<quote who="Jonathan Wage"> > Uncommented and restarted ldap with the following command: > > sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf
Can you start up with -d -1 and just paste the first say 50 lines. and CC your reply to [email protected] > > Then when I run this command: > > sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif > > I get this in the screen with slapd running: > > conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389) > conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 > conn=0 op=0 RESULT tag=97 err=49 text= > conn=0 fd=12 closed (connection lost) > > The error code translates to incorrect DN or password. > > - Jon > > On Dec 21, 2007 1:52 PM, Gavin Henry <[EMAIL PROTECTED]> wrote: > >> Uncommment: >> >> # modulepath /usr/libexec/openldap >> # moduleload back_bdb.la >> >> -- >> Kind Regards, >> >> Gavin Henry. >> Managing Director. >> >> T +44 (0) 1224 279484 >> M +44 (0) 7930 323266 >> F +44 (0) 1224 824887 >> E [EMAIL PROTECTED] >> >> Open Source. Open Solutions(tm). >> >> http://www.suretecsystems.com/ >> >> <quote who="Jonathan Wage"> >> > When I start slapd like you said above I am able to see the logs. I >> then >> > run >> > the same command where I get the invalid credentials and I get the >> > following: >> > >> > ------------------ >> > >> > daemon: activity on 1 descriptor >> > daemon: listen=7, new connection on 13 >> > daemon: added 13r >> > conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389) >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> > daemon: activity on 1 descriptor >> > daemon: activity on: 13r >> > daemon: read activity on 13 >> > connection_get(13) >> > connection_get(13): got connid=1 >> > connection_read(13): checking for input on id=1 >> > ber_get_next >> > ldap_read: want=8, got=8 >> > 0000: 30 2e 02 01 01 60 29 02 >> > 0....`). >> > ldap_read: want=40, got=40 >> > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 >> > ....cn=Manager,d >> > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d >> > c=example,dc=com >> > 0020: 80 06 73 65 63 72 65 74 >> > ..secret >> > ber_get_next: tag 0x30 len 46 contents: >> > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46 >> > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e >> > ...`).....cn=Man >> > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c >> > ager,dc=example, >> > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 >> > dc=com..secret >> > ber_get_next >> > ldap_read: want=8 error=Resource temporarily unavailable >> > ber_get_next on fd 13 failed errno=35 (Resource temporarily >> unavailable) >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> > do_bind >> > ber_scanf fmt ({imt) ber: >> > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43 >> > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 >> > `).....cn=Manage >> > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d >> > r,dc=example,dc= >> > 0020: 63 6f 6d 80 06 73 65 63 72 65 74 >> > com..secret >> > ber_scanf fmt (m}) ber: >> > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8 >> > 0000: 00 06 73 65 63 72 65 74 >> > ..secret >> >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> >> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0) >> > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 >> > => ldap_dn2bv(272) >> > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 >> > => ldap_dn2bv(272) >> > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 >> > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, >> > <cn=manager,dc=example,dc=com> >> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 >> > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 >> > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com >> > bdb_dn2entry("cn=manager,dc=example,dc=com") >> > => bdb_dn2id("dc=example,dc=com") >> > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found >> > (-30990) >> > send_ldap_result: conn=1 op=0 p=3 >> > send_ldap_result: err=49 matched="" text="" >> > send_ldap_response: msgid=1 tag=97 err=49 >> > ber_flush: 14 bytes to sd 13 >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 >> > 0....a...1.... >> > ldap_write: want=14, written=14 >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 >> > 0....a...1.... >> > conn=1 op=0 RESULT tag=97 err=49 text= >> > daemon: activity on 1 descriptor >> > daemon: activity on: 13r >> > daemon: read activity on 13 >> > connection_get(13) >> > connection_get(13): got connid=1 >> > connection_read(13): checking for input on id=1 >> > ber_get_next >> > ldap_read: want=8, got=0 >> > >> > ber_get_next on fd 13 failed errno=0 (Undefined error: 0) >> > connection_read(13): input error=-2 id=1, closing. >> > connection_closing: readying conn=1 sd=13 for close >> > connection_close: deferring conn=1 sd=13 >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> > daemon: activity on 1 descriptor >> > daemon: waked >> > daemon: select: listen=6 active_threads=0 tvp=NULL >> > daemon: select: listen=7 active_threads=0 tvp=NULL >> > connection_resched: attempting closing conn=1 sd=13 >> > connection_close: conn=1 sd=13 >> > daemon: removing 13 >> > conn=1 fd=13 closed (connection lost) >> > >> > - Jon >> > >> > On Dec 21, 2007 10:54 AM, Gavin Henry <[EMAIL PROTECTED]> >> wrote: >> > >> >> <quote who="Jonathan Wage"> >> >> > Here is my slapd.conf >> >> > >> >> > # >> >> > # See slapd.conf(5) for details on configuration options. >> >> > # This file should NOT be world readable. >> >> > # >> >> > include /private/etc/openldap/schema/core.schema >> >> > >> >> > # Define global ACLs to disable default read access. >> >> > >> >> > # Do not enable referrals until AFTER you have a working directory >> >> > # service AND an understanding of referrals. >> >> > #referral ldap://root.openldap.org >> >> > >> >> > pidfile /private/var/db/openldap/run/slapd.pid >> >> > argsfile /private/var/db/openldap/run/slapd.args >> >> > >> >> > # Load dynamic backend modules: >> >> > # modulepath /usr/libexec/openldap >> >> > # moduleload back_bdb.la >> >> > # moduleload back_ldap.la >> >> > # moduleload back_ldbm.la >> >> > # moduleload back_passwd.la >> >> > # moduleload back_shell.la >> >> > >> >> > # Sample security restrictions >> >> > # Require integrity protection (prevent hijacking) >> >> > # Require 112-bit (3DES or better) encryption for updates >> >> > # Require 63-bit encryption for simple bind >> >> > # security ssf=1 update_ssf=112 simple_bind=64 >> >> > >> >> > # Sample access control policy: >> >> > # Root DSE: allow anyone to read it >> >> > # Subschema (sub)entry DSE: allow anyone to read it >> >> > # Other DSEs: >> >> > # Allow self write access >> >> > # Allow authenticated users read access >> >> > # Allow anonymous users to authenticate >> >> > # Directives needed to implement policy: >> >> > # access to dn.base="" by * read >> >> > # access to dn.base="cn=Subschema" by * read >> >> > # access to * >> >> > # by self write >> >> > # by users read >> >> > # by anonymous auth >> >> > # >> >> > # if no access controls are present, the default policy >> >> > # allows anyone and everyone to read anything but restricts >> >> > # updates to rootdn. (e.g., "access to * by * read") >> >> > # >> >> > # rootdn can always read and write EVERYTHING! >> >> > >> >> > >> ####################################################################### >> >> > # BDB database definitions >> >> > >> ####################################################################### >> >> > >> >> > database bdb >> >> > suffix "dc=example,dc=com" >> >> > rootdn "cn=Manager,dc=example,dc=com" >> >> > # Cleartext passwords, especially for the rootdn, should >> >> > # be avoid. See slappasswd(8) and slapd.conf(5) for details. >> >> > # Use of strong authentication encouraged. >> >> > rootpw secret >> >> > # The database directory MUST exist prior to running slapd AND >> >> > # should only be accessible by the slapd and slap tools. >> >> > # Mode 700 recommended. >> >> > directory /private/var/db/openldap/openldap-data >> >> > # Indices to maintain >> >> > index objectClass eq >> >> > >> >> > >> >> > Which logs are you referring to? The openldap log? >> >> >> >> Start slapd by hand with -d -1 >> >> >> >> and then bind via ldapsearch. >> >> >> >> >> >> >> > >> > >> > -- >> > Jonathan Wage >> > http://www.jwage.com >> > http://www.centresource.com >> > >> >> > > > -- > Jonathan Wage > http://www.jwage.com > http://www.centresource.com >
