[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
log entries: LDAP search failed. Timed out. LDAP exception catched. Decision: 9
For some reason, an application I'm working on can't seem to bind with
LDAP. I have OpenLDAP 2.3.7 with BDB 4.3.28 & OpenSSL-0.9.7e going on
RH9. When starting slapd in debug here are some results from an
"ldapsearch -x -b 'dc=nuro,dc=raeinternet,dc=com' '(objectclass=*)' "
# Rob, nuro.raeinternet.com
dn: cn=Rob,dc=nuro,dc=raeinternet,dc=com
cn:: Um9iIA==
objectClass: person
objectClass: raeMpp
mail:: cmt1ZHliYUByYWVpbnRlcm5ldC5jb20g
raeMppGroupnameSender:: Z3JvdXAxIA==
raeMppGroupnameRecipient:: Z3JvdXAyIA==
sn: User3 Rob Kudyba
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=8
connection_read(13): checking for input on id=8
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x081ee420 ptr=0x081ee420 end=0x081ee425 len=5
0000: 02 01 03 42 00 ...B.
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
do_unbind
conn=8 op=2 UNBIND
connection_closing: readying conn=8 sd=13 for close
connection_resched: attempting closing conn=8 sd=13
connection_close: conn=8 sd=13
daemon: removing 13
conn=8 fd=13 closed
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
---------
Snip from our app's log file:
[10:47:13] 8 [0b30] [LDAP.query] LDAP server name for query:127.0.0.1
[10:47:13] 8 [0b30] [LDAP.query] The number of entries returned was 0
[10:47:13] 8 [0b30] [LDAP.query] LDAP server name for query:127.0.0.1
[10:47:13] 2 [0b30] [GroupParseJob] LDAP search failed. Timed out.
[10:47:13] 8 [0b30] [GroupParseJob] LDAP exception catched. Decision: 9
-----------------
initial.ldif:
dn: dc=nuro,dc=raeinternet,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: RAEInternet
dc: nuro
dn: cn=Manager,dc=nuro,dc=raeinternet,dc=com
objectClass: organizationalRole
cn: Manager
----------------
user.ldif:
dn: cn=Rob, dc=nuro,dc=raeinternet, dc=com
cn: Rob
objectClass: person
objectClass: raeMpp
mail: rkudyba@raeinternet.com
raeMppGroupnameSender: group1
raeMppGroupnameRecipient: group2
sn: User3 Rob Kudyba
---------------
slapd.conf entries:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/rae-mpp.schema
database bdb
suffix "dc=nuro,dc=raeinternet,dc=com"
rootdn "cn=Manager,dc=nuro,dc=raeinternet,dc=com"
rootpw ****
index objectClass eq
directory /var/lib/openldap-data
------------------
ls -l /var/lib/openldap-data
total 180
-rw-r--r-- 1 ldap ldap 2048 Sep 14 10:44 alock
-rw------- 1 ldap ldap 24576 Sep 14 10:44 __db.001
-rw------- 1 ldap ldap 278528 Sep 14 10:44 __db.002
-rw------- 1 ldap ldap 98304 Sep 14 10:44 __db.003
-rw------- 1 ldap ldap 450560 Sep 14 10:44 __db.004
-rw------- 1 ldap ldap 24576 Sep 14 10:44 __db.005
-rw------- 1 ldap ldap 8192 Sep 14 10:44 dn2id.bdb
-rw------- 1 ldap ldap 32768 Sep 14 10:44 id2entry.bdb
-rw------- 1 ldap ldap 10485760 Sep 14 10:46 log.0000000001
-rw------- 1 ldap ldap 8192 Sep 14 10:45 objectClass.bdb
--------------------
ps -auwx | grep slapd
ldap 32108 0.0 0.7 38756 4040 pts/3 S 10:44 0:00 /usr/sbin/slapd -u ldap
-f /etc/openldap/slapd.conf -d -1
--------------------
On that note, how do you read the log.0000000001 file?
--------------------
Our custom schema:
# raeMpp object class
#
# Depends upon
# RFC 1274 (uid/dc)
# (core.schema)
attributetype ( 1.3.6.1.4.1.21157.2.1.1
NAME 'raeMppGroupnameRecipient'
DESC 'Group name for e-mail`s that contains current e-mail in
Recipients field (used by RAE-INTERNET MPP)'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.21157.2.1.2
NAME 'raeMppGroupnameSender'
DESC 'Group name for e-mail`s that contains current e-mail in
Sender field (used by RAE-INTERNET MPP)'
SUP raeMppGroupnameRecipient )
# raeMpp
# The raeMpp represents group names and e-mail address which are
associated with a
# person in some way.
objectclass ( 1.3.6.1.4.1.21157.2.2.1
NAME 'raeMpp'
DESC 'Object class for group names for RAE-INTERNET MPP'
AUXILIARY
MAY (
raeMppGroupnameRecipient $ raeMppGroupnameSender $ mail )
)
_____________
Oh & here's a partial debug to STD ERR:
-------------------
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x081eb8f8 ptr=0x081eb8fb end=0x081eb94e len=83
0000: 63 51 04 1d 64 63 3d 6e 75 72 6f 2c 64 63 3d 72
cQ..dc=nuro,dc=r
0010: 61 65 69 6e 74 65 72 6e 65 74 2c 64 63 3d 63 6f
aeinternet,dc=co
0020: 6d 0a 01 02 0a 01 00 02 01 00 02 01 00 01 01 00
m...............
0030: a3 1f 04 04 6d 61 69 6c 04 17 72 6b 75 64 79 62
....mail..rkudyb
0040: 61 40 72 61 65 69 6e 74 65 72 6e 65 74 2e 63 6f
a@raeinternet.co
0050: 6d 30 00
m0.
>>> dnPrettyNormal: <dc=nuro,dc=raeinternet,dc=com>
=> ldap_bv2dn(dc=nuro,dc=raeinternet,dc=com,0)
ldap_err2string
<= ldap_bv2dn(dc=nuro,dc=raeinternet,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(dc=nuro,dc=raeinternet,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(dc=nuro,dc=raeinternet,dc=com)=0 Success
<<< dnPrettyNormal: <dc=nuro,dc=raeinternet,dc=com>,
<dc=nuro,dc=raeinternet,dc=com>
SRCH "dc=nuro,dc=raeinternet,dc=com" 2 0 0 0 0
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x081eb8f8 ptr=0x081eb92b end=0x081eb94e len=35
0000: a3 1f 04 04 6d 61 69 6c 04 17 72 6b 75 64 79 62
....mail..rkudyb
0010: 61 40 72 61 65 69 6e 74 65 72 6e 65 74 2e 63 6f
a@raeinternet.co
0020: 6d 30 00
m0.
end get_filter 0
filter: (mail=rkudyba@raeinternet.com)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x081eb8f8 ptr=0x081eb94c end=0x081eb94e len=2
0000: 00 00
..
attrs:
=> bdb_search
bdb_dn2entry("dc=nuro,dc=raeinternet,dc=com")
search_candidates: base="dc=nuro,dc=raeinternet,dc=com" (0x00000001) scope=2
=> bdb_dn2idl("dc=nuro,dc=raeinternet,dc=com")
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
OR
=> bdb_list_candidates 0xa1
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [b49d1940]
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (mail)
<= bdb_equality_candidates: (mail) index_param failed (18)
<= bdb_filter_candidates: id=-1 first=1 last=3
<= bdb_list_candidates: id=-1 first=1 last=3
<= bdb_filter_candidates: id=-1 first=1 last=3
<= bdb_list_candidates: id=-1 first=1 last=3
<= bdb_filter_candidates: id=-1 first=1 last=3
bdb_search_candidates: id=-1 first=1 last=3
=> test_filter
EQUALITY
=> access_allowed: search access to "dc=nuro,dc=raeinternet,dc=com"
"mail" requested
<= root access granted
<= test_filter 5
bdb_search: 1 does not match filter
=> test_filter
EQUALITY
=> access_allowed: search access to
"cn=Manager,dc=nuro,dc=raeinternet,dc=com" "mail" requested
<= root access granted
<= test_filter 5
bdb_search: 2 does not match filter
=> test_filter
EQUALITY
=> access_allowed: search access to
"cn=Rob,dc=nuro,dc=raeinternet,dc=com" "mail" requested
<= root access granted
<= test_filter 6
=> send_search_entry: conn 3 dn="cn=Rob,dc=nuro,dc=raeinternet,dc=com"
=> access_allowed: read access to "cn=Rob,dc=nuro,dc=raeinternet,dc=com"
"entry" requested
<= root access granted
=> access_allowed: read access to "cn=Rob,dc=nuro,dc=raeinternet,dc=com"
"cn" requested
<= root access granted
=> access_allowed: read access to "cn=Rob,dc=nuro,dc=raeinternet,dc=com"
"objectClass" requested
<= root access granted
=> access_allowed: read access to "cn=Rob,dc=nuro,dc=raeinternet,dc=com"
"mail" requested
<= root access granted
=> access_allowed: read access to "cn=Rob,dc=nuro,dc=raeinternet,dc=com"
"raeMppGroupnameSender" requested
<= root access granted
=> access_allowed: read access to "cn=Rob,dc=nuro,dc=raeinternet,dc=com"
"raeMppGroupnameRecipient" requested
<= root access granted
=> access_allowed: read access to "cn=Rob,dc=nuro,dc=raeinternet,dc=com"
"sn" requested
<= root access granted
ber_flush: 234 bytes to sd 13
0000: 30 81 e7 02 01 02 64 81 e1 04 24 63 6e 3d 52 6f
0.....d...$cn=Ro
0010: 62 2c 64 63 3d 6e 75 72 6f 2c 64 63 3d 72 61 65
b,dc=nuro,dc=rae
0020: 69 6e 74 65 72 6e 65 74 2c 64 63 3d 63 6f 6d 30
internet,dc=com0
0030: 81 b8 30 0c 04 02 63 6e 31 06 04 04 52 6f 62 20
..0...cn1...Rob
0040: 30 1f 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 31
0...objectClass1
0050: 10 04 06 70 65 72 73 6f 6e 04 06 72 61 65 4d 70
...person..raeMp
0060: 70 30 22 04 04 6d 61 69 6c 31 1a 04 18 72 6b 75
p0"..mail1...rku
0070: 64 79 62 61 40 72 61 65 69 6e 74 65 72 6e 65 74
dyba@raeinternet
0080: 2e 63 6f 6d 20 30 22 04 15 72 61 65 4d 70 70 47 .com
0"..raeMppG
0090: 72 6f 75 70 6e 61 6d 65 53 65 6e 64 65 72 31 09
roupnameSender1.
00a0: 04 07 67 72 6f 75 70 31 20 30 25 04 18 72 61 65 ..group1
0%..rae
00b0: 4d 70 70 47 72 6f 75 70 6e 61 6d 65 52 65 63 69
MppGroupnameReci
00c0: 70 69 65 6e 74 31 09 04 07 67 72 6f 75 70 32 20
pient1...group2
00d0: 30 18 04 02 73 6e 31 12 04 10 55 73 65 72 33 20
0...sn1...User3
00e0: 52 6f 62 20 4b 75 64 79 62 61 Rob
Kudyba
ldap_write: want=234, written=234
0000: 30 81 e7 02 01 02 64 81 e1 04 24 63 6e 3d 52 6f
0.....d...$cn=Ro
0010: 62 2c 64 63 3d 6e 75 72 6f 2c 64 63 3d 72 61 65
b,dc=nuro,dc=rae
0020: 69 6e 74 65 72 6e 65 74 2c 64 63 3d 63 6f 6d 30
internet,dc=com0
0030: 81 b8 30 0c 04 02 63 6e 31 06 04 04 52 6f 62 20
..0...cn1...Rob
0040: 30 1f 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 31
0...objectClass1
0050: 10 04 06 70 65 72 73 6f 6e 04 06 72 61 65 4d 70
...person..raeMp
0060: 70 30 22 04 04 6d 61 69 6c 31 1a 04 18 72 6b 75
p0"..mail1...rku
0070: 64 79 62 61 40 72 61 65 69 6e 74 65 72 6e 65 74
dyba@raeinternet
0080: 2e 63 6f 6d 20 30 22 04 15 72 61 65 4d 70 70 47 .com
0"..raeMppG
0090: 72 6f 75 70 6e 61 6d 65 53 65 6e 64 65 72 31 09
roupnameSender1.
00a0: 04 07 67 72 6f 75 70 31 20 30 25 04 18 72 61 65 ..group1
0%..rae
00b0: 4d 70 70 47 72 6f 75 70 6e 61 6d 65 52 65 63 69
MppGroupnameReci
00c0: 70 69 65 6e 74 31 09 04 07 67 72 6f 75 70 32 20
pient1...group2
00d0: 30 18 04 02 73 6e 31 12 04 10 55 73 65 72 33 20
0...sn1...User3
00e0: 52 6f 62 20 4b 75 64 79 62 61 Rob
Kudyba
<= send_search_entry: conn 3 exit.
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=3
connection_read(13): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
0000: 30 06 02 01 03 50 01 02
0....P..
ber_get_next: tag 0x30 len 6 contents:
ber_dump: buf=0x081ee688 ptr=0x081ee688 end=0x081ee68e len=6
0000: 02 01 03 50 01 02
...P..
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
do_abandon
ber_scanf fmt (i) ber:
ber_dump: buf=0x081ee688 ptr=0x081ee68b end=0x081ee68e len=3
0000: 50 01 02
P..
do_abandon: id=2
do_abandon: op=2 found
send_ldap_result: conn=3 op=1 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 13
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00
0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00
0....e........