Starting with:
sudo ./slapd -d -1 -f /private/etc/openldap/slapd.conf
Produces this:
daemon: activity on 1 descriptor
daemon: listen=7, new connection on 12
daemon: added 12r
conn=1 fd=12 ACCEPT from IP=127.0.0.1:64694 (IP=0.0.0.0:389)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ldap_read: want=8, got=8
0000: 30 2e 02 01 01 60 29 02
0....`).
ldap_read: want=40, got=40
0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64
....cn=Manager,d
0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d
c=example,dc=com
0020: 80 06 73 65 63 72 65 74
..secret
ber_get_next: tag 0x30 len 46 contents:
ber_dump: buf=0x00345680 ptr=0x00345680 end=0x003456ae len=46
0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e
...`).....cn=Man
0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c
ager,dc=example,
0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74
dc=com..secret
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=35 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x00345680 ptr=0x00345683 end=0x003456ae len=43
0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65
`).....cn=Manage
0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d
r,dc=example,dc=
0020: 63 6f 6d 80 06 73 65 63 72 65 74
com..secret
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
ber_scanf fmt (m}) ber:
ber_dump: buf=0x00345680 ptr=0x003456a6 end=0x003456ae len=8
0000: 00 06 73 65 63 72 65 74
..secret
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
=> ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
<= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>,
<cn=manager,dc=example,dc=com>
do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
==> bdb_bind: dn: cn=Manager,dc=example,dc=com
bdb_dn2entry("cn=manager,dc=example,dc=com")
=> bdb_dn2id("dc=example,dc=com")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30990)
send_ldap_result: conn=1 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 12
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
0....a...1....
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
0....a...1....
conn=1 op=0 RESULT tag=97 err=49 text=
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Undefined error: 0)
connection_read(12): input error=-2 id=1, closing.
connection_closing: readying conn=1 sd=12 for close
connection_close: conn=1 sd=12
daemon: removing 12
conn=1 fd=12 closed (connection lost)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: waked
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
On Dec 21, 2007 2:09 PM, Gavin Henry <[EMAIL PROTECTED]> wrote:
> <quote who="Jonathan Wage">
> > Uncommented and restarted ldap with the following command:
> >
> > sudo ./slapd -d 256 -f /private/etc/openldap/slapd.conf
>
> Can you start up with -d -1 and just paste the first say 50 lines.
>
> and CC your reply to [email protected]
>
> >
> > Then when I run this command:
> >
> > sudo ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
> >
> > I get this in the screen with slapd running:
> >
> > conn=0 fd=12 ACCEPT from IP=127.0.0.1:64609 (IP=0.0.0.0:389)
> > conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
> > conn=0 op=0 RESULT tag=97 err=49 text=
> > conn=0 fd=12 closed (connection lost)
> >
> > The error code translates to incorrect DN or password.
> >
> > - Jon
> >
> > On Dec 21, 2007 1:52 PM, Gavin Henry <[EMAIL PROTECTED]> wrote:
> >
> >> Uncommment:
> >>
> >> # modulepath /usr/libexec/openldap
> >> # moduleload back_bdb.la
> >>
> >> --
> >> Kind Regards,
> >>
> >> Gavin Henry.
> >> Managing Director.
> >>
> >> T +44 (0) 1224 279484
> >> M +44 (0) 7930 323266
> >> F +44 (0) 1224 824887
> >> E [EMAIL PROTECTED]
> >>
> >> Open Source. Open Solutions(tm).
> >>
> >> http://www.suretecsystems.com/
> >>
> >> <quote who="Jonathan Wage">
> >> > When I start slapd like you said above I am able to see the logs. I
> >> then
> >> > run
> >> > the same command where I get the invalid credentials and I get the
> >> > following:
> >> >
> >> > ------------------
> >> >
> >> > daemon: activity on 1 descriptor
> >> > daemon: listen=7, new connection on 13
> >> > daemon: added 13r
> >> > conn=1 fd=13 ACCEPT from IP=127.0.0.1:63502 (IP=0.0.0.0:389)
> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> > daemon: activity on 1 descriptor
> >> > daemon: activity on: 13r
> >> > daemon: read activity on 13
> >> > connection_get(13)
> >> > connection_get(13): got connid=1
> >> > connection_read(13): checking for input on id=1
> >> > ber_get_next
> >> > ldap_read: want=8, got=8
> >> > 0000: 30 2e 02 01 01 60 29 02
> >> > 0....`).
> >> > ldap_read: want=40, got=40
> >> > 0000: 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65 72 2c 64
> >> > ....cn=Manager,d
> >> > 0010: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d
> >> > c=example,dc=com
> >> > 0020: 80 06 73 65 63 72 65 74
> >> > ..secret
> >> > ber_get_next: tag 0x30 len 46 contents:
> >> > ber_dump: buf=0x003451d0 ptr=0x003451d0 end=0x003451fe len=46
> >> > 0000: 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e
> >> > ...`).....cn=Man
> >> > 0010: 61 67 65 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c
> >> > ager,dc=example,
> >> > 0020: 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74
> >> > dc=com..secret
> >> > ber_get_next
> >> > ldap_read: want=8 error=Resource temporarily unavailable
> >> > ber_get_next on fd 13 failed errno=35 (Resource temporarily
> >> unavailable)
> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> > do_bind
> >> > ber_scanf fmt ({imt) ber:
> >> > ber_dump: buf=0x003451d0 ptr=0x003451d3 end=0x003451fe len=43
> >> > 0000: 60 29 02 01 03 04 1c 63 6e 3d 4d 61 6e 61 67 65
> >> > `).....cn=Manage
> >> > 0010: 72 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d
> >> > r,dc=example,dc=
> >> > 0020: 63 6f 6d 80 06 73 65 63 72 65 74
> >> > com..secret
> >> > ber_scanf fmt (m}) ber:
> >> > ber_dump: buf=0x003451d0 ptr=0x003451f6 end=0x003451fe len=8
> >> > 0000: 00 06 73 65 63 72 65 74
> >> > ..secret
> >> >>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
> >> > => ldap_bv2dn(cn=Manager,dc=example,dc=com,0)
> >> > <= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0
> >> > => ldap_dn2bv(272)
> >> > <= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0
> >> > => ldap_dn2bv(272)
> >> > <= ldap_dn2bv(cn=manager,dc=example,dc=com)=0
> >> > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>,
> >> > <cn=manager,dc=example,dc=com>
> >> > do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
> >> > conn=1 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128
> >> > ==> bdb_bind: dn: cn=Manager,dc=example,dc=com
> >> > bdb_dn2entry("cn=manager,dc=example,dc=com")
> >> > => bdb_dn2id("dc=example,dc=com")
> >> > <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair
> found
> >> > (-30990)
> >> > send_ldap_result: conn=1 op=0 p=3
> >> > send_ldap_result: err=49 matched="" text=""
> >> > send_ldap_response: msgid=1 tag=97 err=49
> >> > ber_flush: 14 bytes to sd 13
> >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
> >> > 0....a...1....
> >> > ldap_write: want=14, written=14
> >> > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00
> >> > 0....a...1....
> >> > conn=1 op=0 RESULT tag=97 err=49 text=
> >> > daemon: activity on 1 descriptor
> >> > daemon: activity on: 13r
> >> > daemon: read activity on 13
> >> > connection_get(13)
> >> > connection_get(13): got connid=1
> >> > connection_read(13): checking for input on id=1
> >> > ber_get_next
> >> > ldap_read: want=8, got=0
> >> >
> >> > ber_get_next on fd 13 failed errno=0 (Undefined error: 0)
> >> > connection_read(13): input error=-2 id=1, closing.
> >> > connection_closing: readying conn=1 sd=13 for close
> >> > connection_close: deferring conn=1 sd=13
> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> > daemon: activity on 1 descriptor
> >> > daemon: waked
> >> > daemon: select: listen=6 active_threads=0 tvp=NULL
> >> > daemon: select: listen=7 active_threads=0 tvp=NULL
> >> > connection_resched: attempting closing conn=1 sd=13
> >> > connection_close: conn=1 sd=13
> >> > daemon: removing 13
> >> > conn=1 fd=13 closed (connection lost)
> >> >
> >> > - Jon
> >> >
> >> > On Dec 21, 2007 10:54 AM, Gavin Henry <[EMAIL PROTECTED]>
> >> wrote:
> >> >
> >> >> <quote who="Jonathan Wage">
> >> >> > Here is my slapd.conf
> >> >> >
> >> >> > #
> >> >> > # See slapd.conf(5) for details on configuration options.
> >> >> > # This file should NOT be world readable.
> >> >> > #
> >> >> > include /private/etc/openldap/schema/core.schema
> >> >> >
> >> >> > # Define global ACLs to disable default read access.
> >> >> >
> >> >> > # Do not enable referrals until AFTER you have a working directory
> >> >> > # service AND an understanding of referrals.
> >> >> > #referral ldap://root.openldap.org
> >> >> >
> >> >> > pidfile /private/var/db/openldap/run/slapd.pid
> >> >> > argsfile /private/var/db/openldap/run/slapd.args
> >> >> >
> >> >> > # Load dynamic backend modules:
> >> >> > # modulepath /usr/libexec/openldap
> >> >> > # moduleload back_bdb.la
> >> >> > # moduleload back_ldap.la
> >> >> > # moduleload back_ldbm.la
> >> >> > # moduleload back_passwd.la
> >> >> > # moduleload back_shell.la
> >> >> >
> >> >> > # Sample security restrictions
> >> >> > # Require integrity protection (prevent hijacking)
> >> >> > # Require 112-bit (3DES or better) encryption for updates
> >> >> > # Require 63-bit encryption for simple bind
> >> >> > # security ssf=1 update_ssf=112 simple_bind=64
> >> >> >
> >> >> > # Sample access control policy:
> >> >> > # Root DSE: allow anyone to read it
> >> >> > # Subschema (sub)entry DSE: allow anyone to read it
> >> >> > # Other DSEs:
> >> >> > # Allow self write access
> >> >> > # Allow authenticated users read access
> >> >> > # Allow anonymous users to authenticate
> >> >> > # Directives needed to implement policy:
> >> >> > # access to dn.base="" by * read
> >> >> > # access to dn.base="cn=Subschema" by * read
> >> >> > # access to *
> >> >> > # by self write
> >> >> > # by users read
> >> >> > # by anonymous auth
> >> >> > #
> >> >> > # if no access controls are present, the default policy
> >> >> > # allows anyone and everyone to read anything but restricts
> >> >> > # updates to rootdn. (e.g., "access to * by * read")
> >> >> > #
> >> >> > # rootdn can always read and write EVERYTHING!
> >> >> >
> >> >> >
> >> #######################################################################
> >> >> > # BDB database definitions
> >> >> >
> >> #######################################################################
> >> >> >
> >> >> > database bdb
> >> >> > suffix "dc=example,dc=com"
> >> >> > rootdn "cn=Manager,dc=example,dc=com"
> >> >> > # Cleartext passwords, especially for the rootdn, should
> >> >> > # be avoid. See slappasswd(8) and slapd.conf(5) for details.
> >> >> > # Use of strong authentication encouraged.
> >> >> > rootpw secret
> >> >> > # The database directory MUST exist prior to running slapd AND
> >> >> > # should only be accessible by the slapd and slap tools.
> >> >> > # Mode 700 recommended.
> >> >> > directory /private/var/db/openldap/openldap-data
> >> >> > # Indices to maintain
> >> >> > index objectClass eq
> >> >> >
> >> >> >
> >> >> > Which logs are you referring to? The openldap log?
> >> >>
> >> >> Start slapd by hand with -d -1
> >> >>
> >> >> and then bind via ldapsearch.
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >> > --
> >> > Jonathan Wage
> >> > http://www.jwage.com
> >> > http://www.centresource.com
> >> >
> >>
> >>
> >
> >
> > --
> > Jonathan Wage
> > http://www.jwage.com
> > http://www.centresource.com
> >
>
>
--
Jonathan Wage
http://www.jwage.com
http://www.centresource.com
