[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Back-ldap and Nssov
- To: openldap-technical@openldap.org
- Subject: Back-ldap and Nssov
- From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
- Date: Wed, 4 Aug 2010 17:36:45 +0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=s76blkmdUPnCuQh5qsL6ozFKR82qCvCjEnpLoJ91cTk=; b=aSKE4HL13ixxTthSJPT4g1VZbSOYneMzEdRAAhF/meKQkPrVSmy/HUytyULHbVuzqu j471zBJmAmNsuEwEsCsL18BbSEuVqloIndnqqXpJHeFeH4T7cZIQJI9KtUUTkVu7dvsW V2kuSA6neuawX3HejkaHGc6DwSc6DGoiZo/ls=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=bZjA70KDS1gAET4tGKiZwaAEGfgpGX99Hrg3LD1kBSVNMh7FiiFNaLV/P0b7yJtRo6 KTLqINGQhRsMKcv1i56Lojdikw9amyapIa89zux2nRbDIm1N05rSOCMd5wT0nApSTHCh YbuBMFiFOIK3en/WRsV9I49g/ZNAiQnv0FA0o=
Hi all,
I am using Openldap 2.4.23 (on Ubuntu Hardy 8.04) to test nssov.
Everything is working perfectly on the primary server, with user,
group and host information being pulled from Openldap via nssov.
Testing of authorized service / pam integration via slapd acls is also
working correctly.
On another Ubuntu Hardy system I setup back-ldap and nssov, and though
it works perfectly (including logins/acls, etc), there appears to be
some issue when running:
getent group
I simply get one group returned (there are 4 on the primary server),
with the following recorded in the (back-ldap server) logs (debug set
to -1):
-- back-ldap log on `getent group` --
root@dev01:/opt/zivios/openldap/etc/openldap# getent group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:zwebuser
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
dhcp:x:102:
syslog:x:103:
klog:x:104:
scanner:x:105:
nvram:x:106:
ssh:x:107:
ntp:x:109:
ssl-cert:x:110:zwebuser,zopenldap
zwebgroup:x:950:
zopenldap:x:945:
mysql:x:108:
daemon: activity on 1 descriptor
daemon: activity on: 10r
daemon: read active on 10
connection_get(10)
connection_get(10): got connid=0
nssov: connection from uid=0 gid=0
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
nssov_group_all()
str2filter "(objectClass=posixGroup)"
put_filter: "(objectClass=posixGroup)"
put_filter: simple
put_simple_filter: "objectClass=posixGroup"
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0xb6db8010 ptr=0xb6db8010 end=0xb6db802b len=27
0000: a3 19 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 ....objectClass.
0010: 0a 70 6f 73 69 78 47 72 6f 75 70 .posixGroup
end get_filter 0
=>ldap_back_getconn: conn 0x8d3b058 fetched refcnt=1.
ldap_search_ext
put_filter: "(objectClass=posixGroup)"
put_filter: simple
put_simple_filter: "objectClass=posixGroup"
ldap_build_search_req ATTRS: cn userPassword gidNumber memberUid member
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x8d484a8 ptr=0x8d484a8 end=0x8d4851d len=117
0000: 30 73 02 01 04 63 6e 04 10 64 63 3d 7a 69 76 69 0s...cn..dc=zivi
0010: 6f 73 2c 64 63 3d 6e 65 74 0a 01 02 0a 01 00 02 os,dc=net.......
0020: 01 00 02 01 00 01 01 00 a3 19 04 0b 6f 62 6a 65 ............obje
0030: 63 74 43 6c 61 73 73 04 0a 70 6f 73 69 78 47 72 ctClass..posixGr
0040: 6f 75 70 30 30 04 02 63 6e 04 0c 75 73 65 72 50 oup00..cn..userP
0050: 61 73 73 77 6f 72 64 04 09 67 69 64 4e 75 6d 62 assword..gidNumb
0060: 65 72 04 09 6d 65 6d 62 65 72 55 69 64 04 06 6d er..memberUid..m
0070: 65 6d 62 65 72 ember
ber_scanf fmt ({) ber:
ber_dump: buf=0x8d484a8 ptr=0x8d484ad end=0x8d4851d len=112
0000: 63 6e 04 10 64 63 3d 7a 69 76 69 6f 73 2c 64 63 cn..dc=zivios,dc
0010: 3d 6e 65 74 0a 01 02 0a 01 00 02 01 00 02 01 00 =net............
0020: 01 01 00 a3 19 04 0b 6f 62 6a 65 63 74 43 6c 61 .......objectCla
0030: 73 73 04 0a 70 6f 73 69 78 47 72 6f 75 70 30 30 ss..posixGroup00
0040: 04 02 63 6e 04 0c 75 73 65 72 50 61 73 73 77 6f ..cn..userPasswo
0050: 72 64 04 09 67 69 64 4e 75 6d 62 65 72 04 09 6d rd..gidNumber..m
0060: 65 6d 62 65 72 55 69 64 04 06 6d 65 6d 62 65 72 emberUid..member
ber_flush2: 117 bytes to sd 12
0000: 30 73 02 01 04 63 6e 04 10 64 63 3d 7a 69 76 69 0s...cn..dc=zivi
0010: 6f 73 2c 64 63 3d 6e 65 74 0a 01 02 0a 01 00 02 os,dc=net.......
0020: 01 00 02 01 00 01 01 00 a3 19 04 0b 6f 62 6a 65 ............obje
0030: 63 74 43 6c 61 73 73 04 0a 70 6f 73 69 78 47 72 ctClass..posixGr
0040: 6f 75 70 30 30 04 02 63 6e 04 0c 75 73 65 72 50 oup00..cn..userP
0050: 61 73 73 77 6f 72 64 04 09 67 69 64 4e 75 6d 62 assword..gidNumb
0060: 65 72 04 09 6d 65 6d 62 65 72 55 69 64 04 06 6d er..memberUid..m
0070: 65 6d 62 65 72 ember
ldap_write: want=117, written=117
0000: 30 73 02 01 04 63 6e 04 10 64 63 3d 7a 69 76 69 0s...cn..dc=zivi
0010: 6f 73 2c 64 63 3d 6e 65 74 0a 01 02 0a 01 00 02 os,dc=net.......
0020: 01 00 02 01 00 01 01 00 a3 19 04 0b 6f 62 6a 65 ............obje
0030: 63 74 43 6c 61 73 73 04 0a 70 6f 73 69 78 47 72 ctClass..posixGr
0040: 6f 75 70 30 30 04 02 63 6e 04 0c 75 73 65 72 50 oup00..cn..userP
0050: 61 73 73 77 6f 72 64 04 09 67 69 64 4e 75 6d 62 assword..gidNumb
0060: 65 72 04 09 6d 65 6d 62 65 72 55 69 64 04 06 6d er..memberUid..m
0070: 65 6d 62 65 72 ember
ldap_result ld 0x8d48288 msgid 4
wait4msg ld 0x8d48288 msgid 4 (timeout 100000 usec)
wait4msg continue ld 0x8d48288 msgid 4 all 0
** ld 0x8d48288 Connections:
* host: dev02.zivios.net port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Aug 4 17:21:55 2010
** ld 0x8d48288 Outstanding Requests:
* msgid 4, origid 4, status InProgress
outstanding referrals 0, parent count 0
ld 0x8d48288 request count 1 (abandoned 0)
** ld 0x8d48288 Response Queue:
Empty
ld 0x8d48288 response count 0
ldap_chkResponseList ld 0x8d48288 msgid 4 all 0
ldap_chkResponseList returns ld 0x8d48288 NULL
ldap_int_select
read1msg: ld 0x8d48288 msgid 4 all 0
ber_get_next
ldap_read: want=8, got=8
0000: 30 82 01 26 02 01 04 64 0..&...d
ldap_read: want=290, got=290
0000: 82 01 1f 04 26 63 6e 3d 65 63 6c 73 74 61 66 66 ....&cn=eclstaff
0010: 2c 6f 75 3d 67 72 6f 75 70 73 2c 64 63 3d 7a 69 ,ou=groups,dc=zi
0020: 76 69 6f 73 2c 64 63 3d 6e 65 74 30 81 f4 30 13 vios,dc=net0..0.
0030: 04 09 67 69 64 4e 75 6d 62 65 72 31 06 04 04 33 ..gidNumber1...3
0040: 30 30 30 30 10 04 02 63 6e 31 0a 04 08 65 63 6c 0000...cn1...ecl
0050: 73 74 61 66 66 30 81 ca 04 06 6d 65 6d 62 65 72 staff0....member
0060: 31 81 bf 04 25 75 69 64 3d 6d 68 61 73 68 6d 69 1...%uid=mhashmi
0070: 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 ,ou=users,dc=ziv
0080: 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 69 64 3d ios,dc=net.#uid=
0090: 66 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 73 2c 64 fkhan,ou=users,d
00a0: 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 c=zivios,dc=net.
00b0: 25 75 69 64 3d 6a 61 62 62 61 73 69 2c 6f 75 3d %uid=jabbasi,ou=
00c0: 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c users,dc=zivios,
00d0: 64 63 3d 6e 65 74 04 25 75 69 64 3d 7a 73 68 61 dc=net.%uid=zsha
00e0: 69 6b 68 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d ikh,ou=users,dc=
00f0: 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 zivios,dc=net.#u
0100: 69 64 3d 61 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 id=akhan,ou=user
0110: 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e s,dc=zivios,dc=n
0120: 65 74 et
ber_get_next: tag 0x30 len 294 contents:
ber_dump: buf=0x8d496d0 ptr=0x8d496d0 end=0x8d497f6 len=294
0000: 02 01 04 64 82 01 1f 04 26 63 6e 3d 65 63 6c 73 ...d....&cn=ecls
0010: 74 61 66 66 2c 6f 75 3d 67 72 6f 75 70 73 2c 64 taff,ou=groups,d
0020: 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 30 c=zivios,dc=net0
0030: 81 f4 30 13 04 09 67 69 64 4e 75 6d 62 65 72 31 ..0...gidNumber1
0040: 06 04 04 33 30 30 30 30 10 04 02 63 6e 31 0a 04 ...30000...cn1..
0050: 08 65 63 6c 73 74 61 66 66 30 81 ca 04 06 6d 65 .eclstaff0....me
0060: 6d 62 65 72 31 81 bf 04 25 75 69 64 3d 6d 68 61 mber1...%uid=mha
0070: 73 68 6d 69 2c 6f 75 3d 75 73 65 72 73 2c 64 63 shmi,ou=users,dc
0080: 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 =zivios,dc=net.#
0090: 75 69 64 3d 66 6b 68 61 6e 2c 6f 75 3d 75 73 65 uid=fkhan,ou=use
00a0: 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d rs,dc=zivios,dc=
00b0: 6e 65 74 04 25 75 69 64 3d 6a 61 62 62 61 73 69 net.%uid=jabbasi
00c0: 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 ,ou=users,dc=ziv
00d0: 69 6f 73 2c 64 63 3d 6e 65 74 04 25 75 69 64 3d ios,dc=net.%uid=
00e0: 7a 73 68 61 69 6b 68 2c 6f 75 3d 75 73 65 72 73 zshaikh,ou=users
00f0: 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 ,dc=zivios,dc=ne
0100: 74 04 23 75 69 64 3d 61 6b 68 61 6e 2c 6f 75 3d t.#uid=akhan,ou=
0110: 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c users,dc=zivios,
0120: 64 63 3d 6e 65 74 dc=net
read1msg: ld 0x8d48288 msgid 4 message type search-entry
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d496d3 end=0x8d497f6 len=291
0000: 64 82 01 1f 04 26 63 6e 3d 65 63 6c 73 74 61 66 d....&cn=eclstaf
0010: 66 2c 6f 75 3d 67 72 6f 75 70 73 2c 64 63 3d 7a f,ou=groups,dc=z
0020: 69 76 69 6f 73 2c 64 63 3d 6e 65 74 30 81 f4 30 ivios,dc=net0..0
0030: 13 04 09 67 69 64 4e 75 6d 62 65 72 31 06 04 04 ...gidNumber1...
0040: 33 30 30 30 30 10 04 02 63 6e 31 0a 04 08 65 63 30000...cn1...ec
0050: 6c 73 74 61 66 66 30 81 ca 04 06 6d 65 6d 62 65 lstaff0....membe
0060: 72 31 81 bf 04 25 75 69 64 3d 6d 68 61 73 68 6d r1...%uid=mhashm
0070: 69 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 i,ou=users,dc=zi
0080: 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 69 64 vios,dc=net.#uid
0090: 3d 66 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 73 2c =fkhan,ou=users,
00a0: 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 dc=zivios,dc=net
00b0: 04 25 75 69 64 3d 6a 61 62 62 61 73 69 2c 6f 75 .%uid=jabbasi,ou
00c0: 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 =users,dc=zivios
00d0: 2c 64 63 3d 6e 65 74 04 25 75 69 64 3d 7a 73 68 ,dc=net.%uid=zsh
00e0: 61 69 6b 68 2c 6f 75 3d 75 73 65 72 73 2c 64 63 aikh,ou=users,dc
00f0: 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 =zivios,dc=net.#
0100: 75 69 64 3d 61 6b 68 61 6e 2c 6f 75 3d 75 73 65 uid=akhan,ou=use
0110: 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d rs,dc=zivios,dc=
0120: 6e 65 74 net
>>> dnPrettyNormal: <cn=eclstaff,ou=groups,dc=zivios,dc=net>
=> ldap_bv2dn(cn=eclstaff,ou=groups,dc=zivios,dc=net,0)
<= ldap_bv2dn(cn=eclstaff,ou=groups,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=eclstaff,ou=groups,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=eclstaff,ou=groups,dc=zivios,dc=net)=0
<<< dnPrettyNormal: <cn=eclstaff,ou=groups,dc=zivios,dc=net>,
<cn=eclstaff,ou=groups,dc=zivios,dc=net>
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49702 end=0x8d497f6 len=244
0000: 30 13 04 09 67 69 64 4e 75 6d 62 65 72 31 06 04 0...gidNumber1..
0010: 04 33 30 30 30 30 10 04 02 63 6e 31 0a 04 08 65 .30000...cn1...e
0020: 63 6c 73 74 61 66 66 30 81 ca 04 06 6d 65 6d 62 clstaff0....memb
0030: 65 72 31 81 bf 04 25 75 69 64 3d 6d 68 61 73 68 er1...%uid=mhash
0040: 6d 69 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a mi,ou=users,dc=z
0050: 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 69 ivios,dc=net.#ui
0060: 64 3d 66 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 73 d=fkhan,ou=users
0070: 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 ,dc=zivios,dc=ne
0080: 74 04 25 75 69 64 3d 6a 61 62 62 61 73 69 2c 6f t.%uid=jabbasi,o
0090: 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f u=users,dc=zivio
00a0: 73 2c 64 63 3d 6e 65 74 04 25 75 69 64 3d 7a 73 s,dc=net.%uid=zs
00b0: 68 61 69 6b 68 2c 6f 75 3d 75 73 65 72 73 2c 64 haikh,ou=users,d
00c0: 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 c=zivios,dc=net.
00d0: 23 75 69 64 3d 61 6b 68 61 6e 2c 6f 75 3d 75 73 #uid=akhan,ou=us
00e0: 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 ers,dc=zivios,dc
00f0: 3d 6e 65 74 =net
ber_scanf fmt ([W]) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d4970f end=0x8d497f6 len=231
0000: 00 06 04 04 33 30 30 30 30 10 04 02 63 6e 31 0a ....30000...cn1.
0010: 04 08 65 63 6c 73 74 61 66 66 30 81 ca 04 06 6d ..eclstaff0....m
0020: 65 6d 62 65 72 31 81 bf 04 25 75 69 64 3d 6d 68 ember1...%uid=mh
0030: 61 73 68 6d 69 2c 6f 75 3d 75 73 65 72 73 2c 64 ashmi,ou=users,d
0040: 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 c=zivios,dc=net.
0050: 23 75 69 64 3d 66 6b 68 61 6e 2c 6f 75 3d 75 73 #uid=fkhan,ou=us
0060: 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 ers,dc=zivios,dc
0070: 3d 6e 65 74 04 25 75 69 64 3d 6a 61 62 62 61 73 =net.%uid=jabbas
0080: 69 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 i,ou=users,dc=zi
0090: 76 69 6f 73 2c 64 63 3d 6e 65 74 04 25 75 69 64 vios,dc=net.%uid
00a0: 3d 7a 73 68 61 69 6b 68 2c 6f 75 3d 75 73 65 72 =zshaikh,ou=user
00b0: 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e s,dc=zivios,dc=n
00c0: 65 74 04 23 75 69 64 3d 61 6b 68 61 6e 2c 6f 75 et.#uid=akhan,ou
00d0: 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 =users,dc=zivios
00e0: 2c 64 63 3d 6e 65 74 ,dc=net
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49717 end=0x8d497f6 len=223
0000: 30 10 04 02 63 6e 31 0a 04 08 65 63 6c 73 74 61 0...cn1...eclsta
0010: 66 66 30 81 ca 04 06 6d 65 6d 62 65 72 31 81 bf ff0....member1..
0020: 04 25 75 69 64 3d 6d 68 61 73 68 6d 69 2c 6f 75 .%uid=mhashmi,ou
0030: 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 =users,dc=zivios
0040: 2c 64 63 3d 6e 65 74 04 23 75 69 64 3d 66 6b 68 ,dc=net.#uid=fkh
0050: 61 6e 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a an,ou=users,dc=z
0060: 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 25 75 69 ivios,dc=net.%ui
0070: 64 3d 6a 61 62 62 61 73 69 2c 6f 75 3d 75 73 65 d=jabbasi,ou=use
0080: 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d rs,dc=zivios,dc=
0090: 6e 65 74 04 25 75 69 64 3d 7a 73 68 61 69 6b 68 net.%uid=zshaikh
00a0: 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 ,ou=users,dc=ziv
00b0: 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 69 64 3d ios,dc=net.#uid=
00c0: 61 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 73 2c 64 akhan,ou=users,d
00d0: 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 c=zivios,dc=net
ber_scanf fmt ([W]) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d4971d end=0x8d497f6 len=217
0000: 00 0a 04 08 65 63 6c 73 74 61 66 66 30 81 ca 04 ....eclstaff0...
0010: 06 6d 65 6d 62 65 72 31 81 bf 04 25 75 69 64 3d .member1...%uid=
0020: 6d 68 61 73 68 6d 69 2c 6f 75 3d 75 73 65 72 73 mhashmi,ou=users
0030: 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 ,dc=zivios,dc=ne
0040: 74 04 23 75 69 64 3d 66 6b 68 61 6e 2c 6f 75 3d t.#uid=fkhan,ou=
0050: 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c users,dc=zivios,
0060: 64 63 3d 6e 65 74 04 25 75 69 64 3d 6a 61 62 62 dc=net.%uid=jabb
0070: 61 73 69 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d asi,ou=users,dc=
0080: 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 25 75 zivios,dc=net.%u
0090: 69 64 3d 7a 73 68 61 69 6b 68 2c 6f 75 3d 75 73 id=zshaikh,ou=us
00a0: 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 ers,dc=zivios,dc
00b0: 3d 6e 65 74 04 23 75 69 64 3d 61 6b 68 61 6e 2c =net.#uid=akhan,
00c0: 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 ou=users,dc=zivi
00d0: 6f 73 2c 64 63 3d 6e 65 74 os,dc=net
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49729 end=0x8d497f6 len=205
0000: 30 81 ca 04 06 6d 65 6d 62 65 72 31 81 bf 04 25 0....member1...%
0010: 75 69 64 3d 6d 68 61 73 68 6d 69 2c 6f 75 3d 75 uid=mhashmi,ou=u
0020: 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 sers,dc=zivios,d
0030: 63 3d 6e 65 74 04 23 75 69 64 3d 66 6b 68 61 6e c=net.#uid=fkhan
0040: 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 ,ou=users,dc=ziv
0050: 69 6f 73 2c 64 63 3d 6e 65 74 04 25 75 69 64 3d ios,dc=net.%uid=
0060: 6a 61 62 62 61 73 69 2c 6f 75 3d 75 73 65 72 73 jabbasi,ou=users
0070: 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 ,dc=zivios,dc=ne
0080: 74 04 25 75 69 64 3d 7a 73 68 61 69 6b 68 2c 6f t.%uid=zshaikh,o
0090: 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f u=users,dc=zivio
00a0: 73 2c 64 63 3d 6e 65 74 04 23 75 69 64 3d 61 6b s,dc=net.#uid=ak
00b0: 68 61 6e 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d han,ou=users,dc=
00c0: 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 zivios,dc=net
ber_scanf fmt ([W]) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49734 end=0x8d497f6 len=194
0000: 00 81 bf 04 25 75 69 64 3d 6d 68 61 73 68 6d 69 ....%uid=mhashmi
0010: 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 ,ou=users,dc=ziv
0020: 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 69 64 3d ios,dc=net.#uid=
0030: 66 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 73 2c 64 fkhan,ou=users,d
0040: 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 c=zivios,dc=net.
0050: 25 75 69 64 3d 6a 61 62 62 61 73 69 2c 6f 75 3d %uid=jabbasi,ou=
0060: 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c users,dc=zivios,
0070: 64 63 3d 6e 65 74 04 25 75 69 64 3d 7a 73 68 61 dc=net.%uid=zsha
0080: 69 6b 68 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d ikh,ou=users,dc=
0090: 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 zivios,dc=net.#u
00a0: 69 64 3d 61 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 id=akhan,ou=user
00b0: 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e s,dc=zivios,dc=n
00c0: 65 74 et
>>> dnPretty: <uid=mhashmi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=mhashmi,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=fkhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=fkhan,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=fkhan,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=jabbasi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=jabbasi,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=zshaikh,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=zshaikh,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=akhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=akhan,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=akhan,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=mhashmi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=mhashmi,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=fkhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=fkhan,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=fkhan,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=jabbasi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=jabbasi,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=zshaikh,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=zshaikh,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=akhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=akhan,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=akhan,ou=users,dc=zivios,dc=net>
ber_scanf fmt ({xx) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d496d3 end=0x8d497f6 len=291
0000: 64 82 01 1f 04 26 63 6e 3d 65 63 6c 73 74 61 66 d....&cn=eclstaf
0010: 66 2c 6f 75 3d 67 72 6f 75 70 73 2c 64 63 3d 7a f,ou=groups,dc=z
0020: 69 76 69 6f 73 2c 64 63 3d 6e 65 74 00 81 f4 30 ivios,dc=net...0
0030: 13 04 09 67 69 64 4e 75 6d 62 65 72 00 06 04 04 ...gidNumber....
0040: 33 30 30 30 30 10 04 02 63 6e 00 0a 04 08 65 63 30000...cn....ec
0050: 6c 73 74 61 66 66 30 81 ca 04 06 6d 65 6d 62 65 lstaff0....membe
0060: 72 00 81 bf 04 25 75 69 64 3d 6d 68 61 73 68 6d r....%uid=mhashm
0070: 69 2c 6f 75 3d 75 73 65 72 73 2c 64 63 3d 7a 69 i,ou=users,dc=zi
0080: 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 75 69 64 vios,dc=net.#uid
0090: 3d 66 6b 68 61 6e 2c 6f 75 3d 75 73 65 72 73 2c =fkhan,ou=users,
00a0: 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 dc=zivios,dc=net
00b0: 04 25 75 69 64 3d 6a 61 62 62 61 73 69 2c 6f 75 .%uid=jabbasi,ou
00c0: 3d 75 73 65 72 73 2c 64 63 3d 7a 69 76 69 6f 73 =users,dc=zivios
00d0: 2c 64 63 3d 6e 65 74 04 25 75 69 64 3d 7a 73 68 ,dc=net.%uid=zsh
00e0: 61 69 6b 68 2c 6f 75 3d 75 73 65 72 73 2c 64 63 aikh,ou=users,dc
00f0: 3d 7a 69 76 69 6f 73 2c 64 63 3d 6e 65 74 04 23 =zivios,dc=net.#
0100: 75 69 64 3d 61 6b 68 61 6e 2c 6f 75 3d 75 73 65 uid=akhan,ou=use
0110: 72 73 2c 64 63 3d 7a 69 76 69 6f 73 2c 64 63 3d rs,dc=zivios,dc=
0120: 6e 65 74 net
ldap_msgfree
ldap_abandon_ext 4
do_abandon origid 4, msgid 4
ldap_msgdelete ld=0x8d48288 msgid=4
ber_flush2: 8 bytes to sd 12
0000: 30 06 02 01 05 50 01 04 0....P..
ldap_write: want=8, written=8
0000: 30 06 02 01 05 50 01 04 0....P..
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_free_request (origid 4, msgid 4)
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=80 matched="" text=""
--
The output is simply:
eclstaff:*:3000:mhashmi,fkhan,jabbasi,zshaikh,akhan
On the primary server however, I see all 4 group entries are sent
during the request:
conn=1000 op=5 ENTRY dn="cn=eclstaff,ou=groups,dc=zivios,dc=net"
conn=1000 op=5 ENTRY dn="cn=sysadmin,ou=groups,dc=zivios,dc=net"
conn=1000 op=5 ENTRY dn="cn=mailadmin,ou=groups,dc=zivios,dc=net"
conn=1000 op=5 ENTRY dn="cn=finance,ou=groups,dc=zivios,dc=net"
On the back-ldap server, probing a single group works, albeit, with
the same err=80 being logged.
getent passwd & hosts works perfectly.
Please find below the relevant configuration sections of my primary
slapd.conf, the back-ldap slapd.conf as well as sample user and group
entries:
=== primary server slapd.conf ===
database hdb
#overlay smbk5pwd
overlay unique
overlay nssov
suffix "dc=zivios,dc=net"
rootdn "cn=admin,dc=zivios,dc=net"
rootpw foo
# nssov config
nssov-map group uniqueMember member
nssov-ssd passwd ldap:///dc=zivios,dc=net??sub
nssov-ssd group ldap:///dc=zivios,dc=net??sub
nssov-ssd hosts ldap:///dc=zivios,dc=net??sub
nssov-pam hostservice
nssov-pam-session sshd
nssov-pam-session login
=== Back-ldap slapd.conf ===
database ldap
suffix dc=zivios,dc=net
uri "ldap://dev02.zivios.net";
acl-bind bindmethod=simple binddn="" credentials=""
idassert-bind bindmethod=simple
binddn="cn=admin,dc=zivios,dc=net" // just for testing...
credentials="foo"
mode=none
flags=non-prescriptive
overlay nssov
nssov-map group uniqueMember member
nssov-ssd passwd ldap:///dc=zivios,dc=net??sub
nssov-ssd group ldap:///dc=zivios,dc=net??sub
nssov-ssd hosts ldap:///dc=zivios,dc=net??sub
nssov-pam hostservice
nssov-pam-session sshd
nssov-pam-session login
lastmod off
=== 2 sample groups ===
dn: cn=eclstaff,ou=groups,dc=zivios,dc=net
objectClass: groupOfNames
objectClass: posixGroup
gidNumber: 3000
description: Emergen Staff
cn: eclstaff
member: uid=mhashmi,ou=users,dc=zivios,dc=net
member: uid=fkhan,ou=users,dc=zivios,dc=net
member: uid=jabbasi,ou=users,dc=zivios,dc=net
member: uid=zshaikh,ou=users,dc=zivios,dc=net
member: uid=akhan,ou=users,dc=zivios,dc=net
dn: cn=sysadmin,ou=groups,dc=zivios,dc=net
objectClass: groupOfNames
objectClass: posixGroup
gidNumber: 3001
description: Administrator
cn: sysadmin
member: uid=mhashmi,ou=users,dc=zivios,dc=net
member: uid=fkhan,ou=users,dc=zivios,dc=net
=== 2 sample users ===
dn: uid=mhashmi,ou=users,dc=zivios,dc=net
cn: Mustafa Hashmi
gidnumber: 3000
givenname: Mustafa
homedirectory: /home/mhashmi
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: shadowAccount
ou: Users
sn: Hashmi
uid: mhashmi
uidnumber: 5050
userpassword: foo
dn: uid=fkhan,ou=users,dc=zivios,dc=net
cn: Faraz Khan
gidnumber: 3000
givenname: Faraz
homedirectory: /home/fkhan
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: shadowAccount
ou: Users
sn: Khan
uid: fkhan
uidnumber: 5051
userpassword: foo
===
Please note: running a ldapsearch on the back-ldap server for groups
works correctly and all entries are returned. I am at a bit of loss
here -- if anyone can tell me how to debug this further, it would be
greatly appreciated.
Many thanks,
Mustafa.