[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap Configuration issues



Please keep the discussion on-list so that others can find it
if they have similar problems.

On Tue, Aug 08, 2017 at 12:44:25PM +0200, R H wrote:
> Subject: Re: Openldap Configuration issues

> > No point in changing stuff without knowing what is going on.
> > Add this to your config and restart slapd:
> >        loglevel stats,stats2

> after setting loglevel to stats, stats2
> 
> Aug  8 05:40:18 docker slapd[2990]: daemon: read active on 14
> Aug  8 05:40:18 docker slapd[2990]: daemon: epoll: listen=9 active_threads=0
> tvp=zero
> Aug  8 05:40:18 docker slapd[2990]: daemon: epoll: listen=10 active_threads=0
> tvp=zero

No - something has set a different log level. You are seeing a lot of
connection-management and debug stuff rather than the query and
response summaries that you need.

You might do better to stop the server and run it manually. Something
like this:

	/usr/sbin/slapd -d stats,stats2 -h ldap:/// -g openldap -u openldap

What I am expecting to see looks more like this (from a Cyrus mailbox
server using LDAP via saslauthd):

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND anonymous mech=implicit ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND dn="cn=saslauthd,dc=ldap,dc=example,dc=com" method=128
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND dn="cn=saslauthd,dc=ldap,dc=example,dc=com" mech=SIMPLE ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 RESULT tag=97 err=0 text=

That shows saslauthd connecting to LDAP and authenticating correctly.

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=myusername)"
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH attr=dn

That is the search to find the user account.

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 ENTRY dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SEARCH RESULT tag=101 err=0 nentries=1 text=

That shows the search result: the user entry is "uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND anonymous mech=implicit ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com" method=128
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com" mech=SIMPLE ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 RESULT tag=97 err=0 text=

Finally the password is checked by binding to LDAP using the account DN and password as credentials.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------