[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
"control unavailable in context" error even while using back-bdb
Hi All,
I am struggling to get a client machine to authenticate against an
openldap server. Any help greatly appreciated.
Server OS - SuSE 9.2 Pro
OpenLDAP - openldap2-2.3.3beta-0.1 (using a binary rpm from SuSE mirror)
This version of OL is supposed to support ppolicy schema and that is the
main reason I am testing it. Here are some observations that I have
made, please correct me if I am wrong.
The default backend database is BDB. But if the checkpointing directive
is enabled with BDB, slapd server segfaults (invariably). If I disable
this directive, issue goes away. If I change the backend to LDBM (as
that is what I use in my current production OpenLDAP server), then there
is no segfault issue, but looks like only back-bdb or back-hdb can
handle pagedResultsControl, so I decided to stick with BDB.
I can successfully do a "ldapsearch" to the server, but I can't
authenticate against it. The following lines can be seen in the server's
log.
Jun 20 11:54:57 huttonlinux slapd[15029]: conn=3 op=2 RESULT tag=97
err=53 text=control unavailable in context
A detailed log (-d 9) gives this:
slap_global_control: unavailable control: 1.3.6.1.4.1.42.2.27.8.5.1
(seems to be ppolicy related control)
send_ldap_result: conn=16 op=2 p=3
send_ldap_response: msgid=3 tag=97 err=53
Here is my slapd.conf:
##################################################################
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
allow bind_v2 bind_anon_dn
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attr=userPassword,userPKCS12,sambaNTPassword,sambaLMPassword
by self write
by anonymous auth
by * read
access to attr=shadowLastChange
by self write
by * auth
access to *
by * read
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/keys/cacert.pem
TLSCertificateFile /etc/openldap/keys/servercrt.pem
TLSCertificateKeyFile /etc/openldap/keys/serverkey.pem
TLSVerifyClient demand
password-hash {SSHA}
#######################################################################
# BDB database definitions
#######################################################################
database bdb
cachesize 10000
suffix "o=example,c=com"
rootdn "cn=Manager,o=example,c=com"
rootpw secret
directory /var/lib/ldap
index objectClass,uid,uidNumber,gidNumber pres,eq
index cn,mail,sn,givenname eq,sub
index memberUID,sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
#################################################################################
Here is my /etc/openldap/ldap.conf
###############################################################################
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04
19:57:01 kurt Exp $
#
# LDAP Defaults
#
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT demand
TLS_CACERT /etc/openldap/keys.new/cacert.pem
TLS_CERT /etc/openldap/keys.new/servercrt.pem
TLS_KEY /etc/openldap/keys.new/serverkey.pem
HOST ldapserver.example.com
base o=example,c=com
PORT 636
########################################################################
Thanks,
Prakash