[Date Prev][Date Next] [Chronological] [Thread] [Top]

Getting more info from ldap_auth in case of a quiet failure?




Hi everyone,
I am definitely new to the list, openLDAP, Ldap in general, nssswitch, shadow, samba etc, but heck, we all have to start somewhere.
Not really -that- new to application code, but yeah, I'm kinda young and working at an amateur/unemployed small business level, so by default yeah .. technical noob alert...

I am having problems finding out why domain login is failing:

Up until now I have had pretty good luck being able to figure out how to, for example,
Get Ldap and nsswitch running well enough that ldap authenticates my ssh sessions against shadow..
Get a valid sambaSID or objectClass: sambaSamAccount into an ldif without relying on the smbldap_tools library, or writing new acls to put the samba domain admin in a different ou=. (This is why I am trying to work around smbldap_tools, of course I could probably change the UID) I have been through slapd.conf loglevel -1 all day long watching it request attributes that weren't in the ldif, I cannot see yet where in smbldap_tools it decides it needs root's uid, but it goes ahead and uses it to write updates even though there is another user with write access to the right attributes)
Â
I can join windows machines to the samba workgroup MYDOMAIN, and be given an opportunity to login to the samba server, so despite the weird unupported things I do, perhaps senselessly, I -think- I have the premise correct..

So I think this is failing on a bdb_index_read: failed (-30988) report.

If anyone is still with me, thanks a ton.

Before I go nuts enough to post the parts of slapd logging output I am pretty sure are okay, this is what the probable problems are:
It just seems that uid=testuser and objectClass=sambaSamAccount should match this con=1011 string and the next time it fails it should be for the next problem Ill have, and not this one.

May 14 00:13:34 localhost slapd[30055] => conn=1011 op=3 SRCH base="dc=MYDOMAIN,dc=com" scope=2 deref=0 filter="(&(uid=testuser)(objectClass=sambaSamAccount))"
.
.
.
May 13 00:13:34 localhost slapd[30055]: => slap_access_allowed: search access granted by read(=rscxd)
May 13 00:13:34 localhost slapd[30055]: => access_allowed: search access granted by read(=rscxd)
May 13 00:13:34 localhost slapd[30055]: search_candidates: base="dc=MYDOMAIN.dc=com" (0x00000001) scope=2
.
.
.
May 13 00:13:34 localhost slapd[30055]: <= bdb_index_read: failed (-30988)

and of course, the ldif I think it should be matching:

dn: cn=testuser,ou=People,dc=MYDOMAIN,dc=com
changetype: add
objectClass: inetOrgPerson
sn: testuser
uid: testuser
sambaSID: S-1-5-21-28598429-1396753209-3957328313-513
objectClass: sambaSamAccount
sambaDomainName: MYDOMAIN



Again, thanks. I look forward to seeing the list traffic every day, and yet more slapd -1 logs
--
ââââ@âââââ-âââââ:/ââââ/âââ#