Přihlášení | Registrace

napište » Zprávičky

dnes 10:44 | Nová verze

MicroPython (Wikipedie), tj. implementace Pythonu 3 optimalizovaná pro jednočipové počítače, byl vydán ve verzi 1.23.0. V přehledu novinek je vypíchnuta podpora dynamických USB zařízení nebo nové moduly openamp, tls a vfs.

Ladislav Hagara | Komentářů: 0

Ubuntu Core 24

dnes 10:22 | Nová verze

Canonical vydal Ubuntu Core 24. Představení na YouTube. Nová verze Ubuntu Core vychází z Ubuntu 24.04 LTS a podporována bude 12 let. Ubuntu Core je určeno pro IoT (internet věcí) a vestavěné systémy.

Ladislav Hagara | Komentářů: 0

DuckDB 1.0.0

dnes 01:00 | Nová verze

Databáze DuckDB (Wikipedie) dospěla po 6 letech do verze 1.0.0.

Ladislav Hagara | Komentářů: 0

Intel na veletrhu Computex 2024

včera 19:55 | IT novinky

Intel na veletrhu Computex 2024 představil (YouTube) mimo jiné procesory Lunar Lake a Xeon 6.

Ladislav Hagara | Komentářů: 0

Raspberry Pi AI Kit

včera 13:44 | IT novinky

Na blogu Raspberry Pi byl představen Raspberry Pi AI Kit určený vlastníkům Raspberry Pi 5, kteří na něm chtějí experimentovat se světem neuronových sítí, umělé inteligence a strojového učení. Jedná se o spolupráci se společností Hailo. Cena AI Kitu je 70 dolarů.

Ladislav Hagara | Komentářů: 0

FreeBSD 14.1

včera 13:22 | Nová verze

Byla vydána nová verze 14.1 svobodného unixového operačního systému FreeBSD. Podrobný přehled novinek v poznámkách k vydání.

Ladislav Hagara | Komentářů: 0

Kaspersky Virus Removal Tool (KVRT) také pro Linux

včera 12:55 | Zajímavý software

Společnost Kaspersky vydala svůj bezplatný Virus Removal Tool (KVRT) také pro Linux.

Ladislav Hagara | Komentářů: 6

LyX 2.4.0

včera 12:33 | Nová verze

Grafický editor dokumentů LyX, založený na TeXu, byl vydán ve verzi 2.4.0 shrnující změny za šest let vývoje. Novinky zahrnují podporu Unicode jako výchozí, export do ePub či DocBook 5 a velké množství vylepšení uživatelského rozhraní a prvků editoru samotného (např. rovnic, tabulek, citací).

Fluttershy, yay! | Komentářů: 4

Zabbix 7.0 LTS

včera 12:00 | Nová verze

Byla vydána (𝕏) nová verze 7.0 LTS open source monitorovacího systému Zabbix (Wikipedie). Přehled novinek v oznámení na webu, v poznámkách k vydání a v aktualizované dokumentaci.

Ladislav Hagara | Komentářů: 0

Apache NetBeans 22

včera 11:11 | Nová verze

Organizace Apache Software Foundation (ASF) vydala verzi 22 integrovaného vývojového prostředí a vývojové platformy napsané v Javě NetBeans (Wikipedie). Přehled novinek na GitHubu. Instalovat lze také ze Snapcraftu a Flathubu.

Ladislav Hagara | Komentářů: 3

Centrum | Napsat | Starší

Rozcestník

AbcLinuxu

HDmag.cz

AbcLinuxu:/ Poradna / Linuxová poradna / FreeBSD OpenLDAP nelze připojit

Štítky: BIND, BSD, cat, debugging, DNS, FreeBSD, Internet, konzole, LDAP, PAM, password, PHP, programování, server, SHA, SSH, Su, switch, test

Dotaz: FreeBSD OpenLDAP nelze připojit

14.6.2010 13:02 Martin
FreeBSD OpenLDAP nelze připojit

Přečteno: 1415×

Odpovědět | Admin

Dobrý den, snažím se rozjet OpenLDAP server a nedaří se mi. V podstatě jsem postupoval dle tohoto návodu, http://www.root.cz/clanky/poznamky-k-ldap/ Jen podotýkám že je vše postavené na FreeBSD 8.0. Tady jsou mé konfiguráky:

cat /usr/local/etc/openldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE	dc=test, dc=cz
URI	ldap://127.0.0.1/ 
#ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never
#

cat /usr/local/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

#loglevel 255 # pro debugging, do logu se dostane takka ve. Pozdji snite.

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath	/usr/local/libexec/openldap
moduleload	back_bdb
# moduleload	back_ldap
# moduleload	back_ldbm
# moduleload	back_passwd
# moduleload	back_shell

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#allow bind_v2  
# abyste mohli pouvat LDAP funkce PHP
password-hash {SSHA} 
# nebo njakou jinou; vyberte si z SMD5, SHA, SSHA, CRYPT

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"dc=test,dc=cz"
rootdn		"cn=root,dc=test,dc=cz"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		{SSHA}GPtyCSYW9X9+Qsx8FKGNehYjFjjQePdt
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/var/db/openldap-data
# Indices to maintain
index	objectClass	eq
#

cat /usr/local/etc/ldap.conf 
suffix  "dc=test, dc=cz"
host 127.0.0.1
#uri ldaps://ldap.test.cz/
pam_password md5

ldap_version 3
bind_policy             soft
pam_filter              objectclass=posixAccount
pam_login_attribute     uid
pam_member_attribute    memberuid

nss_base_passwd ou=People,dc=test,dc=cz
nss_base_shadow ou=People,dc=test,dc=cz
nss_base_group  ou=Group,dc=test,dc=cz

#nss_reconnect_sleeptime
#nss_reconnect_maxsleeptime
#nss_reconnect_maxconntries directives

scope one

cat /etc/pam.d/system 
#%PAM-1.0

auth            required        pam_env.so
auth            sufficient      pam_unix.so likeauth nullok
auth            sufficient      /usr/local/lib/pam_ldap.so use_first_pass
auth            required        pam_deny.so

account         required        pam_unix.so
account         sufficient      /usr/local/lib/pam_ldap.so

password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password        sufficient      pam_unix.so nullok md5 shadow use_authtok
password        sufficient      /usr/local/lib/pam_ldap.so use_authtok
password        required        pam_deny.so

session         required        pam_limits.so
session         required        pam_unix.so
session         optional        /usr/local/lib/pam_ldap.so

cat /etc/pam.d/sshd 
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth		sufficient	pam_opie.so		no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so	no_warn allow_local
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth 		sufficient 	/usr/local/lib/pam_ldap.so no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account 	required	pam_krb5.so
account		required	pam_login_access.so
account sufficient /usr/local/lib/pam_ldap.so
account		required	pam_unix.so

# session
#session 	optional	pam_ssh.so
session sufficient /usr/local/lib/pam_ldap.so
session		required	pam_permit.so

# password
#password	sufficient	pam_krb5.so		no_warn try_first_pass
password sufficient /usr/local/lib/pam_ldap.so
password	required	pam_unix.so		no_warn try_first_pass

cat /etc/nsswitch.conf 
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

Po nastartování OpenLDAP mi vyhodí do logu:

Jun 14 12:11:49 freebsd sshd[5132]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Jun 14 12:11:49 freebsd sshd[5132]: pam_ldap: reconnecting to LDAP server...
Jun 14 12:11:49 freebsd sshd[5132]: pam_ldap: ldap_simple_bind Can't contact LDAP server

pokud se snažím připojit pomocí ssh tak:

sshd[5132]: in _openpam_check_error_code(): pam_sm_acct_mgmt(): unexpected return value 12

a pokud pomocí su z konzole tak:

su root
su: pam_start: system error

Mohl by mi někdo poradit co dělám špatně? Uživatele mám převedené pomocí scriptů. A pokud zadám ldapsearch -x -D "cn=root,dc=test,dc=cz" -W tak to taky správně vše vypíše.

Nástroje: Začni sledovat (0) ?

Odpovědi

14.6.2010 19:07 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Odkomentuj řádek loglevel, nastav na 255, spusť openldap server, zkus se přihlásit a pak pošli log.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 19:33 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Takže log zapnutý, udělal jsem to že se připojuji na pomocí SSH na server jako root.

auth.log
Jun 14 19:28:54 freebsd sshd[5261]: pam_ldap: error trying to bind as user "uid=root,ou=People,dc=test,dc=cz" (Invalid credentials)
Jun 14 19:28:54 freebsd sshd[5259]: Accepted keyboard-interactive/pam for root from 192.168.56.1 port 40699 ssh2

debug.log
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=sshd,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=sshd,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=sshd,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=smmsp,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=smmsp,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=mailnull,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=mailnull,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=guest,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=guest,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=bind,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=bind,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=proxy,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=proxy,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=authpf,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=authpf,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=_pflogd,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=_dhcp,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=uucp,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=uucp,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=dialer,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=dialer,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=network,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=network,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=audit,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=audit,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=www,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=www,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=nogroup,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=nogroup,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=nobody,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=nobody,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=ldap,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=ldap,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=freeradius,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=freeradius,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=pheek,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=pheek,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=test,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=test,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: send_paged_response: lastid=0x00000000 nentries=33
Jun 14 19:30:07 freebsd slapd[5211]: send_ldap_result: conn=10 op=1 p=3
Jun 14 19:30:07 freebsd slapd[5211]: send_ldap_result: err=0 matched="" text=""
Jun 14 19:30:07 freebsd slapd[5211]: send_ldap_response: msgid=2 tag=101 err=0
Jun 14 19:30:07 freebsd slapd[5211]: daemon: activity on 1 descriptor
Jun 14 19:30:07 freebsd slapd[5211]: daemon: activity on:
Jun 14 19:30:07 freebsd slapd[5211]:  11r
Jun 14 19:30:07 freebsd slapd[5211]: 
Jun 14 19:30:07 freebsd slapd[5211]: daemon: read activity on 11
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: connection_get(11)
Jun 14 19:30:07 freebsd slapd[5211]: connection_get(11): got connid=10
Jun 14 19:30:07 freebsd slapd[5211]: connection_read(11): checking for input on id=10
Jun 14 19:30:07 freebsd slapd[5211]: ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
Jun 14 19:30:07 freebsd slapd[5211]: connection_read(11): input error=-2 id=10, closing.
Jun 14 19:30:07 freebsd slapd[5211]: connection_closing: readying conn=10 sd=11 for close
Jun 14 19:30:07 freebsd slapd[5211]: daemon: activity on 1 descriptor
Jun 14 19:30:07 freebsd slapd[5211]: daemon: waked
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: connection_close: conn=10 sd=11
Jun 14 19:30:07 freebsd slapd[5211]: daemon: removing 11

messages
Jun 14 19:28:54 freebsd sshd[5261]: pam_ldap: error trying to bind as user "uid=root,ou=People,dc=test,dc=cz" (Invalid credentials)

14.6.2010 19:39 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Bylo by možný poslat ten debug log od stejného časového údaje, jaký je uveden u toho chybného přihlášení? Tj. Jun 14 19:28:54 nebo o pár vteřin dřív? Mám určité tušení…

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 19:47 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

degug.log (139216 bytů)

Posílám.

14.6.2010 19:57 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Takže, chybka bude někde tady:


Jun 14 19:28:54 freebsd slapd[5211]: >>> dnPrettyNormal: uid=root,ou=People,dc=test,dc=cz
Jun 14 19:28:54 freebsd slapd[5211]: <<< dnPrettyNormal: uid=root,ou=People,dc=test,dc=cz, uid=root,ou=people,dc=test,dc=cz
Jun 14 19:28:54 freebsd slapd[5211]: do_bind: version=3 dn="uid=root,ou=People,dc=test,dc=cz" method=128
Jun 14 19:28:54 freebsd slapd[5211]: ==> bdb_bind: dn: uid=root,ou=People,dc=test,dc=cz
Jun 14 19:28:54 freebsd slapd[5211]: bdb_dn2entry("uid=root,ou=people,dc=test,dc=cz")
Jun 14 19:28:54 freebsd slapd[5211]: => access_allowed: auth access to "uid=root,ou=People,dc=test,dc=cz" "userPassword" requested
Jun 14 19:28:54 freebsd slapd[5211]: => slap_access_allowed: backend default auth access granted to "(anonymous)"
Jun 14 19:28:54 freebsd slapd[5211]: => access_allowed: auth access granted by read(=rscxd)
Jun 14 19:28:54 freebsd slapd[5211]: send_ldap_result: conn=8 op=3 p=3
Jun 14 19:28:54 freebsd slapd[5211]: send_ldap_result: err=49 matched="" text=""
Jun 14 19:28:54 freebsd slapd[5211]: send_ldap_response: msgid=4 tag=97 err=49

Přesněji řečeno ta chyba 49. Pohledem do dokumentace jsem zjistil, že err=49 znamená LDAP_INVALID_CREDENTIALS, nicméně je to u uživatele, skrze kterého se snažíte připojit k LDAP serveru, nikoliv kterého se snažíte autentifikovat. Mohl byste zaslat ještě konfigurák k tomu ldap PAM modulu?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:00 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Mod děkuji za pomoc, já už vyzkoušel všechno co jsem mohl ale nic nepomohlo, tady je konfigurák:

cat ldap.conf 
host 127.0.0.1
suffix  "dc=test, dc=cz"

uri ldap://127.0.0.1
pam_password md5

ldap_version 3
bind_policy             soft
pam_filter              objectclass=posixAccount
pam_login_attribute     uid
pam_member_attribute    memberuid

nss_base_passwd ou=People,dc=test,dc=cz
nss_base_shadow ou=People,dc=test,dc=cz
nss_base_group  ou=Group,dc=test,dc=cz

scope one

14.6.2010 20:06 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Prima. Zkuste do toho souboru dopsat řádky
binddn "cn=root,dc=test,dc=cz"
bindpw {SSHA}GPtyCSYW9X9+Qsx8FKGNehYjFjjQePdt
Pak to bude chtít asi restartovat PAM subsystém.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:22 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Takže jsem přidal, výsledek po restartu je:

debug.log
Jun 14 20:18:37 freebsd slapd[5685]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcT
Jun 14 20:18:37 freebsd slapd[5685]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olc
Jun 14 20:20:10 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:10 freebsd slapd[5686]: send_ldap_response: msgid=1 tag=97 err=34
Jun 14 20:20:10 freebsd slapd[5686]: ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
Jun 14 20:20:10 freebsd slapd[5686]: connection_read(11): input error=-2 id=0, closing.
Jun 14 20:20:10 freebsd slapd[5686]: connection_close: deferring conn=0 sd=11

Nevím jak v freebsd restartovat pam, ostatní logy mlčí. Při pokus se přihlásit:

debug.log
Jun 14 20:20:39 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:39 freebsd slapd[5686]: send_ldap_response: msgid=1 tag=97 err=34
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_response: msgid=2 tag=97 err=34
Jun 14 20:20:41 freebsd slapd[5686]: ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
Jun 14 20:20:41 freebsd slapd[5686]: connection_read(11): input error=-2 id=1, closing.
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_response: msgid=1 tag=97 err=34

auth.log
Jun 14 20:20:39 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)
Jun 14 20:20:41 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)
Jun 14 20:20:41 freebsd sshd[5689]: Accepted keyboard-interactive/pam for root from 192.168.56.1 port 60097 ssh2
Jun 14 20:20:41 freebsd sshd[5692]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Invalid DN syntax

message
Jun 14 20:18:37 freebsd slapd[5685]: nss_ldap: could not search LDAP server - Server is unavailable
Jun 14 20:20:39 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)
Jun 14 20:20:41 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)

14.6.2010 20:28 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Okey, tak zkuste ten binddn zapsat bez uvozovek a taky zkuste to bindpw zadat nezašifrované, tedy v plaintextu (je to to heslo, co máte jako admin do LDAP). Nejsem si právě jist, v jakém tvaru to má být zapsané.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:42 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

debug.log (136017 bytů)

Bez uvozovek je to o něco lepší ale stále to nefunguje. Zkusil jsme i plaintext ale to je stejné jako když tam dám SSHA Log po restartu:

debug.log
Jun 14 20:31:29 freebsd slapd[5754]: daemon: shutdown requested and initiated.
Jun 14 20:31:29 freebsd slapd[5754]: daemon: closing 6
Jun 14 20:31:29 freebsd slapd[5754]: daemon: closing 7
Jun 14 20:31:29 freebsd slapd[5754]: slapd shutdown: waiting for 0 operations/tasks to finish
Jun 14 20:31:29 freebsd slapd[5754]: slapd shutdown: initiated
Jun 14 20:31:29 freebsd slapd[5754]: ====> bdb_cache_release_all
Jun 14 20:31:29 freebsd slapd[5754]: slapd destroy: freeing system resources.
Jun 14 20:31:29 freebsd slapd[5754]: slapd stopped.
Jun 14 20:31:29 freebsd slapd[5797]: @(#) $OpenLDAP: slapd 2.4.18 (Sep  9 2009 07:45:36) $ 	root@freebsd.org:/work/a/ports/net/openldap24-server/work/openldap-2.4.18/servers/slapd
Jun 14 20:31:29 freebsd slapd[5797]: line 18 (pidfile		/var/run/openldap/slapd.pid)
Jun 14 20:31:29 freebsd slapd[5797]: line 19 (argsfile	/var/run/openldap/slapd.args)
Jun 14 20:31:29 freebsd slapd[5797]: line 22 (modulepath	/usr/local/libexec/openldap)
Jun 14 20:31:29 freebsd slapd[5797]: line 23 (moduleload	back_bdb)
Jun 14 20:31:29 freebsd slapd[5797]: loaded module back_bdb
Jun 14 20:31:29 freebsd slapd[5797]: bdb_back_initialize: initialize BDB backend
Jun 14 20:31:29 freebsd slapd[5797]: bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
Jun 14 20:31:29 freebsd slapd[5797]: module back_bdb: null module registered
Jun 14 20:31:29 freebsd slapd[5797]: line 53 (password-hash {SSHA})
Jun 14 20:31:29 freebsd slapd[5797]: line 59 (database	bdb)
Jun 14 20:31:29 freebsd slapd[5797]: bdb_db_init: Initializing BDB database
Jun 14 20:31:29 freebsd slapd[5797]: line 60 (suffix		"=test,=cz")
Jun 14 20:31:29 freebsd slapd[5797]: >>> dnPrettyNormal: <=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: <<< dnPrettyNormal: <=test,=cz>, <=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: line 61 (rootdn		"=root,=test,=cz")
Jun 14 20:31:29 freebsd slapd[5797]: >>> dnPrettyNormal: <=root,=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: <<< dnPrettyNormal: <=root,=test,=cz>, <=root,=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: line 65 (rootpw ***)
Jun 14 20:31:29 freebsd slapd[5797]: line 69 (directory	/var/db/openldap-data)
Jun 14 20:31:29 freebsd slapd[5797]: line 71 (index	objectClass	eq)
Jun 14 20:31:29 freebsd slapd[5797]: index objectClass 0x0004
Jun 14 20:31:29 freebsd slapd[5797]: >>> dnNormalize: <=Subschema>
Jun 14 20:31:29 freebsd slapd[5797]: <<< dnNormalize: <=subschema>
Jun 14 20:31:29 freebsd slapd[5797]: matching_rule_use_init
Jun 14 20:31:29 freebsd slapd[5797]:     1.2.840.113556.1.4.804 (integerBitOrMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     1.2.840.113556.1.4.803 (integerBitAndMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $  $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ AMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
Jun 14 20:31:29 freebsd slapd[5797]:     1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $  $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ AMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.39 (certificateListMatch): 
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.38 (certificateListExactMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.35 (certificateMatch): 
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.34 (certificateExactMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.30 (objectIdentifierFirstComponentMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.29 (integerFirstComponentMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.27 (generalizedTimeMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.24 (protocolInformationMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.23 (uniqueMemberMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.22 (presentationAddressMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.20 (telephoneNumberMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.17 (octetStringMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.16 (bitStringMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.14 (integerMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.13 (booleanMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSpNoPresent $ olcSpReloadHint $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.11 (caseIgnoreListMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.8 (numericStringMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.7 (caseExactSubstringsMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.6 (caseExactOrderingMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.5 (caseExactMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $  $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcT
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.4 (caseIgnoreSubstringsMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.3 (caseIgnoreOrderingMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.2 (caseIgnoreMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $  $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olc
Jun 14 20:31:29 freebsd slapd[5797]:     1.2.36.79672281.1.13.3 (rdnMatch): 
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.1 (distinguishedNameMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcRelay $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.0 (objectIdentifierMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )
Jun 14 20:31:29 freebsd slapd[5798]: slapd startup: initiated.
Jun 14 20:31:29 freebsd slapd[5798]: backend_startup_one: starting "=config"
Jun 14 20:31:29 freebsd slapd[5798]: config_back_db_open
Jun 14 20:31:29 freebsd slapd[5798]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "=config"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "=module{0}"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "=schema"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={0}core"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={1}cosine"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={2}inetorgperson"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={3}nis"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "olcDatabase={-1}frontend"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "olcDatabase={0}config"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "olcDatabase={1}bdb"
Jun 14 20:31:29 freebsd slapd[5798]: backend_startup_one: starting "=test,=cz"
Jun 14 20:31:29 freebsd slapd[5798]: bdb_db_open: "=test,=cz"
Jun 14 20:31:29 freebsd slapd[5798]: bdb_db_open: database "=test,=cz": dbenv_open(/var/db/openldap-data).
Jun 14 20:31:29 freebsd slapd[5798]: slapd starting
Jun 14 20:31:29 freebsd slapd[5798]: daemon: added 4r listener=0x0
Jun 14 20:31:29 freebsd slapd[5798]: daemon: added 6r listener=0x8019450c0
Jun 14 20:31:29 freebsd slapd[5798]: daemon: added 7r listener=0x801945180
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 14 20:31:29 freebsd slapd[5798]: daemon: activity on 1 descriptor
Jun 14 20:31:29 freebsd slapd[5798]: daemon: waked
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=7 active_threads=0 tvp=NULL

Log debug je zase přílohou a je to už při pokusu o přihlášení.

auth.log
Jun 14 20:34:03 freebsd sshd[5813]: pam_ldap: error trying to bind as user "uid=root,ou=People,=test,=cz" (Invalid credentials)
Jun 14 20:34:03 freebsd sshd[5811]: Accepted keyboard-interactive/pam for root from 192.168.56.1 port 41477 ssh2

message
Jun 14 20:34:03 freebsd sshd[5813]: pam_ldap: error trying to bind as user "uid=root,ou=People,=test,=cz" (Invalid credentials)

14.6.2010 20:53 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Hmm, tak už mě napadá jen jedna věc. A to že jsou špatně nastavená oprávnění. Tudíž bych zkusil zakomentovat ty dva řádky, co jsi zadal a vrátil se zpátky k slapd.conf a zkusil tam dát


access to attrs=userPassword
 	by dn="cn=root,dc=test,dc=cz" write
 	by anonymous auth
 	by self write
 	by * none

access to attrs=uidNumber,gidNumber,uid,homeDirectory
 	by dn="cn=root,dc=test,dc=cz" write
 	by self read
 	by * read

access to *
 	by dn="cn=root,dc=test,dc=cz" write
 	by self write
 	by * read

Ve zkratce. V první sekci se nastavuje, že k userPasswd bude mít R/W práva root a samotný uživatel, anonymous bude mít možnost čtení a ostatní se k němu nedostanou. Atributy uidNumber,gidNumber,uid,homeDirectory budou R/W pro roota, pro uživatele pro čtení a pro ostatní pro čtení. Ostatní atributy budou R/W přístupny pro roota, pro uživatele a pro ostatní jen pro čtení.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:55 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

A nakonec… máš povolené přihlášení roota přes SSH?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:56 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Odpovím si sám. Máš. :-)

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:06 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

JJ povolený mám, protože přes pam se tam přihlásím, jak vůbec zjistím přes co se tam uživatel dostal? Ty poslední kroky jsem vyzkoušel a nic, pořád stejné, už si s tím nevím rady, přece to nějak fungovat musí. Uživatele jsem vytvořil pomoci MigrationTools-47, takže tam ten uživatel root musí být. I jiní uživatelé která v systému jsou a vzal jsem je do LDAP nejedou. :(

14.6.2010 21:11 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Bylo by možné zkusit u nějakého uživatele změnit LDAP heslo a pak se znovu přihlásit?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:16 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

A zkus ještě změnit loglevel na 384 a restartovat openldap a přihlásit se. A pak zase oblíbené kolečko s logy :-)

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:23 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Nechci být za hňupa, ale jak zmenit heslo nějakému uživateli v LDAP, když nemám nainstalované nějaké klikátko :) Jinak log jsem zvedl a je to zajimavé:

debug.log
Jun 14 21:21:33 freebsd slapd[1562]: @(#) $OpenLDAP: slapd 2.4.18 (Sep  9 2009 07:45:36) $ 	root@freebsd.org:/work/a/ports/net/openldap24-server/work/openldap-2.4.18/servers/slapd
Jun 14 21:21:33 freebsd slapd[1563]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
Jun 14 21:21:33 freebsd slapd[1563]: slapd starting

14.6.2010 21:24 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

následně se v logu ukazalo toto:

Jun 14 21:22:08 freebsd slapd[1563]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:36857 (IP=127.0.0.1:389)
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 op=0 RESULT tag=97 err=49 text=
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 op=1 UNBIND
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 fd=11 closed
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 op=0 RESULT tag=97 err=49 text=
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 fd=12 ACCEPT from IP=127.0.0.1:23152 (IP=127.0.0.1:389)
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 op=1 UNBIND
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 fd=12 closed

14.6.2010 21:28 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Nevím, co máš přesně za konzolové nástroje, ale dalo by se to udělat kupříkladu přes Apache Directory Studio (klient pro Win). A nebo zkusit ldapmodify? Nevím, k produkčnímu serveru se teďka nedostanu, a je to dlouho, co jsem něco takového použil.

Pošli zase část logu, když se přihlašuješ. Je tam něco shnilého s ACL.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:34 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

tady je další část logu po přihlášení:

debug.log
Jun 14 21:32:11 freebsd slapd[1723]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:56043 (IP=127.0.0.1:389)
Jun 14 21:32:11 freebsd slapd[1723]: conn=0 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:11 freebsd slapd[1723]: conn=0 op=0 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=0 op=1 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:13 freebsd slapd[1723]: conn=0 op=1 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=0 fd=11 closed (connection lost)
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 fd=11 ACCEPT from IP=127.0.0.1:25834 (IP=127.0.0.1:389)
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 op=0 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 op=1 UNBIND
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 fd=11 closed
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 fd=11 ACCEPT from IP=127.0.0.1:40514 (IP=127.0.0.1:389)
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 op=0 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 op=1 UNBIND
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 fd=11 closed

auth.log
Jun 14 21:32:11 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1724]: Accepted keyboard-interactive/pam for test from 192.168.56.1 port 48165 ssh2
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Invalid credentials
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Invalid credentials
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: could not search LDAP server - Server is unavailable

message
Jun 14 21:32:11 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: could not search LDAP server - Server is unavailable

14.6.2010 21:36 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Mohl bys ještě poslat obsah souboru /usr/local/etc/nss_ldap.conf?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:41 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Ten je stejný jako ldap.conf, mám ho z tohoto soubory symlinkovanej.

14.6.2010 21:46 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

db.txt (16629 bytů)

pokud zadám ldapsearch -D "cn=root,dc=testdc=cz" -W tak mi DB notmálně vyjede, přikládám ji.

14.6.2010 21:52 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Ale pokud zadám ldapsearch -x -H ldap://127.0.0.1 "cn=root,dc=test,dc=cz" -W tak dostanu:

# extended LDIF
#
# LDAPv3
# base <=test,=cz> (default) with scope subtree
# filter: =root,=test,=cz
# requesting: -W 
#

# search result
search: 2
result: 0 Success

# numResponses: 1

nevím zda je ten příkaz správně abych se připojil k LDAP na 127.0.0.1 musel jsem odstranit z výpisu DC a CN znaky tak aby mi tato konference výpis logu vzala-

14.6.2010 21:53 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Hm, dobře. Pro dnešek bych to ukončil a pokračoval zítra, nevadilo by? Podívám se zítra na server, jak to tam mám.

Překvapuje mě, že jsou u všech uživatelů stejné hashe hesel. Navíc mi ten typ hashe nic neříká.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:57 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

OK ukončíme to, jen se zeptám, nebyl by na tebe nějaký kontakt, třeba Jabber nebo ICQ, jsem ti moc vděčný za pomoc.

14.6.2010 21:58 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Jabber honza@betik.cz

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:57 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Heslo uživatele by mělo jít změnit pomocí příkazu

ldappasswd -D "cn=root,dc=test,dc=cz" -S -W "uid=UŽIVATEL,ou=SKUPINA,dc=test,dc=cz"

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 22:04 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

heslo jsem změnil pro uživatele "test" ale když se přihlásím tak zase jenom starým heslem a to tím které je v systému. Jseš online?

14.6.2010 22:05 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Jj, jsem. Já to vypínám málokdy.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 22:07 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

přidal jsem si tě ale nevidím tě online :(

14.6.2010 22:09 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Tak napiš, nejspíš to bude dělat antispam. A nebo můžeš svoje JID poslat e-mailem na stejnou adresu jako mám jabber.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 19:41 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

debug.log (16002 bytů)

A takhle vypadá log po startu LDAP

Založit nové vlákno • Nahoru

Tiskni Sdílej:

Píšeme jinde

ISSN 1214-1267 www.czech-server.cz

Redakce | Inzerce | Podmínky použití | Osobní údaje