Hi all, I am using OpenLDAP with MySQL backend for testing purpose, a future project of linux authentication via LDAP but with MySQL backend. For this I am using 2 virtual machines with the following configurations: Centos 5.6 x86_64 Iptables is off Memory: 1 GB of RAM Packages installed on server: openldap.x86_64 , openldap-servers-sql.x86_64 , openldap-servers.x86_64 , openldap-clients.x86_64 (all are version 2.3.43) , openldap24-libs.x86_64 (version 2.4.23) , mysql-connector-odbc.x86_64 (version 3.51.26r1127 ) Packages installed on client: openldap-clients.x86_64 (version 2.3.43) On the server I have created a user ldap, group ldap and granted him FULL access on ldap_test database After that I imported from /usr/share/doc/openldap-servers-sql-2.3.43/rdbms_depend/mysql/ the files: backsql_create.sql , testdb_create.sql , testdb_data.sql , testdb_metadata.sql into the database ldap_test When I try to ldap search from the CLIENT computer with ldapsearch –x it should show me all the contents in the database tried also with ldapsearch –x –D “cn=admin,dc=example,dc=com” –W still no result In a manual check the data is in the MySQL database, in all tables Can someone provide me some info/ideeas on how to configure it to work? Thank you in advance. Below are all my config files and the output from slapd ############ /etc/odbc.ini ############ ; ; odbc.ini configuration for Connector/ODBC and Connector/ODBC 3.51 drivers ; [ODBC Data Sources] mysql = MySQL 3.51 [mysql] driver = mysql server = localhost port = 3306 database = ldap_test user = ldap password = ldappass socket = /var/lib/mysql/mysql.sock [default] driver = MySQL server = localhost port = 3306 database = ldap_test user = ldap password = ldappass socket = /var/lib/mysql/mysql.sock ########## /etc/odbcinst.ini ########## mysql] driver = /usr/lib64/libmyodbc3.so usagecount = 1 ############ /etc/openldap/slapd.conf ############ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org # Level of LOG loglevel -1 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args # Load dynamic backend modules: #modulepath /usr/lib64/openldap/ # Modules available in openldap-servers-overlays RPM package # Module syncprov.la is now statically linked with slapd and there # is no need to load it here # moduleload accesslog.la # moduleload auditlog.la # moduleload denyop.la # moduleload dyngroup.la # moduleload dynlist.la # moduleload lastmod.la # moduleload pcache.la # moduleload ppolicy.la # moduleload refint.la # moduleload retcode.la # moduleload rwm.la # moduleload smbk5pwd.la # moduleload translucent.la # moduleload unique.la # moduleload valsort.la # modules available in openldap-servers-sql RPM package: moduleload /usr/lib64/openldap/back_sql.la # The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read access to * by self write by users read by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # SQL database definitions ####################################################################### database sql suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw {SHA}28Jb9vUzoK2ufUP85ZVsNUV9kJ4= dbname ldap_test dbuser ldap dbpasswd ldappass at_query "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return FROM `ldap_test`.`ldap_attr_mappings` WHERE oc_map_id=?" oc_query "SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM `ldap_test`.`ldap_oc_mappings`" insentry_query "INSERT INTO `ldap_test`.`ldap_entries` (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from `ldap_test`.`ldap_entries`),?,?,?,?)" id_query "SELECT id,keyval,oc_map_id,dn FROM `ldap_test`.`ldap_entries` WHERE dn=?" ######### /etc/openldap/ldap.conf ######### # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://192.168.200.128/ BASE dc=example,dc=com TLS_CACERTDIR /etc/openldap/cacerts Slapd –d -1 output when in do a ldapsearch -x -D "cn=admin,dc=example,dc=com" -W ##### daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7): daemon: epoll: listen=7 busy >>> slap_listener(ldap:///) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: listen=7, new connection on 8 daemon: added 8r (active) listener=(nil) conn=0 fd=8 ACCEPT from IP=192.168.200.131:50069 (IP=0.0.0.0:389) daemon: activity on 2 descriptors daemon: activity on: 8r daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 8r daemon: read active on 8 daemon: epoll: listen=7 active_threads=0 tvp=NULL connection_get(8) connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 2e 02 01 01 60 29 02 0....`). ldap_read: want=40, got=40 0000: 01 03 04 1a 63 6e 3d 61 64 6d 69 6e 2c 64 63 3d ....cn=admin,dc= 0010: 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 80 08 example,dc=com.. 0020: 61 6c 66 61 62 65 74 61 alfabeta ber_get_next: tag 0x30 len 46 contents: ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb0 end=0x2b23ef734cde len=46 0000: 02 01 01 60 29 02 01 03 04 1a 63 6e 3d 61 64 6d ...`).....cn=adm 0010: 69 6e 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 in,dc=example,dc 0020: 3d 63 6f 6d 80 08 61 6c 66 61 62 65 74 61 =com..alfabeta ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb3 end=0x2b23ef734cde len=43 0000: 60 29 02 01 03 04 1a 63 6e 3d 61 64 6d 69 6e 2c `).....cn=admin, 0010: 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f dc=example,dc=co 0020: 6d 80 08 61 6c 66 61 62 65 74 61 m..alfabeta ber_scanf fmt (m}) ber: ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cd4 end=0x2b23ef734cde len=10 0000: 00 08 61 6c 66 61 62 65 74 61 ..alfabeta >>> dnPrettyNormal: <cn=admin,dc=example,dc=com> => ldap_bv2dn(cn=admin,dc=example,dc=com,0) <= ldap_bv2dn(cn=admin,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,dc=example,dc=com)=0 <<< dnPrettyNormal: <cn=admin,dc=example,dc=com>, <cn=admin,dc=example,dc=com> do_bind: version=3 dn="cn=admin,dc=example,dc=com" method=128 daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128 ==>backsql_bind() <==backsql_bind() root bind conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=admin,dc=example,dc=com" to "cn=admin,dc=example,dc=com" send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush: 14 bytes to sd 8 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ conn=0 op=0 RESULT tag=97 err=0 text= daemon: activity on 1 descriptor daemon: activity on: 8r daemon: read active on 8 daemon: epoll: listen=7 active_threads=0 tvp=NULL connection_get(8) connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 36 02 01 02 63 31 04 06...c1. ldap_read: want=48, got=48 0000: 11 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 .dc=example,dc=c 0010: 6f 6d 0a 01 02 0a 01 00 02 01 00 02 01 00 01 01 om.............. 0020: 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 00 ...objectclass0. ber_get_next: tag 0x30 len 54 contents: ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb0 end=0x2b23ef734ce6 len=54 0000: 02 01 02 63 31 04 11 64 63 3d 65 78 61 6d 70 6c ...c1..dc=exampl 0010: 65 2c 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 e,dc=com........ 0020: 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 .........objectc 0030: 6c 61 73 73 30 00 lass0. ber_get_next ldap_read: want=8 error=Resource temporarily unavailable do_search daemon: activity on 1 descriptor ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cb3 end=0x2b23ef734ce6 len=51 0000: 63 31 04 11 64 63 3d 65 78 61 6d 70 6c 65 2c 64 c1..dc=example,d 0010: 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02 01 c=com........... 0020: 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 ......objectclas 0030: 73 30 00 s0. >>> dnPrettyNormal: <dc=example,dc=com> => ldap_bv2dn(dc=example,dc=com,0) <= ldap_bv2dn(dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=example,dc=com)=0 <<< dnPrettyNormal: <dc=example,dc=com>, <dc=example,dc=com> daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL SRCH "dc=example,dc=com" 2 0 0 0 0 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734cd7 end=0x2b23ef734ce6 len=15 0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 00 ..objectclass0. end get_filter 0 filter: (objectClass=*) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x2b23ef734cb0 ptr=0x2b23ef734ce4 end=0x2b23ef734ce6 len=2 0000: 00 00 .. attrs: conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)" ==>backsql_search(): base="dc=example,dc=com", filter="(objectClass=*)", scope=2, deref=0, attrsonly=0, attributes to load: all ==>backsql_get_db_conn() ==>backsql_open_db_conn(0) <==backsql_open_db_conn(0) backsql_open_db_conn(0): connected, adding to tree. <==backsql_get_db_conn() ==>backsql_dn2id("dc=example,dc=com") matched expected backsql_dn2id("dc=example,dc=com"): id_query "SELECT id,keyval,oc_map_id,dn FROM `ldap_test`.`ldap_entries` WHERE dn=?" backsql_dn2id("dc=example,dc=com"): upperdn="MOC=CD,ELPMAXE=CD" <==backsql_dn2id("dc=example,dc=com"): err=32 send_ldap_result: conn=0 op=1 p=3 send_ldap_result: err=32 matched="" text="" send_ldap_response: msgid=2 tag=101 err=32 ber_flush: 14 bytes to sd 8 0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... .... ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... .... conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= daemon: activity on 1 descriptor <==backsql_search() daemon: activity on: 8r daemon: read active on 8 daemon: epoll: listen=7 active_threads=0 tvp=NULL connection_get(8) connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x2b23ef5e0ba0 ptr=0x2b23ef5e0ba0 end=0x2b23ef5e0ba5 len=5 0000: 02 01 03 42 00 ...B. ber_get_next ldap_read: want=8, got=0 ber_get_next on fd 8 failed errno=0 (Success) connection_read(8): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=8 for close daemon: activity on 1 descriptor connection_close: deferring conn=0 sd=8 daemon: activity on: do_unbind daemon: epoll: listen=7 active_threads=0 tvp=NULL conn=0 op=2 UNBIND connection_resched: attempting closing conn=0 sd=8 connection_close: conn=0 sd=8 ==>backsql_connection_destroy() ==>backsql_free_db_conn() backsql_free_db_conn(): closing db connection 0 (0x2b23ef754530) ==>backsql_close_db_conn(0) <==backsql_close_db_conn(0) <==backsql_free_db_conn() <==backsql_connection_destroy() daemon: removing 8 conn=0 fd=8 closed |