[Date Prev][Date Next] [Chronological] [Thread] [Top]

Auth with pam,nss and ldap processing ACL's



Hi all,
I have a problem with my ldapserver.
I want to authenticate through pam and nss with the help of ldap. 
I've build the DIT with slapadd and I'm using the Berkely db.
I've set up the server and the client and I can see my ldapdata on the
server using the 
ldap-tools like ldapsearch ( on the commandline) or gq on a GUI. So long so
good. 

Problem:
When i try to log in (using su) over ldap  on a configured ldap client i get
the 
errormessage "Resource temporarily unavailable" on the server (see listing
attached)
and the client (respective su) tells me that the requested user isn't
existent. 

I have no clue if this is a problem with the ACL's or of the used db.

I would appreciate every help i can get because I'm on this problem for
about
one week and i have no clue how to proceed.

Norbert Pieroth
Mail: pieroth.n@zdf.de
Tel: (049) 6131 70 8290

****************************************************************************
**************************
****************************************************************************
**************************
START Used Software
****************************************************************************
**************************
****************************************************************************
**************************

Server:
openldap2-2.0.11-6
openldap2-devel-2.0.11-6
openldap2-client-2.0.11-6
db-utils-3.1.17-56
db-3.1.17-56
gdbm-1.8.0-282

Client:
nss_ldap-150-15
pam_ldap-105-31
nss_db-2.1.92-49
gq-0.4.0-48

****************************************************************************
**************************
****************************************************************************
**************************
END Used Software
****************************************************************************
**************************
****************************************************************************
**************************


****************************************************************************
**************************
****************************************************************************
**************************
START Listing of ldap.conf
****************************************************************************
**************************
****************************************************************************
**************************

second:~ # more /etc/openldap/ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05
17:54:38 kurt Exp $
#
# LDAP Defaults
#
HOST            192.168.44.200
PORT            389
DEREF           always
BASE            ou=dbc
SCOPE           sub
TIMELIMIT       2
 
#PAM-specific parameters
#pam_groupdn   cn=sshd, ou=group, ou=dbcintern, ou=dbc
#pam_member_attribute   uid
#NSS-specific parameters
nss_base_passwd ou=people, ou=dbcintern, ou=dbc
nss_base_group  ou=group, ou=dbcintern, ou=dbc

****************************************************************************
**************************
****************************************************************************
**************************
END Listing of ldap.conf
****************************************************************************
**************************
****************************************************************************
**************************




****************************************************************************
**************************
****************************************************************************
**************************
START Listing of /etc/nsswitch.conf
****************************************************************************
**************************
****************************************************************************
**************************

passwd: files ldap
shadow: files ldap
group:  files ldap
 
#passwd: compat
#group:  compat
 
hosts:          files dns
networks:       files dns

... and so on! 

****************************************************************************
*************************
****************************************************************************
**************************
END Listing of /etc/nsswitch.conf
****************************************************************************
**************************
****************************************************************************
**************************




****************************************************************************
**************************
****************************************************************************
**************************
START Listing of /etc/pam.d/su
****************************************************************************
**************************
****************************************************************************
**************************

#%PAM-1.0
auth     required       /lib/security/pam_ldap.so
auth     optional       /lib/security/pam_warn.so
auth     sufficient     /lib/security/pam_rootok.so
auth     required       /lib/security/pam_unix.so       nullok #set_secrpc
account  required       /lib/security/pam_unix.so
password required       /lib/security/pam_unix.so
#session required       /lib/security/pam_homecheck.so
session  required       /lib/security/pam_mkhomedir.so  skel=/etc/skel
umask=0022
auth     optional       /lib/security/pam_warn.so
session  required       /lib/security/pam_unix.so       debug # none or
trace

****************************************************************************
**************************
****************************************************************************
**************************
END Listing of /etc/pam.d/su
****************************************************************************
**************************
****************************************************************************
**************************

****************************************************************************
**************************
****************************************************************************
**************************
START	SLAPD.CONF
****************************************************************************
**************************
****************************************************************************
**************************

# slapd.conf, ldap server einstellungen
argsfile        /var/run/slapd.args
pidfile         /var/run/slapd.pid
 
# Schema and objectClass definitions
include                 /etc/openldap/schema/core.schema
include                 /etc/openldap/schema/cosine.schema
include                 /etc/openldap/schema/inetorgperson.schema
include                 /etc/openldap/schema/nis.schema
include                 /etc/openldap/schema/krb5-kdc.schema
include                 /etc/openldap/schema/openldap.schema
include                 /etc/openldap/schema/corba.schema
include                 /etc/openldap/schema/java.schema
include                 /etc/openldap/schema/misc.schema
 
backend         ldbm
database        ldbm
directory       /var/lib/ldap
 
suffix          "ou=dbc"
rootdn          "cn=ldapcheffe, ou=dbc"
updatedn        "cn=ldapcheffe, ou=dbc"
rootpw          {crypt}cr5UGtIiuf17s
#index          default pres,eq
#index          objectclass,uid
schemacheck     on
 
 
include /usr/local/etc/openldap/slapd.access

****************************************************************************
**************************
****************************************************************************
**************************
END	SLAPD.CONF
****************************************************************************
**************************
****************************************************************************
**************************

****************************************************************************
**************************
****************************************************************************
**************************
START  SLAPD.ACCESS
****************************************************************************
**************************
****************************************************************************
**************************

# ACL List for /usr/local/etc/openldap/slapd.conf - file
#defaultaccess  read
 
access to attrs=userpassword
       by self write
       by anonymous auth
 
access to dn="(.*,)?ou=people,ou=dbcintern,ou=dbc"
        by self write
        by anonymous auth
 
access to dn="(.*,)?ou=group,ou=dbcintern,ou=dbc"
        by self write
        by anonymous auth
 
access to *
       by * read
 
****************************************************************************
**************************
****************************************************************************
**************************
END  SLAPD.ACCESS
****************************************************************************
**************************
****************************************************************************
**************************

****************************************************************************
**************************
****************************************************************************
**************************
START	DEBUGMESSAGES FROM SLAPD (look for (Resource temporarily
unavailable) )
        Client trys to login with su -l <client-name>
****************************************************************************
**************************
****************************************************************************
**************************


first:~ # /usr/lib/openldap/slapd     -d -1
@(#) $OpenLDAP: slapd 2.0.11-Release (Tue Jul 17 18:02:56 GMT 2001) $
        root@D136:/usr/src/packages/BUILD/openldap-2.0.11/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
reading config file /etc/openldap/slapd.conf
line 2 (argsfile        /var/run/slapd.args)
line 3 (pidfile         /var/run/slapd.pid)
line 6 (include                 /etc/openldap/schema/core.schema)
reading config file /etc/openldap/schema/core.schema
line 29 (attributetype ( 2.5.18.1 NAME 'createTimestamp' EQUALITY
generalizedTimeMatch ORDERING 
generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ))
line 35 (attributetype ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY
generalizedTimeMatch ORDERING 
generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ))
line 40 (attributetype ( 2.5.18.3 NAME 'creatorsName' EQUALITY
distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperation ))
line 45 (attributetype ( 2.5.18.4 NAME 'modifiersName' EQUALITY
distinguishedNameMatch SYNTAX 1.3.6.1.4

# Debugmessages of the schemas used 
                .
                .
                .

line 37 (objectclass ( 2.16.840.1.113730.3.2.TBD NAME
'inetLocalMailRecipient' DESC 'Internet 
local mail recipient' SUP top AUXILIARY MAY    ( mailLocalAddress $ mailHost
$ mailRoutingAddress ) ))
line 47 (attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember'
DESC 'rfc822 mail 
address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 ))
line 57 (objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC
'NIS mail alias' SUP 
top STRUCTURAL MUST cn MAY rfc822MailMember ))
line 16 (backend                ldbm)
line 17 (database       ldbm)
line 18 (directory       /var/lib/ldap)
line 20 (suffix         "ou=dbc")
line 21 (rootdn         "cn=ldapcheffe, ou=dbc")
line 22 (updatedn       "cn=ldapcheffe, ou=dbc")
line 23 (rootpw         {crypt}cr5UGtIiuf17s )
line 26 (schemacheck    on)
line 29 (include /usr/local/etc/openldap/slapd.access)
reading config file /usr/local/etc/openldap/slapd.access
line 6 (access to attrs=userpassword       by self write       by anonymous
auth)
Backend ACL: access to attrs=userpassword
        by self write (=wrscx)
        by anonymous auth (=x)

line 14 (access to dn="(.*,)?ou=people,ou=dbcintern,ou=dbc" by self write by
anonymous auth)
Backend ACL: access to dn.regex=(.*,)?ou=people,ou=dbcintern,ou=dbc
        by self write (=wrscx)
        by anonymous auth (=x)

line 18 (access to dn="(.*,)?ou=group,ou=dbcintern,ou=dbc" by self write by
anonymous auth)
Backend ACL: access to dn.regex=(.*,)?ou=group,ou=dbcintern,ou=dbc
        by self write (=wrscx)
        by anonymous auth (=x)

line 21 (access to *       by * read)
Backend ACL: access to *
        by * read (=rscx)

slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
###############################################################
###########     START su ######################################
###############################################################
daemon: activity on 1 descriptors
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=first, r=0
daemon: conn=0 fd=9 connection from IP=192.168.44.201:32830 (IP=:: 34049)
accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  0c                                                 .
ldap_read: want=12, got=12
  0000:  02 01 01 60 07 02 01 03  04 00 80 00               ...`........
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x080d7b30 ptr=0x080d7b30 end=0x080d7b3c len=12
  0000:  02 01 01 60 07 02 01 03  04 00 80 00               ...`........
do_bind
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
<===== error
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080d7b30 ptr=0x080d7b33 end=0x080d7b3c len=9
  0000:  60 07 02 01 03 04 00 80  00                        `........
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080d7b30 ptr=0x080d7b3a end=0x080d7b3c len=2
  0000:  80 00                                              ..
do_bind: version=3 dn="" method=128
daemon: select: listen=6 active_threads=1 tvp=NULL
conn=0 op=0 BIND dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: 0::
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 9
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
conn=0 op=0 RESULT tag=97 err=0 text=
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  81                                                 .
ldap_read: want=1, got=1
  0000:  ce                                                 .
ldap_read: want=206, got=206
  0000:  02 01 02 63 81 c8 04 1f  6f 75 3d 70 65 6f 70 6c   ...c....ou=peopl
  0010:  65 2c 20 6f 75 3d 64 62  63 69 6e 74 65 72 6e 2c   e, ou=dbcintern,
  0020:  20 6f 75 3d 64 62 63 0a  01 02 0a 01 03 02 01 01    ou=dbc.........
  0030:  02 01 02 01 01 00 a0 2b  a3 1b 04 0b 6f 62 6a 65   .......+....obje
  0040:  63 74 63 6c 61 73 73 04  0c 70 6f 73 69 78 41 63   ctclass..posixAc
  0050:  63 6f 75 6e 74 a3 0c 04  03 75 69 64 04 05 50 75   count....uid..Pu
  0060:  63 6b 53 30 69 04 03 75  69 64 04 0c 75 73 65 72   ckS0i..uid..user
  0070:  50 61 73 73 77 6f 72 64  04 09 75 69 64 4e 75 6d   Password..uidNum
  0080:  62 65 72 04 09 67 69 64  4e 75 6d 62 65 72 04 02   ber..gidNumber..
  0090:  63 6e 04 0d 68 6f 6d 65  44 69 72 65 63 74 6f 72   cn..homeDirector
  00a0:  79 04 0a 6c 6f 67 69 6e  53 68 65 6c 6c 04 05 67   y..loginShell..g
  00b0:  65 63 6f 73 04 0b 64 65  73 63 72 69 70 74 69 6f   ecos..descriptio
  00c0:  6e 04 0b 6f 62 6a 65 63  74 43 6c 61 73 73         n..objectClass
ber_get_next: tag 0x30 len 206 contents:
ber_dump: buf=0x080d7c50 ptr=0x080d7c50 end=0x080d7d1e len=206
  0000:  02 01 02 63 81 c8 04 1f  6f 75 3d 70 65 6f 70 6c   ...c....ou=peopl
  0010:  65 2c 20 6f 75 3d 64 62  63 69 6e 74 65 72 6e 2c   e, ou=dbcintern,
  0020:  20 6f 75 3d 64 62 63 0a  01 02 0a 01 03 02 01 01    ou=dbc.........
  0030:  02 01 02 01 01 00 a0 2b  a3 1b 04 0b 6f 62 6a 65   .......+....obje
  0040:  63 74 63 6c 61 73 73 04  0c 70 6f 73 69 78 41 63   ctclass..posixAc
  0050:  63 6f 75 6e 74 a3 0c 04  03 75 69 64 04 05 50 75   count....uid..Pu
  0060:  63 6b 53 30 69 04 03 75  69 64 04 0c 75 73 65 72   ckS0i..uid..user
  0070:  50 61 73 73 77 6f 72 64  04 09 75 69 64 4e 75 6d   Password..uidNum
  0080:  62 65 72 04 09 67 69 64  4e 75 6d 62 65 72 04 02   ber..gidNumber..
  0090:  63 6e 04 0d 68 6f 6d 65  44 69 72 65 63 74 6f 72   cn..homeDirector
  00a0:  79 04 0a 6c 6f 67 69 6e  53 68 65 6c 6c 04 05 67   y..loginShell..g
  00b0:  65 63 6f 73 04 0b 64 65  73 63 72 69 70 74 69 6f   ecos..descriptio
  00c0:  6e 04 0b 6f 62 6a 65 63  74 43 6c 61 73 73         n..objectClass
deferring operation
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
<===== error
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind: v3 anonymous bind
daemon: select: listen=6 active_threads=1 tvp=NULL
do_search
ber_scanf fmt ({aiiiib) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7c53 end=0x080d7d1e len=203
  0000:  63 81 c8 04 1f 6f 75 3d  70 65 6f 70 6c 65 2c 20   c....ou=people,
  0010:  6f 75 3d 64 62 63 69 6e  74 65 72 6e 2c 20 6f 75   ou=dbcintern, ou
  0020:  3d 64 62 63 0a 01 02 0a  01 03 02 01 01 02 01 02   =dbc............
  0030:  01 01 00 a0 2b a3 1b 04  0b 6f 62 6a 65 63 74 63   ....+....objectc
  0040:  6c 61 73 73 04 0c 70 6f  73 69 78 41 63 63 6f 75   lass..posixAccou
  0050:  6e 74 a3 0c 04 03 75 69  64 04 05 50 75 63 6b 53   nt....uid..PuckS
  0060:  30 69 04 03 75 69 64 04  0c 75 73 65 72 50 61 73   0i..uid..userPas
  0070:  73 77 6f 72 64 04 09 75  69 64 4e 75 6d 62 65 72   sword..uidNumber
  0080:  04 09 67 69 64 4e 75 6d  62 65 72 04 02 63 6e 04   ..gidNumber..cn.
  0090:  0d 68 6f 6d 65 44 69 72  65 63 74 6f 72 79 04 0a   .homeDirectory..
  00a0:  6c 6f 67 69 6e 53 68 65  6c 6c 04 05 67 65 63 6f   loginShell..geco
  00b0:  73 04 0b 64 65 73 63 72  69 70 74 69 6f 6e 04 0b   s..description..
  00c0:  6f 62 6a 65 63 74 43 6c  61 73 73                  objectClass
SRCH "ou=people, ou=dbcintern, ou=dbc" 2 3    1 2 0
begin get_filter
AND
begin get_filter_list
begin get_filter
EQUALITY
ber_scanf fmt ({oo}) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7c88 end=0x080d7d1e len=150
  0000:  a3 1b 04 0b 6f 62 6a 65  63 74 63 6c 61 73 73 04   ....objectclass.
  0010:  0c 70 6f 73 69 78 41 63  63 6f 75 6e 74 a3 0c 04   .posixAccount...
  0020:  03 75 69 64 04 05 50 75  63 6b 53 30 69 04 03 75   .uid..PuckS0i..u
  0030:  69 64 04 0c 75 73 65 72  50 61 73 73 77 6f 72 64   id..userPassword
  0040:  04 09 75 69 64 4e 75 6d  62 65 72 04 09 67 69 64   ..uidNumber..gid
  0050:  4e 75 6d 62 65 72 04 02  63 6e 04 0d 68 6f 6d 65   Number..cn..home
  0060:  44 69 72 65 63 74 6f 72  79 04 0a 6c 6f 67 69 6e   Directory..login
  0070:  53 68 65 6c 6c 04 05 67  65 63 6f 73 04 0b 64 65   Shell..gecos..de
  0080:  73 63 72 69 70 74 69 6f  6e 04 0b 6f 62 6a 65 63   scription..objec
  0090:  74 43 6c 61 73 73                                  tClass
end get_filter 0
begin get_filter
EQUALITY
ber_scanf fmt ({oo}) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7ca5 end=0x080d7d1e len=121
  0000:  a3 0c 04 03 75 69 64 04  05 50 75 63 6b 53 30 69   ....uid..PuckS0i
  0010:  04 03 75 69 64 04 0c 75  73 65 72 50 61 73 73 77   ..uid..userPassw
  0020:  6f 72 64 04 09 75 69 64  4e 75 6d 62 65 72 04 09   ord..uidNumber..
  0030:  67 69 64 4e 75 6d 62 65  72 04 02 63 6e 04 0d 68   gidNumber..cn..h
  0040:  6f 6d 65 44 69 72 65 63  74 6f 72 79 04 0a 6c 6f   omeDirectory..lo
  0050:  67 69 6e 53 68 65 6c 6c  04 05 67 65 63 6f 73 04   ginShell..gecos.
  0060:  0b 64 65 73 63 72 69 70  74 69 6f 6e 04 0b 6f 62   .description..ob
  0070:  6a 65 63 74 43 6c 61 73  73                        jectClass
end get_filter 0
end get_filter_list
end get_filter 0
    filter: (&(objectClass=posixAccount)(uid=PuckS))
ber_scanf fmt ({v}}) ber:
ber_dump: buf=0x080d7c50 ptr=0x080d7cb3 end=0x080d7d1e len=107
  0000:  30 69 04 03 75 69 64 04  0c 75 73 65 72 50 61 73   0i..uid..userPas
  0010:  73 77 6f 72 64 04 09 75  69 64 4e 75 6d 62 65 72   sword..uidNumber
  0020:  04 09 67 69 64 4e 75 6d  62 65 72 04 02 63 6e 04   ..gidNumber..cn.
  0030:  0d 68 6f 6d 65 44 69 72  65 63 74 6f 72 79 04 0a   .homeDirectory..
  0040:  6c 6f 67 69 6e 53 68 65  6c 6c 04 05 67 65 63 6f   loginShell..geco
  0050:  73 04 0b 64 65 73 63 72  69 70 74 69 6f 6e 04 0b   s..description..
  0060:  6f 62 6a 65 63 74 43 6c  61 73 73                  objectClass
    attrs: uid userPassword uidNumber gidNumber cn homeDirectory loginShell
gecos description objectClass
conn=0 op=1 SRCH base="ou=people, ou=dbcintern, ou=dbc" scope=2
filter="(&(objectClass=posixAccount)(uid=PuckS))"
=> ldbm_back_search
dn2entry_r: dn: "OU=PEOPLE,OU=DBCINTERN,OU=DBC"
=> dn2id( "OU=PEOPLE,OU=DBCINTERN,OU=DBC" )
=> ldbm_cache_open( "/var/lib/ldap/dn2id.dbb", 7, 600 )
ldbm_cache_open (blksize 4096) (maxids 1022) (maxindirect 9)
<= ldbm_cache_open (opened 0)
<= dn2id 6
=> id2entry_r( 6 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
ldbm_cache_open (blksize 4096) (maxids 1022) (maxindirect 9)
<= ldbm_cache_open (opened 1)
=> str2entry
<= str2entry(ou=people, ou=dbcintern, ou=dbc) -> -1 (0x80d8bd0)
entry_rdwr_rlock: ID: 6
<= id2entry_r( 6 ) 0x80d8bd0 (disk)
search_candidates: base="OU=PEOPLE,OU=DBCINTERN,OU=DBC" s=2 d=3
=> filter_candidates
        AND

... break because to much debugging


====> cache_return_entry_r( 6 ): created (0)
=> id2entry_r( 6 )
entry_rdwr_rtrylock: ID: 6
====> cache_find_entry_id( 6 ) "ou=people, ou=dbcintern, ou=dbc" (found) (1
tries)
<= id2entry_r( 6 ) 0x80d8bd0 (cache)
=> test_filter
    AND
=> test_filter_and
=> test_filter
    EQUALITY
=> access_allowed: search access to "ou=people, ou=dbcintern, ou=dbc"
"objectClass" requested
=> acl_get: [1] check attr objectClass
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl ou=people, ou=dbcintern, ou=dbc attr: objectClass
=> acl_mask: access to entry "ou=people, ou=dbcintern, ou=dbc", attr
"objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
=> test_filter
    EQUALITY
=> access_allowed: search access to "ou=people, ou=dbcintern, ou=dbc" "uid"
requested
=> acl_get: [1] check attr uid
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr uid
<= acl_get: [2] acl ou=people, ou=dbcintern, ou=dbc attr: uid
=> acl_mask: access to entry "ou=people, ou=dbcintern, ou=dbc", attr "uid"
requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
<= test_filter_and 50
<= test_filter 50
ldbm_search: candidate 6 does not match filter
entry_rdwr_runlock: ID: 6
====> cache_return_entry_r( 6 ): returned (0)
=> id2entry_r( 7 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(uid=PuckS, ou=people, ou=dbcintern, ou=dbc) -> -1 (0x80d8e40)
entry_rdwr_rlock: ID: 7
<= id2entry_r( 7 ) 0x80d8e40 (disk)
=> test_filter
    AND
=> test_filter_and
=> test_filter
    EQUALITY
=> access_allowed: search access to "uid=PuckS, ou=people, ou=dbcintern,
ou=dbc" "objectClass" requested
=> acl_get: [1] check attr objectClass
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl uid=PuckS, ou=people, ou=dbcintern, ou=dbc attr:
objectClass
=> acl_mask: access to entry "uid=PuckS, ou=people, ou=dbcintern, ou=dbc",
attr "objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
=> test_filter
    EQUALITY
=> access_allowed: search access to "uid=PuckS, ou=people, ou=dbcintern,
ou=dbc" "uid" requested
=> acl_get: [1] check attr uid
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr uid
<= acl_get: [2] acl uid=PuckS, ou=people, ou=dbcintern, ou=dbc attr: uid
=> acl_mask: access to entry "uid=PuckS, ou=people, ou=dbcintern, ou=dbc",
attr "uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
<= test_filter_and 50
<= test_filter 50
ldbm_search: candidate 7 does not match filter
entry_rdwr_runlock: ID: 7
====> cache_return_entry_r( 7 ): created (0)
=> id2entry_r( 8 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(uid=MayerRa, ou=people, ou=dbcintern, ou=dbc) -> -1 (0x80d9460)
entry_rdwr_rlock: ID: 8
<= id2entry_r( 8 ) 0x80d9460 (disk)
=> test_filter
    AND
=> test_filter_and
=> test_filter


... break because of too much debugging

=> access_allowed: search access to "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc" "objectClass" requested
=> acl_get: [1] check attr objectClass
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl uid=PierothN, ou=people, ou=dbcintern, ou=dbc attr:
objectClass
=> acl_mask: access to entry "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc", attr "objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
=> test_filter
    EQUALITY
=> access_allowed: search access to "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc" "uid" requested
=> acl_get: [1] check attr uid
=> dnpat: [2] (.*,)?ou=people,ou=dbcintern,ou=dbc nsub: 1
=> acl_get: [2] matched
=> acl_get: [2] check attr uid
<= acl_get: [2] acl uid=PierothN, ou=people, ou=dbcintern, ou=dbc attr: uid
=> acl_mask: access to entry "uid=PierothN, ou=people, ou=dbcintern,
ou=dbc", attr "uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: search access denied by auth (=x)
<= test_filter 50
<= test_filter_and 50
<= test_filter 50
ldbm_search: candidate 10 does not match filter
entry_rdwr_runlock: ID: 10
====> cache_return_entry_r( 10 ): created (0)
=> id2entry_r( 11 )
=> ldbm_cache_open( "/var/lib/ldap/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(uid=GoeldnerL, ou=people, ou=dbcintern, ou=dbc) -> -1
(0x80db1f0)
entry_rdwr_rlock: ID: 11
<= id2entry_r( 11 ) 0x80db1f0 (disk)
=> test_filter
    AND
=> test_filter_and
=> test_filter

... break because of too much debugging
====> cache_return_entry_r( 12 ): created (0)
send_ldap_search_result 0::
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 9
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00         0....e........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00         0....e........
conn=0 op=1 SEARCH RESULT tag=101 err=0 text=
##########################
##### End su #############
##########################

****************************************************************************
**************************
****************************************************************************
**************************
END	DEBUGMESSAGES FROM SLAPD (look for (Resource temporarily
unavailable) )
****************************************************************************
**************************
****************************************************************************
**************************