[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Debug mode "fixes" authentication issue - race condition?
Hi
I'm testing OpenLDAP 2.3.27 (RPM) on Centos 5.2, used as a reverse
proxy to AD. When slapd is run with debugging disabled (or set to 0),
search requests throw the following error:
DSID-0C090627: In order to perform this operation a successful bind
must be completed on the connection.
When run with any other debug value, it returns the results correctly.
In both cases, the logs show a successful bind with the acl-bind user,
the search finds the correct result, and acl's show access granted to
read. The only difference is what is returned
Non-working:
Feb 19 11:17:20 localhost slapd[2916]: conn=0 op=1 ENTRY dn="cn=neil
garratt,ou=admins,ou=users,ou=cape town,ou=networks
unlimited,dc=nu,dc=local"
Feb 19 11:17:20 localhost slapd[2916]: <= send_search_entry: conn 0 exit.
Feb 19 11:17:20 localhost slapd[2916]: send_ldap_result: conn=0 op=1 p=3
Feb 19 11:17:20 localhost slapd[2916]: send_ldap_result: err=1
matched="" text="00000000: LdapErr: DSID-0C090627, comment: In order
to perform this operation a successful bind must be completed on the
connection., data 0, vece"
Feb 19 11:17:20 localhost slapd[2916]: send_ldap_response: msgid=2 tag=101 err=1
Feb 19 11:17:20 localhost slapd[2916]: conn=0 op=1 SEARCH RESULT
tag=101 err=1 nentries=1 text=00000000: LdapErr: DSID-0C090627,
comment: In order to perform this operation a successful bind must be
completed on the connection., data 0, vece
Working:
Feb 19 11:18:42 localhost slapd[2949]: conn=0 op=1 ENTRY dn="cn=neil
garratt,ou=admins,ou=users,ou=cape town,ou=networks
unlimited,dc=nu,dc=local"
Feb 19 11:18:42 localhost slapd[2949]: <= send_search_entry: conn 0 exit.
Feb 19 11:18:42 localhost slapd[2949]: send_ldap_result: conn=0 op=1 p=3
Feb 19 11:18:42 localhost slapd[2949]: send_ldap_result: err=0
matched="" text=""
Feb 19 11:18:42 localhost slapd[2949]: send_ldap_response: msgid=2 tag=101 err=0
Feb 19 11:18:42 localhost slapd[2949]: conn=0 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
slapd.conf:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous auth
loglevel any
database ldap
suffix "dc=nu,dc=local"
uri "ldap://cptdc1.nu.local"
acl-bind bindmethod=simple binddn="CN=LDAP,OU=Service
Accounts,DC=nu,DC=local" credentials="xxxxxxxxxxxx"