[Date Prev][Date Next] [Chronological] [Thread] [Top]

trying to understand log output and authentication



Hi all. 

my LDAP server is completely stock Redhat 7.3 - which is OpenLDAP 2.0.25
IIRC.  His name is 'pengo'. 

I have another box that's just a general purpose SSH (test) server.  His
name is fishhead. 

My loglevel is 256, and after much time trying to get fishhead to use
pengo to authenticate SSH clients, I finally got it to work.  However,
I'm a little confused and quite disturbed by the output in the logs. 
This output was generated by me ssh'ing to fishhead, issuing the correct
password, getting in, and then issuing the 'exit' command.  If anyone
can explain why there's all of this traffic and this many connections to
the LDAP server and what's happening, this would be a universe of help. 
I've spaced the entries so it's easier to distinguish one from the
other.  

===================================================================================

Feb  4 10:36:26 pengo slapd[18080]: daemon: conn=43 fd=9 connection from
IP=111.111.6.22:34407 (IP=0.0.0.0:34049) accepted. 

Feb  4 10:36:26 pengo slapd[18084]: conn=43 op=0 BIND
dn="CN=MANAGER,DC=MY,DC=DOMAIN,DC=COM" method=128 

Feb  4 10:36:26 pengo slapd[18084]: conn=43 op=0 RESULT tag=97 err=0
text= 

Feb  4 10:36:26 pengo slapd[18159]: conn=43 op=1 SRCH
base="dc=my,dc=domain,dc=com" scope=2 filter="(uid=root)" 

Feb  4 10:36:26 pengo slapd[18159]: conn=43 op=1 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:26 pengo slapd[18084]: conn=43 op=2 SRCH
base="dc=my,dc=domain,dc=com" scope=2
filter="(&(objectClass=posixGroup)(memberUid=root))" 

Feb  4 10:36:26 pengo slapd[18084]: conn=43 op=2 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:26 pengo slapd[18080]: daemon: conn=44 fd=15 connection
from IP=111.111.6.22:34409 (IP=0.0.0.0:34049) accepted. 

Feb  4 10:36:26 pengo slapd[18159]: conn=44 op=0 BIND
dn="CN=MANAGER,DC=MY,DC=DOMAIN,DC=COM" method=128 

Feb  4 10:36:26 pengo slapd[18159]: conn=44 op=0 RESULT tag=97 err=0
text= 

Feb  4 10:36:26 pengo slapd[18084]: conn=44 op=1 SRCH
base="dc=my,dc=domain,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=xjonesy))" 

Feb  4 10:36:26 pengo slapd[18084]: conn=44 op=1 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:30 pengo slapd[18080]: daemon: conn=45 fd=16 connection
from IP=111.111.6.22:34410 (IP=0.0.0.0:34049) accepted. 

Feb  4 10:36:30 pengo slapd[18159]: conn=45 op=0 BIND
dn="CN=MANAGER,DC=MY,DC=DOMAIN,DC=COM" method=128 

Feb  4 10:36:30 pengo slapd[18159]: conn=45 op=0 RESULT tag=97 err=0
text= 

Feb  4 10:36:30 pengo slapd[18084]: conn=45 op=1 SRCH
base="dc=my,dc=domain,dc=com" scope=2 filter="(uid=xjonesy)" 

Feb  4 10:36:30 pengo slapd[18084]: conn=45 op=1 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:30 pengo slapd[18159]: conn=45 op=2 BIND
dn="UID=XJONESY,OU=PEOPLE,DC=MY,DC=DOMAIN,DC=COM" method=128 

Feb  4 10:36:30 pengo slapd[18159]: conn=45 op=2 RESULT tag=97 err=0
text= 

Feb  4 10:36:30 pengo slapd[18084]: conn=45 op=3 BIND
dn="CN=MANAGER,DC=MY,DC=DOMAIN,DC=COM" method=128 

Feb  4 10:36:30 pengo slapd[18084]: conn=45 op=3 RESULT tag=97 err=0
text= 

Feb  4 10:36:30 pengo slapd[18080]: daemon: conn=46 fd=17 connection
from IP=111.111.6.22:34411 (IP=0.0.0.0:34049) accepted. 

Feb  4 10:36:30 pengo slapd[18159]: conn=46 op=0 BIND
dn="CN=MANAGER,DC=MY,DC=DOMAIN,DC=COM" method=128 

Feb  4 10:36:30 pengo slapd[18159]: conn=46 op=0 RESULT tag=97 err=0
text= 

Feb  4 10:36:30 pengo slapd[18084]: conn=46 op=1 SRCH
base="dc=my,dc=domain,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=xjonesy))" 

Feb  4 10:36:30 pengo slapd[18084]: conn=46 op=1 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:30 pengo slapd[18159]: conn=46 op=2 SRCH
base="dc=my,dc=domain,dc=com" scope=2 filter="(uid=xjonesy)" 

Feb  4 10:36:30 pengo slapd[18159]: conn=46 op=2 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:30 pengo slapd[18084]: conn=46 op=3 SRCH
base="dc=my,dc=domain,dc=com" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=xjonesy)(uniqueMember=uid=xjonesy,ou=People,dc=my,dc=domain,dc=com)))" 
Feb  4 10:36:30 pengo slapd[18084]: conn=46 op=3 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:30 pengo slapd[18080]: conn=-1 fd=17 closed 

Feb  4 10:36:33 pengo slapd[18159]: conn=44 op=2 SRCH
base="dc=my,dc=domain,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=xjonesy))" 

Feb  4 10:36:33 pengo slapd[18159]: conn=44 op=2 SEARCH RESULT tag=101
err=0 text= 

Feb  4 10:36:33 pengo slapd[18084]: conn=45 op=4 UNBIND 

Feb  4 10:36:33 pengo slapd[18084]: conn=-1 fd=16 closed 

Feb  4 10:36:33 pengo slapd[18080]: conn=-1 fd=15 closed 

Feb  4 10:36:33 pengo slapd[18080]: conn=-1 fd=9 closed 
========================================================================

To a newbie, it looks like fishhead itself is first binding to the LDAP
server, using credentials from ldap.secret (how do I get to where I
*don't* need this file?) and info from /etc/ldap.conf.  Only then can it
send the information to authenticate the user.  Is this much correct? 
I'm having trouble finding docs on what's happening in this process. 
All I see is 'make sure pam_ldap and nss_ldap are installed, do this,
and it should work'.  This info alone is great until something *doesn't*
work.

Any filled gaps are enormously appreciated.  

brian.
-- 

Brian K. Jones
System Administrator
Dept. of Computer Science, Princeton University
jonesy@cs.princeton.edu
http://www.linuxlaboratory.org
http://phat.sourceforge.net
Voice: (609) 258-6080