LDAP+SASL
Michael Peek
peek at tiem.utk.edu
Fri Feb 20 19:23:13 UTC 2009
Norberto Bensa wrote:
> On Fri, Feb 20, 2009 at 12:30 PM, Michael Peek <peek at tiem.utk.edu> wrote:
>
>> The only information missing from the above (I think) is the
>> userPassword entries:
>> dn: cn=admin,dc=nimbios,dc=org has userPassword: {SSHA}... and
>> dn: cn=admin,ou=people,dc=nimbios,dc=org has userPassword: {CLEARTEXT}...
>>
>
> Nothing is missing. You bind as admin at castor, not as cn=admin,dc=...
> And you have:
>
> access to attrs=userPassword,shadowLastChange
> by dn="cn=admin,dc=nimbios,dc=org" write
> by anonymous auth
> by self write
> by * none
>
>
> So nothing is missing. You explicitly asked access to userPassword to
> be available only to self and cn=admin,dc=... Everyone else must
> authenticate.
>
>
>
>> On the Mac, I have tried telling it to bind with the following dn's:
>>
>> cn=admin,dc=nimbios,dc=org
>> cn=admin,ou=people,dc=nimbios,dc=org
>> cn=admin,cn=CRAM-MD5,cn=auth
>> uid=admin,dc=nimbios,dc=org
>> uid=admin,ou=people,dc=nimbios,dc=org
>> uid=admin,cn=CRAM-MD5,cn=auth
>>
>> I'm not really sure which one I'm /supposed/ to use, these are just the
>> variants that I've thought to try.
>>
>
> Hmmm... From slapd.conf, you could try: "cn=admin,dc=nimbios,dc=org" ;-)
>
> *But* (unless I'm overlooking something) you have no authz-regexp
> returning cn=admin....
>
> Something like this should work:
>
> authz-regexp
> uid=([^,]*),cn=[^,]*,cn=auth
> cn=$1,dc=nimbios.dc=org
>
My current authz-* settings:
------------------------------------------------------------------------------
authz-regexp
uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
cn=$1,ou=People,dc=nimbios,dc=org
authz-regexp
uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
cn=$1,dc=nimbios,dc=org
authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,ou=People,dc=nimbios,dc=org
authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
cn=$1,dc=nimbios,dc=org
authz-policy to
------------------------------------------------------------------------------
Attempt to bind as admin at castor:
------------------------------------------------------------------------------
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=9 fd=16 ACCEPT from IP=xx.xx.xx.xx:50385
(IP=0.0.0.0:389)
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=10 fd=17 ACCEPT from IP=xx.xx.xx.xx:50386
(IP=0.0.0.0:389)
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=10 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=10 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 10 dn=""
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=10 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=9
slapd[31675]: connection_read(16): checking for input on id=9
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=9 sd=16 for close
slapd[31675]: connection_close: conn=9 sd=16
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=1 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=10 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=10 op=1 SRCH attr=subschemasubentry
slapd[31675]: conn=9 fd=16 closed (connection lost)
slapd[31675]: => send_search_entry: conn 10 dn=""
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=1 p=3
slapd[31675]: send_ldap_response: msgid=2 tag=101 err=0
slapd[31675]: conn=10 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=2 do_search
slapd[31675]: >>> dnPrettyNormal: <cn=Subschema>
slapd[31675]: <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
slapd[31675]: conn=10 op=2 SRCH base="cn=Subschema" scope=0 deref=0
filter="(objectClass=subschema)"
slapd[31675]: conn=10 op=2 SRCH attr=objectclasses
slapd[31675]: => send_search_entry: conn 10 dn="cn=Subschema"
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=2 p=3
slapd[31675]: send_ldap_response: msgid=3 tag=101 err=0
slapd[31675]: conn=10 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=10 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=macosxodconfig))"
slapd[31675]: conn=10 op=3 SRCH attr=description
slapd[31675]: ==> limits_get: conn=10 op=3 dn="[anonymous]"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read 2 candidates
slapd[31675]: <= bdb_equality_candidates: id=2, first=3, last=4
slapd[31675]: => bdb_equality_candidates (ou)
slapd[31675]: <= bdb_equality_candidates: (ou) not indexed
slapd[31675]: bdb_search_candidates: id=-1 first=3 last=4
slapd[31675]: hdb_search: 3 does not match filter
slapd[31675]: hdb_search: 4 does not match filter
slapd[31675]: send_ldap_result: conn=10 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=10 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: conn=10 op=4 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=10 op=4 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=10 op=4 SRCH attr=altserver
slapd[31675]: => send_search_entry: conn 10 dn=""
slapd[31675]: <= send_search_entry: conn 10 exit.
slapd[31675]: send_ldap_result: conn=10 op=4 p=3
slapd[31675]: send_ldap_response: msgid=5 tag=101 err=0
slapd[31675]: conn=10 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=11 fd=16 ACCEPT from IP=xx.xx.xx.xx:50387
(IP=0.0.0.0:389)
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=11 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=11 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 11 dn=""
slapd[31675]: <= send_search_entry: conn 11 exit.
slapd[31675]: send_ldap_result: conn=11 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=11 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=1 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=11 op=1 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: send_ldap_sasl: err=14 len=40
slapd[31675]: send_ldap_response: msgid=2 tag=97 err=14
slapd[31675]: conn=11 op=1 RESULT tag=97 err=14 text=SASL(0): successful
result: security flags do not match required
slapd[31675]: <== slap_sasl_bind: rc=14
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=2 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=11 op=2 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: slap_sasl_getdn: u:id converted to
uid=admin at castor,cn=CRAM-MD5,cn=auth
slapd[31675]: >>> dnNormalize: <uid=admin at castor,cn=CRAM-MD5,cn=auth>
slapd[31675]: <<< dnNormalize: <uid=admin at castor,cn=cram-md5,cn=auth>
slapd[31675]: ==>slap_sasl2dn: converting SASL name
uid=admin at castor,cn=cram-md5,cn=auth to a DN
slapd[31675]: slap_parseURI: parsing
cn=admin at castor,ou=People,dc=nimbios,dc=org
slapd[31675]: >>> dnNormalize:
<cn=admin at castor,ou=People,dc=nimbios,dc=org>
slapd[31675]: <<< dnNormalize:
<cn=admin at castor,ou=people,dc=nimbios,dc=org>
slapd[31675]: <==slap_sasl2dn: Converted SASL name to
cn=admin at castor,ou=people,dc=nimbios,dc=org
slapd[31675]: slap_sasl_getdn: dn:id converted to
cn=admin at castor,ou=people,dc=nimbios,dc=org
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("cn=admin at castor,ou=people,dc=nimbios,dc=org")
slapd[31675]: => hdb_dn2id("cn=admin at castor,ou=people,dc=nimbios,dc=org")
slapd[31675]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching
key/data pair found (-30990)
slapd[31675]: send_ldap_result: conn=11 op=2 p=3
slapd[31675]: conn=11 op=2 BIND authcid="admin at castor"
authzid="admin at castor"
slapd[31675]: SASL Authorize [conn=11]: proxy authorization allowed
authzDN=""
slapd[31675]: send_ldap_sasl: err=0 len=-1
slapd[31675]: conn=11 op=2 BIND
dn="cn=admin at castor,ou=people,dc=nimbios,dc=org" mech=CRAM-MD5
sasl_ssf=0 ssf=0
slapd[31675]: do_bind: SASL/CRAM-MD5 bind:
dn="cn=admin at castor,ou=people,dc=nimbios,dc=org" sasl_ssf=0
slapd[31675]: send_ldap_response: msgid=3 tag=97 err=0
slapd[31675]: conn=11 op=2 RESULT tag=97 err=0 text=
slapd[31675]: <== slap_sasl_bind: rc=0
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: conn=11 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=11 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))"
slapd[31675]: ==> limits_get: conn=11 op=3
dn="cn=admin at castor,ou=people,dc=nimbios,dc=org"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: bdb_search_candidates: id=0 first=1 last=0
slapd[31675]: hdb_search: no candidates
slapd[31675]: send_ldap_result: conn=11 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=11 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=10
slapd[31675]: connection_read(17): checking for input on id=10
slapd[31675]: ber_get_next on fd 17 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=10 sd=17 for close
slapd[31675]: connection_get(16): got connid=11
slapd[31675]: connection_read(16): checking for input on id=11
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=11 sd=16 for close
slapd[31675]: connection_close: deferring conn=11 sd=16
slapd[31675]: conn=11 op=4 do_unbind
slapd[31675]: conn=11 op=4 UNBIND
slapd[31675]: connection_close: deferring conn=10 sd=17
slapd[31675]: connection_resched: attempting closing conn=11 sd=16
slapd[31675]: connection_close: deferring conn=11 sd=16
slapd[31675]: connection_resched: attempting closing conn=11 sd=16
slapd[31675]: connection_close: conn=11 sd=16
slapd[31675]: conn=11 fd=16 closed
slapd[31675]: conn=10 op=5 do_unbind
slapd[31675]: conn=10 op=5 UNBIND
slapd[31675]: connection_resched: attempting closing conn=10 sd=17
slapd[31675]: connection_close: conn=10 sd=17
slapd[31675]: conn=10 fd=17 closed
------------------------------------------------------------------------------
Tried binding as cn=admin,dc=nimbios,dc=org:
------------------------------------------------------------------------------
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=12 fd=16 ACCEPT from IP=xx.xx.xx.xx:50394
(IP=0.0.0.0:389)
slapd[31675]: conn=13 fd=17 ACCEPT from IP=xx.xx.xx.xx:50395
(IP=0.0.0.0:389)
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=13 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=13 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 13 dn=""
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=13 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=12
slapd[31675]: connection_read(16): checking for input on id=12
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=12 sd=16 for close
slapd[31675]: connection_close: conn=12 sd=16
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=1 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=13 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=13 op=1 SRCH attr=subschemasubentry
slapd[31675]: conn=12 fd=16 closed (connection lost)
slapd[31675]: => send_search_entry: conn 13 dn=""
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=1 p=3
slapd[31675]: send_ldap_response: msgid=2 tag=101 err=0
slapd[31675]: conn=13 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=2 do_search
slapd[31675]: >>> dnPrettyNormal: <cn=Subschema>
slapd[31675]: <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema>
slapd[31675]: conn=13 op=2 SRCH base="cn=Subschema" scope=0 deref=0
filter="(objectClass=subschema)"
slapd[31675]: conn=13 op=2 SRCH attr=objectclasses
slapd[31675]: => send_search_entry: conn 13 dn="cn=Subschema"
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=2 p=3
slapd[31675]: send_ldap_response: msgid=3 tag=101 err=0
slapd[31675]: conn=13 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=13 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=macosxodconfig))"
slapd[31675]: conn=13 op=3 SRCH attr=description
slapd[31675]: ==> limits_get: conn=13 op=3 dn="[anonymous]"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read 2 candidates
slapd[31675]: <= bdb_equality_candidates: id=2, first=3, last=4
slapd[31675]: => bdb_equality_candidates (ou)
slapd[31675]: <= bdb_equality_candidates: (ou) not indexed
slapd[31675]: bdb_search_candidates: id=-1 first=3 last=4
slapd[31675]: hdb_search: 3 does not match filter
slapd[31675]: hdb_search: 4 does not match filter
slapd[31675]: send_ldap_result: conn=13 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=13 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: conn=13 op=4 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=13 op=4 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=13 op=4 SRCH attr=altserver
slapd[31675]: => send_search_entry: conn 13 dn=""
slapd[31675]: <= send_search_entry: conn 13 exit.
slapd[31675]: send_ldap_result: conn=13 op=4 p=3
slapd[31675]: send_ldap_response: msgid=5 tag=101 err=0
slapd[31675]: conn=13 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: slap_listener_activate(9):
slapd[31675]: >>> slap_listener(ldap:///)
slapd[31675]: conn=14 fd=16 ACCEPT from IP=xx.xx.xx.xx:50396
(IP=0.0.0.0:389)
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=0 do_search
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=14 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[31675]: conn=14 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[31675]: => send_search_entry: conn 14 dn=""
slapd[31675]: <= send_search_entry: conn 14 exit.
slapd[31675]: send_ldap_result: conn=14 op=0 p=3
slapd[31675]: send_ldap_response: msgid=1 tag=101 err=0
slapd[31675]: conn=14 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=1 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=14 op=1 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: send_ldap_sasl: err=14 len=40
slapd[31675]: send_ldap_response: msgid=2 tag=97 err=14
slapd[31675]: conn=14 op=1 RESULT tag=97 err=14 text=SASL(0): successful
result: security flags do not match required
slapd[31675]: <== slap_sasl_bind: rc=14
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=2 do_bind
slapd[31675]: >>> dnPrettyNormal: <>
slapd[31675]: <<< dnPrettyNormal: <>, <>
slapd[31675]: conn=14 op=2 BIND dn="" method=163
slapd[31675]: do_bind: dn () SASL mech CRAM-MD5
slapd[31675]: slap_sasl_getdn: u:id converted to
uid=admin,cn=CRAM-MD5,cn=auth
slapd[31675]: >>> dnNormalize: <uid=admin,cn=CRAM-MD5,cn=auth>
slapd[31675]: <<< dnNormalize: <uid=admin,cn=cram-md5,cn=auth>
slapd[31675]: ==>slap_sasl2dn: converting SASL name
uid=admin,cn=cram-md5,cn=auth to a DN
slapd[31675]: slap_parseURI: parsing cn=admin,ou=People,dc=nimbios,dc=org
slapd[31675]: >>> dnNormalize: <cn=admin,ou=People,dc=nimbios,dc=org>
slapd[31675]: <<< dnNormalize: <cn=admin,ou=people,dc=nimbios,dc=org>
slapd[31675]: <==slap_sasl2dn: Converted SASL name to
cn=admin,ou=people,dc=nimbios,dc=org
slapd[31675]: slap_sasl_getdn: dn:id converted to
cn=admin,ou=people,dc=nimbios,dc=org
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("cn=admin,ou=people,dc=nimbios,dc=org")
slapd[31675]: slap_ap_lookup: str2ad(cmusaslsecretCRAM-MD5): attribute
type undefined
slapd[31675]: send_ldap_result: conn=14 op=2 p=3
slapd[31675]: conn=14 op=2 BIND authcid="admin" authzid="admin"
slapd[31675]: SASL Authorize [conn=14]: proxy authorization allowed
authzDN=""
slapd[31675]: send_ldap_sasl: err=0 len=-1
slapd[31675]: conn=14 op=2 BIND
dn="cn=admin,ou=people,dc=nimbios,dc=org" mech=CRAM-MD5 sasl_ssf=0 ssf=0
slapd[31675]: do_bind: SASL/CRAM-MD5 bind:
dn="cn=admin,ou=people,dc=nimbios,dc=org" sasl_ssf=0
slapd[31675]: send_ldap_response: msgid=3 tag=97 err=0
slapd[31675]: conn=14 op=2 RESULT tag=97 err=0 text=
slapd[31675]: <== slap_sasl_bind: rc=0
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: conn=14 op=3 do_search
slapd[31675]: >>> dnPrettyNormal: <dc=nimbios,dc=org>
slapd[31675]: <<< dnPrettyNormal: <dc=nimbios,dc=org>, <dc=nimbios,dc=org>
slapd[31675]: conn=14 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))"
slapd[31675]: ==> limits_get: conn=14 op=3
dn="cn=admin,ou=people,dc=nimbios,dc=org"
slapd[31675]: => hdb_search
slapd[31675]: bdb_dn2entry("dc=nimbios,dc=org")
slapd[31675]: search_candidates: base="dc=nimbios,dc=org" (0x00000001)
scope=2
slapd[31675]: => hdb_dn2idl("dc=nimbios,dc=org")
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: => bdb_equality_candidates (objectClass)
slapd[31675]: => key_read
slapd[31675]: <= bdb_index_read: failed (-30990)
slapd[31675]: <= bdb_equality_candidates: id=0, first=0, last=0
slapd[31675]: bdb_search_candidates: id=0 first=1 last=0
slapd[31675]: hdb_search: no candidates
slapd[31675]: send_ldap_result: conn=14 op=3 p=3
slapd[31675]: send_ldap_response: msgid=4 tag=101 err=0
slapd[31675]: conn=14 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[31675]: connection_get(17): got connid=13
slapd[31675]: connection_read(17): checking for input on id=13
slapd[31675]: ber_get_next on fd 17 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=13 sd=17 for close
slapd[31675]: connection_close: deferring conn=13 sd=17
slapd[31675]: conn=13 op=5 do_unbind
slapd[31675]: conn=13 op=5 UNBIND
slapd[31675]: connection_resched: attempting closing conn=13 sd=17
slapd[31675]: connection_close: conn=13 sd=17
slapd[31675]: conn=13 fd=17 closed
slapd[31675]: connection_get(16): got connid=14
slapd[31675]: connection_read(16): checking for input on id=14
slapd[31675]: ber_get_next on fd 16 failed errno=0 (Success)
slapd[31675]: connection_closing: readying conn=14 sd=16 for close
slapd[31675]: connection_close: deferring conn=14 sd=16
slapd[31675]: conn=14 op=4 do_unbind
slapd[31675]: conn=14 op=4 UNBIND
slapd[31675]: connection_resched: attempting closing conn=14 sd=16
slapd[31675]: connection_close: deferring conn=14 sd=16
slapd[31675]: connection_resched: attempting closing conn=14 sd=16
slapd[31675]: connection_close: conn=14 sd=16
slapd[31675]: conn=14 fd=16 closed
------------------------------------------------------------------------------
I really, really, really appreciate your help!
Michael
More information about the ubuntu-users
mailing list