I must be close to having this working!
Okay, here's what I've got now:
/etc/ldap/slapd.conf:
-----------------------------------------------------
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
#loglevel none
loglevel stats trace
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb
# The base of your directory in database #1
suffix "dc=nimbios,dc=org"
# rootdn directive for specifying a superuser on the database. This is
needed
# for syncrepl.
# rootdn "cn=admin,dc=nimbios,dc=org"
rootdn "cn=admin,dc=nimbios,dc=org"
rootpw {SSHA}...<stuff>...
#sasl-secprops none
authz-regexp uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,ou=People,dc=nimbios,dc=org
authz-policy to
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=nimbios,dc=org" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=nimbios,dc=org" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=nimbios,dc=org" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be hdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"
-----------------------------------------------------
Output from:
ldapsearch -U admin at castor -H 'ldap://castor.nimbios.org/' -b
"dc=nimbios,dc=org" '(objectClass=*)'
-----------------------------------------------------
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: admin at castor
SASL SSF: 128
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=nimbios,dc=org> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
#
# nimbios.org
dn: dc=nimbios,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: nimbios.org
dc: nimbios
# admin, nimbios.org
dn: cn=admin,dc=nimbios,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
cn: admin
# People, nimbios.org
dn: ou=People,dc=nimbios,dc=org
objectClass: organizationalUnit
ou: People
# Groups, nimbios.org
dn: ou=Groups,dc=nimbios,dc=org
objectClass: organizationalUnit
ou: Groups
# admin, People, nimbios.org
dn: cn=admin,ou=People,dc=nimbios,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
cn: admin
# search result
search: 4
result: 0 Success
# numResponses: 6
# numEntries: 5
-----------------------------------------------------
The only information missing from the above (I think) is the
userPassword entries:
dn: cn=admin,dc=nimbios,dc=org has userPassword: {SSHA}... and
dn: cn=admin,ou=people,dc=nimbios,dc=org has userPassword: {CLEARTEXT}...
Log output:
-----------------------------------------------------
Feb 20 09:03:17 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:03:17 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:03:17 castor slapd[31189]: conn=12 fd=16 ACCEPT from
IP=160.36.46.71:50112 (IP=0.0.0.0:389)
Feb 20 09:03:17 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:03:17 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:03:17 castor slapd[31189]: conn=13 fd=17 ACCEPT from
IP=160.36.46.71:50113 (IP=0.0.0.0:389)
Feb 20 09:03:17 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:17 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 do_search
Feb 20 09:03:17 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:17 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 SRCH
attr=supportedSASLMechanisms namingContexts dnsHostName krbName
Feb 20 09:03:17 castor slapd[31189]: => send_search_entry: conn 13 dn=""
Feb 20 09:03:17 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:17 castor slapd[31189]: send_ldap_result: conn=13 op=0 p=3
Feb 20 09:03:17 castor slapd[31189]: send_ldap_response: msgid=1 tag=101
err=0
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=0 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:17 castor slapd[31189]: connection_get(16): got connid=12
Feb 20 09:03:17 castor slapd[31189]: connection_read(16): checking for
input on id=12
Feb 20 09:03:17 castor slapd[31189]: ber_get_next on fd 16 failed
errno=0 (Success)
Feb 20 09:03:17 castor slapd[31189]: connection_closing: readying
conn=12 sd=16 for close
Feb 20 09:03:17 castor slapd[31189]: connection_close: conn=12 sd=16
Feb 20 09:03:17 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:17 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:17 castor slapd[31189]: conn=13 op=1 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=1 SRCH
attr=subschemasubentry
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 13 dn=""
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=1 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=2 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: conn=12 fd=16 closed (connection lost)
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <cn=Subschema>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <cn=Subschema>,
<cn=subschema>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 SRCH
base="cn=Subschema" scope=0 deref=0 filter="(objectClass=subschema)"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 SRCH attr=objectclasses
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 13
dn="cn=Subschema"
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=2 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=3 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal:
<dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal:
<dc=nimbios,dc=org>, <dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 SRCH
base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=macosxodconfig))"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 SRCH attr=description
Feb 20 09:03:18 castor slapd[31189]: ==> limits_get: conn=13 op=3
dn="[anonymous]"
Feb 20 09:03:18 castor slapd[31189]: => hdb_search
Feb 20 09:03:18 castor slapd[31189]: bdb_dn2entry("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: search_candidates:
base="dc=nimbios,dc=org" (0x00000001) scope=2
Feb 20 09:03:18 castor slapd[31189]: => hdb_dn2idl("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read 2 candidates
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=2,
first=3, last=4
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates (ou)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: (ou)
not indexed
Feb 20 09:03:18 castor slapd[31189]: bdb_search_candidates: id=-1
first=3 last=4
Feb 20 09:03:18 castor slapd[31189]: hdb_search: 3 does not match filter
Feb 20 09:03:18 castor slapd[31189]: hdb_search: 4 does not match filter
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=3 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=4 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=3 SEARCH RESULT tag=101
err=0 nentries=0 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 SRCH attr=altserver
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 13 dn=""
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 13 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=13 op=4 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=5 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:03:18 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:03:18 castor slapd[31189]: conn=14 fd=16 ACCEPT from
IP=160.36.46.71:50114 (IP=0.0.0.0:389)
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 SRCH
attr=supportedSASLMechanisms namingContexts dnsHostName krbName
Feb 20 09:03:18 castor slapd[31189]: => send_search_entry: conn 14 dn=""
Feb 20 09:03:18 castor slapd[31189]: <= send_search_entry: conn 14 exit.
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=0 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=1 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=0 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=1 do_bind
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=1 BIND dn="" method=163
Feb 20 09:03:18 castor slapd[31189]: do_bind: dn () SASL mech CRAM-MD5
Feb 20 09:03:18 castor slapd[31189]: send_ldap_sasl: err=14 len=40
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=2 tag=97
err=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=1 RESULT tag=97 err=14
text=SASL(0): successful result: security flags do not match required
Feb 20 09:03:18 castor slapd[31189]: <== slap_sasl_bind: rc=14
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=2 do_bind
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=2 BIND dn="" method=163
Feb 20 09:03:18 castor slapd[31189]: do_bind: dn () SASL mech CRAM-MD5
Feb 20 09:03:18 castor slapd[31189]: slap_sasl_getdn: u:id converted to
uid=admin,cn=CRAM-MD5,cn=auth
Feb 20 09:03:18 castor slapd[31189]: >>> dnNormalize:
<uid=admin,cn=CRAM-MD5,cn=auth>
Feb 20 09:03:18 castor slapd[31189]: <<< dnNormalize:
<uid=admin,cn=cram-md5,cn=auth>
Feb 20 09:03:18 castor slapd[31189]: ==>slap_sasl2dn: converting SASL
name uid=admin,cn=cram-md5,cn=auth to a DN
Feb 20 09:03:18 castor slapd[31189]: slap_parseURI: parsing
uid=admin,ou=People,dc=nimbios,dc=org
Feb 20 09:03:18 castor slapd[31189]: >>> dnNormalize:
<uid=admin,ou=People,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnNormalize:
<uid=admin,ou=people,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <==slap_sasl2dn: Converted SASL
name to uid=admin,ou=people,dc=nimbios,dc=org
Feb 20 09:03:18 castor slapd[31189]: slap_sasl_getdn: dn:id converted to
uid=admin,ou=people,dc=nimbios,dc=org
Feb 20 09:03:18 castor slapd[31189]: => hdb_search
Feb 20 09:03:18 castor slapd[31189]:
bdb_dn2entry("uid=admin,ou=people,dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: =>
hdb_dn2id("uid=admin,ou=people,dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: <= hdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30990)
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=2 p=3
Feb 20 09:03:18 castor slapd[31189]: SASL [conn=14] Failure: no secret
in database
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=2 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=3 tag=97
err=49
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=2 RESULT tag=97 err=49
text=SASL(-13): user not found: no secret in database
Feb 20 09:03:18 castor slapd[31189]: <== slap_sasl_bind: rc=49
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 do_bind
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal:
<cn=admin,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal:
<cn=admin,dc=nimbios,dc=org>, <cn=admin,dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 BIND
dn="cn=admin,dc=nimbios,dc=org" method=128
Feb 20 09:03:18 castor slapd[31189]: do_bind: version=3
dn="cn=admin,dc=nimbios,dc=org" method=128
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 BIND
dn="cn=admin,dc=nimbios,dc=org" mech=SIMPLE ssf=0
Feb 20 09:03:18 castor slapd[31189]: do_bind: v3 bind:
"cn=admin,dc=nimbios,dc=org" to "cn=admin,dc=nimbios,dc=org"
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=3 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=4 tag=97
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=3 RESULT tag=97 err=0 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(17): got connid=13
Feb 20 09:03:18 castor slapd[31189]: connection_read(17): checking for
input on id=13
Feb 20 09:03:18 castor slapd[31189]: ber_get_next on fd 17 failed
errno=0 (Success)
Feb 20 09:03:18 castor slapd[31189]: connection_closing: readying
conn=13 sd=17 for close
Feb 20 09:03:18 castor slapd[31189]: connection_close: deferring conn=13
sd=17
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=5 do_unbind
Feb 20 09:03:18 castor slapd[31189]: conn=13 op=5 UNBIND
Feb 20 09:03:18 castor slapd[31189]: connection_resched: attempting
closing conn=13 sd=17
Feb 20 09:03:18 castor slapd[31189]: connection_close: conn=13 sd=17
Feb 20 09:03:18 castor slapd[31189]: conn=13 fd=17 closed
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=4 do_search
Feb 20 09:03:18 castor slapd[31189]: >>> dnPrettyNormal:
<dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: <<< dnPrettyNormal:
<dc=nimbios,dc=org>, <dc=nimbios,dc=org>
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=4 SRCH
base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))"
Feb 20 09:03:18 castor slapd[31189]: => hdb_search
Feb 20 09:03:18 castor slapd[31189]: bdb_dn2entry("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: search_candidates:
base="dc=nimbios,dc=org" (0x00000001) scope=2
Feb 20 09:03:18 castor slapd[31189]: => hdb_dn2idl("dc=nimbios,dc=org")
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: => bdb_equality_candidates
(objectClass)
Feb 20 09:03:18 castor slapd[31189]: => key_read
Feb 20 09:03:18 castor slapd[31189]: <= bdb_index_read: failed (-30990)
Feb 20 09:03:18 castor slapd[31189]: <= bdb_equality_candidates: id=0,
first=0, last=0
Feb 20 09:03:18 castor slapd[31189]: bdb_search_candidates: id=0 first=1
last=0
Feb 20 09:03:18 castor slapd[31189]: hdb_search: no candidates
Feb 20 09:03:18 castor slapd[31189]: send_ldap_result: conn=14 op=4 p=3
Feb 20 09:03:18 castor slapd[31189]: send_ldap_response: msgid=5 tag=101
err=0
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Feb 20 09:03:18 castor slapd[31189]: connection_get(16): got connid=14
Feb 20 09:03:18 castor slapd[31189]: connection_read(16): checking for
input on id=14
Feb 20 09:03:18 castor slapd[31189]: ber_get_next on fd 16 failed
errno=0 (Success)
Feb 20 09:03:18 castor slapd[31189]: connection_closing: readying
conn=14 sd=16 for close
Feb 20 09:03:18 castor slapd[31189]: connection_close: deferring conn=14
sd=16
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=5 do_unbind
Feb 20 09:03:18 castor slapd[31189]: conn=14 op=5 UNBIND
Feb 20 09:03:18 castor slapd[31189]: connection_resched: attempting
closing conn=14 sd=16
Feb 20 09:03:18 castor slapd[31189]: connection_close: deferring conn=14
sd=16
Feb 20 09:03:18 castor slapd[31189]: connection_resched: attempting
closing conn=14 sd=16
Feb 20 09:03:18 castor slapd[31189]: connection_close: conn=14 sd=16
Feb 20 09:03:18 castor slapd[31189]: conn=14 fd=16 closed
Feb 20 09:06:07 castor slapd[31189]: slap_listener_activate(9):
Feb 20 09:06:07 castor slapd[31189]: >>> slap_listener(ldap:///)
Feb 20 09:06:07 castor slapd[31189]: conn=15 fd=16 ACCEPT from
IP=160.36.46.40:45871 (IP=0.0.0.0:389)
Feb 20 09:06:07 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:07 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 do_search
Feb 20 09:06:07 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:06:07 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 SRCH
attr=supportedSASLMechanisms
Feb 20 09:06:07 castor slapd[31189]: => send_search_entry: conn 15 dn=""
Feb 20 09:06:07 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:07 castor slapd[31189]: send_ldap_result: conn=15 op=0 p=3
Feb 20 09:06:07 castor slapd[31189]: send_ldap_response: msgid=1 tag=101
err=0
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=0 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 20 09:06:07 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:07 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=1 do_bind
Feb 20 09:06:07 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:06:07 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=1 BIND dn="" method=163
Feb 20 09:06:07 castor slapd[31189]: do_bind: dn () SASL mech DIGEST-MD5
Feb 20 09:06:07 castor slapd[31189]: SASL [conn=15] Debug: DIGEST-MD5
server step 1
Feb 20 09:06:07 castor slapd[31189]: send_ldap_sasl: err=14 len=191
Feb 20 09:06:07 castor slapd[31189]: send_ldap_response: msgid=2 tag=97
err=14
Feb 20 09:06:07 castor slapd[31189]: conn=15 op=1 RESULT tag=97 err=14
text=SASL(0): successful result: security flags do not match required
Feb 20 09:06:07 castor ldapsearch: DIGEST-MD5 client step 2
Feb 20 09:06:07 castor slapd[31189]: <== slap_sasl_bind: rc=14
Feb 20 09:06:10 castor ldapsearch: DIGEST-MD5 client step 2
Feb 20 09:06:10 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:10 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 do_bind
Feb 20 09:06:10 castor slapd[31189]: >>> dnPrettyNormal: <>
Feb 20 09:06:10 castor slapd[31189]: <<< dnPrettyNormal: <>, <>
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 BIND dn="" method=163
Feb 20 09:06:10 castor slapd[31189]: do_bind: dn () SASL mech DIGEST-MD5
Feb 20 09:06:10 castor slapd[31189]: SASL [conn=15] Debug: DIGEST-MD5
server step 2
Feb 20 09:06:10 castor slapd[31189]: slap_sasl_getdn: u:id converted to
uid=admin at castor,cn=DIGEST-MD5,cn=auth
Feb 20 09:06:10 castor slapd[31189]: >>> dnNormalize:
<uid=admin at castor,cn=DIGEST-MD5,cn=auth>
Feb 20 09:06:10 castor slapd[31189]: <<< dnNormalize:
<uid=admin at castor,cn=digest-md5,cn=auth>
Feb 20 09:06:10 castor slapd[31189]: ==>slap_sasl2dn: converting SASL
name uid=admin at castor,cn=digest-md5,cn=auth to a DN
Feb 20 09:06:10 castor slapd[31189]: slap_parseURI: parsing
uid=admin at castor,ou=People,dc=nimbios,dc=org
Feb 20 09:06:10 castor slapd[31189]: >>> dnNormalize:
<uid=admin at castor,ou=People,dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: <<< dnNormalize:
<uid=admin at castor,ou=people,dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: <==slap_sasl2dn: Converted SASL
name to uid=admin at castor,ou=people,dc=nimbios,dc=org
Feb 20 09:06:10 castor slapd[31189]: slap_sasl_getdn: dn:id converted to
uid=admin at castor,ou=people,dc=nimbios,dc=org
Feb 20 09:06:10 castor slapd[31189]: => hdb_search
Feb 20 09:06:10 castor slapd[31189]:
bdb_dn2entry("uid=admin at castor,ou=people,dc=nimbios,dc=org")
Feb 20 09:06:10 castor slapd[31189]: =>
hdb_dn2id("uid=admin at castor,ou=people,dc=nimbios,dc=org")
Feb 20 09:06:10 castor slapd[31189]: <= hdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30990)
Feb 20 09:06:10 castor slapd[31189]: send_ldap_result: conn=15 op=2 p=3
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 BIND
authcid="admin at castor" authzid="admin at castor"
Feb 20 09:06:10 castor slapd[31189]: SASL Authorize [conn=15]: proxy
authorization allowed authzDN=""
Feb 20 09:06:10 castor slapd[31189]: send_ldap_sasl: err=0 len=40
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 BIND
dn="uid=admin at castor,ou=people,dc=nimbios,dc=org" mech=DIGEST-MD5
sasl_ssf=128 ssf=128
Feb 20 09:06:10 castor slapd[31189]: do_bind: SASL/DIGEST-MD5 bind:
dn="uid=admin at castor,ou=people,dc=nimbios,dc=org" sasl_ssf=128
Feb 20 09:06:10 castor slapd[31189]: send_ldap_response: msgid=3 tag=97
err=0
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=2 RESULT tag=97 err=0 text=
Feb 20 09:06:10 castor ldapsearch: DIGEST-MD5 client step 3
Feb 20 09:06:10 castor slapd[31189]: <== slap_sasl_bind: rc=0
Feb 20 09:06:10 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:10 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=3 do_search
Feb 20 09:06:10 castor slapd[31189]: >>> dnPrettyNormal:
<dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: <<< dnPrettyNormal:
<dc=nimbios,dc=org>, <dc=nimbios,dc=org>
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=3 SRCH
base="dc=nimbios,dc=org" scope=2 deref=0 filter="(objectClass=*)"
Feb 20 09:06:10 castor slapd[31189]: ==> limits_get: conn=15 op=3
dn="uid=admin at castor,ou=people,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: => hdb_search
Feb 20 09:06:10 castor slapd[31189]: bdb_dn2entry("dc=nimbios,dc=org")
Feb 20 09:06:10 castor slapd[31189]: search_candidates:
base="dc=nimbios,dc=org" (0x00000001) scope=2
Feb 20 09:06:10 castor slapd[31189]: => hdb_dn2idl("dc=nimbios,dc=org")
Feb 20 09:06:10 castor slapd[31189]: => bdb_presence_candidates
(objectClass)
Feb 20 09:06:10 castor slapd[31189]: bdb_search_candidates: id=-1
first=1 last=6
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: entry_decode: ""
Feb 20 09:06:10 castor slapd[31189]: <= entry_decode()
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="cn=admin,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="ou=People,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="ou=Groups,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: => send_search_entry: conn 15
dn="cn=admin,ou=People,dc=nimbios,dc=org"
Feb 20 09:06:10 castor slapd[31189]: <= send_search_entry: conn 15 exit.
Feb 20 09:06:10 castor slapd[31189]: send_ldap_result: conn=15 op=3 p=3
Feb 20 09:06:10 castor slapd[31189]: send_ldap_response: msgid=4 tag=101
err=0
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=3 SEARCH RESULT tag=101
err=0 nentries=5 text=
Feb 20 09:06:10 castor slapd[31189]: connection_get(16): got connid=15
Feb 20 09:06:10 castor slapd[31189]: connection_read(16): checking for
input on id=15
Feb 20 09:06:10 castor slapd[31189]: ber_get_next on fd 16 failed
errno=0 (Success)
Feb 20 09:06:10 castor slapd[31189]: connection_closing: readying
conn=15 sd=16 for close
Feb 20 09:06:10 castor slapd[31189]: connection_close: deferring conn=15
sd=16
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=4 do_unbind
Feb 20 09:06:10 castor slapd[31189]: conn=15 op=4 UNBIND
Feb 20 09:06:10 castor slapd[31189]: connection_resched: attempting
closing conn=15 sd=16
Feb 20 09:06:10 castor slapd[31189]: connection_close: deferring conn=15
sd=16
Feb 20 09:06:10 castor slapd[31189]: connection_resched: attempting
closing conn=15 sd=16
Feb 20 09:06:10 castor slapd[31189]: connection_close: conn=15 sd=16
Feb 20 09:06:10 castor slapd[31189]: conn=15 fd=16 closed
-----------------------------------------------------
On the Mac, I have tried telling it to bind with the following dn's:
cn=admin,dc=nimbios,dc=org
cn=admin,ou=people,dc=nimbios,dc=org
cn=admin,cn=CRAM-MD5,cn=auth
uid=admin,dc=nimbios,dc=org
uid=admin,ou=people,dc=nimbios,dc=org
uid=admin,cn=CRAM-MD5,cn=auth
I'm not really sure which one I'm /supposed/ to use, these are just the
variants that I've thought to try.
Michael
More information about the ubuntu-users
mailing list