[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP issue - Puzzling



Hello list,
	I have an encryption system that is doing LDAP queries for user
authentication.  On my test systems everything went perfect.  

Here is a snippet from the log on the successful server with
loglevel=256:

Jan 26 00:44:03 openldap slapd[29775]: conn=6 fd=10 ACCEPT from
IP=172.16.1.50:35266 (IP=0.0.0.0:389) 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" method=128 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=0 RESULT tag=97 err=0
text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)" 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=1 SRCH
attr=namingContexts 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=2 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0
filter="(|(uid=msuttle)(?=undefined))" 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=2 SRCH attr=uid
sAMAccountName 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=3 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0
filter="(|(uid=msuttle)(?=undefined))" 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=3 SRCH attr=dn 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=6 fd=10 closed 
Jan 26 00:44:03 openldap slapd[29775]: conn=7 fd=13 ACCEPT from
IP=172.16.1.50:35267 (IP=0.0.0.0:389) 
Jan 26 00:44:03 openldap slapd[29775]: conn=7 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" method=128 
Jan 26 00:44:03 openldap slapd[29775]: conn=7 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0 
Jan 26 00:44:03 openldap slapd[29775]: conn=7 op=0 RESULT tag=97 err=0
text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=7 fd=13 closed 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 fd=10 ACCEPT from
IP=172.16.1.50:35268 (IP=0.0.0.0:389) 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" method=128 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=0 RESULT tag=97 err=0
text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=1 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)" 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=1 SRCH attr=mail 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=2 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)" 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=2 SRCH attr=cn 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=3 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)" 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=3 SRCH attr=uid
sAMAccountName 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=4 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)" 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=5 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)" 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=5 SRCH
attr=userCertificate;binary 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 op=5 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:03 openldap slapd[29775]: conn=8 fd=10 closed 
Jan 26 00:44:04 openldap slapd[29775]: conn=9 fd=10 ACCEPT from
IP=172.16.1.50:35270 (IP=0.0.0.0:389) 
Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" method=128 
Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=0 BIND
dn="cn=msuttle,dc=anidirect,dc=com" mech=SIMPLE ssf=0 
Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=0 RESULT tag=97 err=0
text= 
Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=1 SRCH
base="dc=anidirect,dc=com" scope=2 deref=0 filter="(uid=msuttle)" 
Jan 26 00:44:04 openldap slapd[29775]: conn=9 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 26 00:44:04 openldap slapd[29775]: conn=9 fd=10 closed


Here is a snippet from the log on the unsuccessful server with
loglevel=256:


Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 fd=12 ACCEPT from
IP=10.10.10.4:33561 (IP=0.0.0.0:389) 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=0 BIND
dn="cn=msuttle,dc=anisecured,dc=com" method=128 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=0 BIND
dn="cn=msuttle,dc=anisecured,dc=com" mech=SIMPLE ssf=0 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=0 RESULT tag=97 err=0
text= 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)" 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=1 SRCH attr=namingContexts

Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=2 SRCH
base="dc=anisecured,dc=com" scope=2 deref=0
filter="(|(uid=lcompton)(?=undefined))" 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=2 SRCH attr=uid
sAMAccountName 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=3 SRCH
base="dc=anisecured,dc=com" scope=2 deref=0
filter="(|(uid=lcompton)(?=undefined))" 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=3 SRCH attr=dn 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=54 fd=12 closed 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 fd=12 ACCEPT from
IP=10.10.10.4:33562 (IP=0.0.0.0:389) 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 op=0 BIND
dn="cn=lcompton,dc=anisecured,dc=com" method=128 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 op=0 BIND
dn="cn=lcompton,dc=anisecured,dc=com" mech=SIMPLE ssf=0 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 op=0 RESULT tag=97 err=0
text= 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=55 fd=12 closed 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 fd=21 ACCEPT from
IP=10.10.10.4:33563 (IP=0.0.0.0:389) 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=0 BIND
dn="cn=msuttle,dc=anisecured,dc=com" method=128 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=0 BIND
dn="cn=msuttle,dc=anisecured,dc=com" mech=SIMPLE ssf=0 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=0 RESULT tag=97 err=0
text= 
Jan 25 16:33:21 ldap1 slapd[5311]: connection_input: conn=56 deferring
operation: binding 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=1 SRCH
base="dc=anisecured,dc=com" scope=2 deref=0 filter="(uid=lcompton)" 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=1 SRCH attr=mail 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jan 25 16:33:21 ldap1 slapd[5311]: conn=56 fd=21 closed


Both systems are running CentOS 4.2 and the same version of OpenLDAP
from the cd's and updated with yum.  The new system has the default tls
certs in use.  I also have a third centos system I can test from.  I
really need help on this one as I am facing a deadline to get the
encryption system up and running.  

Any help is appreciated,

Marc