[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Openldap Configuration issues
Please keep the discussion on-list so that others can find it
if they have similar problems.
On Tue, Aug 08, 2017 at 12:44:25PM +0200, R H wrote:
> Subject: Re: Openldap Configuration issues
> > No point in changing stuff without knowing what is going on.
> > Add this to your config and restart slapd:
> > loglevel stats,stats2
> after setting loglevel to stats, stats2
>
> Aug 8 05:40:18 docker slapd[2990]: daemon: read active on 14
> Aug 8 05:40:18 docker slapd[2990]: daemon: epoll: listen=9 active_threads=0
> tvp=zero
> Aug 8 05:40:18 docker slapd[2990]: daemon: epoll: listen=10 active_threads=0
> tvp=zero
No - something has set a different log level. You are seeing a lot of
connection-management and debug stuff rather than the query and
response summaries that you need.
You might do better to stop the server and run it manually. Something
like this:
/usr/sbin/slapd -d stats,stats2 -h ldap:/// -g openldap -u openldap
What I am expecting to see looks more like this (from a Cyrus mailbox
server using LDAP via saslauthd):
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND anonymous mech=implicit ssf=0
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND dn="cn=saslauthd,dc=ldap,dc=example,dc=com" method=128
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND dn="cn=saslauthd,dc=ldap,dc=example,dc=com" mech=SIMPLE ssf=0
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=103 RESULT tag=97 err=0 text=
That shows saslauthd connecting to LDAP and authenticating correctly.
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=myusername)"
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH attr=dn
That is the search to find the user account.
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=104 ENTRY dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=104 SEARCH RESULT tag=101 err=0 nentries=1 text=
That shows the search result: the user entry is "uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND anonymous mech=implicit ssf=0
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com" method=128
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com" mech=SIMPLE ssf=0
Aug 8 17:48:33 owl slapd[616]: conn=1282270 op=105 RESULT tag=97 err=0 text=
Finally the password is checked by binding to LDAP using the account DN and password as credentials.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------