[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS/clear indication in logs?





--On Tuesday, September 27, 2005 4:30 PM -0500 Digant C Kasundra <digant@uta.edu> wrote:

My logs start with the connection being accepted:

conn=1454211 fd=29 ACCEPT from IP=129.107.38.190:49369 (IP=0.0.0.0:389)

This is followed by the bind message I included in the previous email.
What should my loglevel be to see the addition information you speak of?

On 2.2 with loglevel 256 (which I was using in my 2.3 tests), I see no information about TLS/SSL levels on port 389 or port 636.


636 shows:
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 848112 local4.debug] conn=37071 fd=120 ACCEPT from IP=171.64.19.55:33829 (IP=0.0.0.0:636)
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 347666 local4.debug] conn=37071 op=0 BIND dn="" method=128
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 217296 local4.debug] conn=37071 op=0 RESULT tag=97 err=0 text=
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 998954 local4.debug] conn=37071 op=1 SRCH base="dc=stanford,dc=edu" scope=2 deref=0 filter="(uid=quanah)"
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 706578 local4.debug] conn=37071 op=1 SRCH attr=uid
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 362707 local4.debug] conn=37071 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 338319 local4.debug] conn=37071 op=2 UNBIND
Sep 27 14:53:45 ldap9.Stanford.EDU slapd[26988]: [ID 952275 local4.debug] conn=37071 fd=120 closed




389 shows:
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 848112 local4.debug] conn=37167 fd=119 ACCEPT from IP=171.64.19.55:33833 (IP=0.0.0.0:389)
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 347666 local4.debug] conn=37167 op=1 BIND dn="" method=128
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 217296 local4.debug] conn=37167 op=1 RESULT tag=97 err=0 text=
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 998954 local4.debug] conn=37167 op=2 SRCH base="dc=stanford,dc=edu" scope=2 deref=0 filter="(uid=quanah)"
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 706578 local4.debug] conn=37167 op=2 SRCH attr=uid
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 362707 local4.debug] conn=37167 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 338319 local4.debug] conn=37167 op=3 UNBIND
Sep 27 14:54:55 ldap9.Stanford.EDU slapd[26988]: [ID 952275 local4.debug] conn=37167 fd=119 closed




So no TLS/SSL stuff in OpenLDAP 2.2 at loglevel 256... Which is somewhat unfortunate, I suppose. Perhaps you should upgrade to 2.3. ;) Although I'd wait until 2.3.8 comes out.


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin