[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL + Replica



Am Donnerstag, 9. September 2004 19:18 schrieben Sie:
> At 09:55 AM 9/9/2004, Quanah Gibson-Mount wrote:
> >--On Thursday, September 09, 2004 2:09 PM +0200 Andreas Zimmermann 
<And.Zimmermann@web.de> wrote:
> >>Hi everybody!
> >>I´ve got a problem using tls for replication.
> >>First of all I´ve setted up 2 hosts with openldap and tls. Both work
> >>fine. Now  Im stuck setting up replica via tls. I´ve added those lines on
> >>master:
> >>
> >>replica host=rincewind.octo-soft.de:636
> >>binddn="cn=Manager,o=OctoSoft,dc=de"
> >>bindmethod=simple credentials=secret
> >>
> >>and slurpd is starting up too.
> >>When is start ldap on master the following lines appear in replicas log:
> >>Sep  9 14:02:29 rincewind slapd[15158]: conn=17 fd=7 ACCEPT from
> >>IP=192.168.42.11:1988 (IP=:: 636)
> >>Sep  9 14:02:29 rincewind slapd[15158]: conn=17 fd=7 closed
> >
> >This looks like you are using SSL, not TLS.  Which one do you want?
>
> SSL == TLS.
>
> The problem here is that the user didn't select a mechanism
> to establish TLS (SSL).  That is, neither selected Start TLS nor
> ldaps://.

Yes, exactly there was the problem. 
Is there a solution for adding new users into ldap via the adduser/useradd 
script? Or do I always have to add them manually?

And I get an strange error on replica when I want to add a new user. Here´s 
the message:
adding new entry "cn=dummkopf, ou=Users, o=OctoSoft,dc=de"
ldapadd: update failed: cn=dummkopf, ou=Users, o=OctoSoft,dc=de
ldap_add: Internal (implementation specific) error (80)
additional info: no structuralObjectClass operational attribute
See attached logfile for additional info.

Doing this on master works fine and replica is updated too (now with ssl :-D )

Thanks Andi



Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: new connection on 7
Sep 10 11:52:16 rincewind slapd[18253]: conn=10 fd=7 ACCEPT from IP=192.168.42.121:40157 (IP=:: 636)
Sep 10 11:52:16 rincewind slapd[18253]: daemon: added 7r
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on:
Sep 10 11:52:16 rincewind slapd[18253]:
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on:
Sep 10 11:52:16 rincewind slapd[18253]:  7r
Sep 10 11:52:16 rincewind slapd[18253]:
Sep 10 11:52:16 rincewind slapd[18253]: daemon: read activity on 7
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7)
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7): got connid=10
Sep 10 11:52:16 rincewind slapd[18253]: connection_read(7): checking for input on id=10
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on:
Sep 10 11:52:16 rincewind slapd[18253]:  7r
Sep 10 11:52:16 rincewind slapd[18253]:
Sep 10 11:52:16 rincewind slapd[18253]: daemon: read activity on 7
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7)
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7): got connid=10
Sep 10 11:52:16 rincewind slapd[18253]: connection_read(7): checking for input on id=10
Sep 10 11:52:16 rincewind slapd[18253]: connection_read(7): unable to get TLS client DN, error=49 id=10
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on:
Sep 10 11:52:16 rincewind slapd[18253]:  7r
Sep 10 11:52:16 rincewind slapd[18253]:
Sep 10 11:52:16 rincewind slapd[18253]: daemon: read activity on 7
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7)
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7): got connid=10
Sep 10 11:52:16 rincewind slapd[18253]: connection_read(7): checking for input on id=10
Sep 10 11:52:16 rincewind slapd[18259]: do_bind
Sep 10 11:52:16 rincewind slapd[18253]: ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
Sep 10 11:52:16 rincewind slapd[18259]: >>> dnPrettyNormal: <cn=Manager,o=OctoSoft,dc=de>
Sep 10 11:52:16 rincewind slapd[18259]: <<< dnPrettyNormal: <cn=Manager,o=OctoSoft,dc=de>, <cn=manager,o=octosoft,dc=de>
Sep 10 11:52:16 rincewind slapd[18259]: do_bind: version=3 dn="cn=Manager,o=OctoSoft,dc=de" method=128
Sep 10 11:52:16 rincewind slapd[18259]: conn=10 op=0 BIND dn="cn=Manager,o=OctoSoft,dc=de" method=128
Sep 10 11:52:16 rincewind slapd[18259]: ==> ldbm_back_bind: dn: cn=Manager,o=OctoSoft,dc=de
Sep 10 11:52:16 rincewind slapd[18259]: conn=10 op=0 BIND dn="cn=Manager,o=OctoSoft,dc=de" mech=SIMPLE ssf=0
Sep 10 11:52:16 rincewind slapd[18259]: do_bind: v3 bind: "cn=Manager,o=OctoSoft,dc=de" to "cn=Manager,o=OctoSoft,dc=de"
Sep 10 11:52:16 rincewind slapd[18259]: send_ldap_result: conn=10 op=0 p=3
Sep 10 11:52:16 rincewind slapd[18259]: send_ldap_result: err=0 matched="" text=""
Sep 10 11:52:16 rincewind slapd[18259]: send_ldap_response: msgid=1 tag=97 err=0
Sep 10 11:52:16 rincewind slapd[18259]: conn=10 op=0 RESULT tag=97 err=0 text=
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on:
Sep 10 11:52:16 rincewind slapd[18253]:  7r
Sep 10 11:52:16 rincewind slapd[18253]:
Sep 10 11:52:16 rincewind slapd[18253]: daemon: read activity on 7
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7)
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7): got connid=10
Sep 10 11:52:16 rincewind slapd[18253]: connection_read(7): checking for input on id=10
Sep 10 11:52:16 rincewind slapd[18253]: ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18255]: do_add
Sep 10 11:52:16 rincewind slapd[18255]: >>> dnPrettyNormal: <cn=tester20, ou=Users, o=OctoSoft,dc=de>
Sep 10 11:52:16 rincewind slapd[18255]: <<< dnPrettyNormal: <cn=tester20,ou=Users,o=OctoSoft,dc=de>, <cn=tester20,ou=users,o=octosoft,dc=de>
Sep 10 11:52:16 rincewind slapd[18255]: do_add: dn (cn=tester20,ou=Users,o=OctoSoft,dc=de)
Sep 10 11:52:16 rincewind slapd[18255]: conn=10 op=1 ADD dn="cn=tester20,ou=Users,o=OctoSoft,dc=de"
Sep 10 11:52:16 rincewind slapd[18255]: dn2entry_r: dn: "cn=tester20,ou=users,o=octosoft,dc=de"
Sep 10 11:52:16 rincewind slapd[18255]: => dn2id( "cn=tester20,ou=users,o=octosoft,dc=de" )
Sep 10 11:52:16 rincewind slapd[18255]: => ldbm_cache_open( "/var/lib/ldap/OctoSoft/dn2id.gdbm", 34, 600 )
Sep 10 11:52:16 rincewind slapd[18255]: <= ldbm_cache_open (cache 0)
Sep 10 11:52:16 rincewind slapd[18255]: <= dn2id NOID
Sep 10 11:52:16 rincewind slapd[18255]: dn2entry_r: dn: "ou=users,o=octosoft,dc=de"
Sep 10 11:52:16 rincewind slapd[18255]: => dn2id( "ou=users,o=octosoft,dc=de" )
Sep 10 11:52:16 rincewind slapd[18255]: ====> cache_find_entry_ndn2id("ou=users,o=octosoft,dc=de"): 2 (1 tries)
Sep 10 11:52:16 rincewind slapd[18255]: <= dn2id 2 (in cache)
Sep 10 11:52:16 rincewind slapd[18255]: => id2entry_r( 2 )
Sep 10 11:52:16 rincewind slapd[18255]: ====> cache_find_entry_id( 2 ) "ou=Users,o=OctoSoft,dc=de" (found) (1 tries)
Sep 10 11:52:16 rincewind slapd[18255]: <= id2entry_r( 2 ) 0x81600a8 (cache)
Sep 10 11:52:16 rincewind slapd[18255]: ldbm_referrals: op=104 target="cn=tester20,ou=Users,o=OctoSoft,dc=de" matched="ou=Users,o=OctoSoft,dc=de"
Sep 10 11:52:16 rincewind slapd[18255]: ====> cache_return_entry_r( 2 ): returned (0)
Sep 10 11:52:16 rincewind slapd[18255]: ==> ldbm_back_add: cn=tester20,ou=Users,o=OctoSoft,dc=de
Sep 10 11:52:16 rincewind slapd[18255]: No structuralObjectClass for entry (cn=tester20,ou=Users,o=OctoSoft,dc=de)
Sep 10 11:52:16 rincewind slapd[18255]: entry failed schema check: no structuralObjectClass operational attribute
Sep 10 11:52:16 rincewind slapd[18255]: send_ldap_result: conn=10 op=1 p=3
Sep 10 11:52:16 rincewind slapd[18255]: send_ldap_result: err=80 matched="" text="no structuralObjectClass operational attribute"
Sep 10 11:52:16 rincewind slapd[18255]: send_ldap_response: msgid=2 tag=105 err=80
Sep 10 11:52:16 rincewind slapd[18255]: conn=10 op=1 RESULT tag=105 err=80 text=no structuralObjectClass operational attribute
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on:
Sep 10 11:52:16 rincewind slapd[18253]:  7r
Sep 10 11:52:16 rincewind slapd[18253]:
Sep 10 11:52:16 rincewind slapd[18253]: daemon: read activity on 7
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7)
Sep 10 11:52:16 rincewind slapd[18253]: connection_get(7): got connid=10
Sep 10 11:52:16 rincewind slapd[18253]: connection_read(7): checking for input on id=10
Sep 10 11:52:16 rincewind slapd[18253]: ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=1 tvp=zero
Sep 10 11:52:16 rincewind slapd[18259]: do_unbind
Sep 10 11:52:16 rincewind slapd[18259]: conn=10 op=2 UNBIND
Sep 10 11:52:16 rincewind slapd[18259]: connection_closing: readying conn=10 sd=7 for close
Sep 10 11:52:16 rincewind slapd[18259]: connection_resched: attempting closing conn=10 sd=7
Sep 10 11:52:16 rincewind slapd[18259]: connection_close: conn=10 sd=7
Sep 10 11:52:16 rincewind slapd[18259]: daemon: removing 7
Sep 10 11:52:16 rincewind slapd[18259]: conn=10 fd=7 closed
Sep 10 11:52:16 rincewind slapd[18253]: daemon: activity on 1 descriptors
Sep 10 11:52:16 rincewind slapd[18253]: daemon: select: listen=6 active_threads=0 tvp=NULL