> check your suffixmassage rules and compare to the rewritten suffix.
Sorry, now with the right congig bellow, suffixmassage and rewritten suffix
matchs, but the problem still the same
-----------------------------------------------------------
Hello,
now I extended the schema and filter appears without of "?", but my problem
still not solved:
slapd[20876]: ber_get_next on fd 8 failed errno=0 (Success)
slapd[20876]: connection_read(8): input error=-2 id=1001, closing. Nov 28
20:27:39 walrhel5
If I send the same search with various LDAP-Browsers (Softerra, LDP,
Perlscript...), all is OK.
I tried witch OpenLDAP version: 2.4.26 and 2.4.28
FullLog:
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: conn=1001 fd=8 ACCEPT from
IP=10.28.113.34:53476 (IP=0.0.0.0:389)
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: connection_get(8)
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: connection_get(8): got
connid=1001
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: connection_read(8): checking
for input on id=1001
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: op tag 0x60, time 1322601831
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: conn=1001 op=0 do_bind
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: >>> dnPrettyNormal:
<cn=metaguru,dc=meta,dc=pov>
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: <<< dnPrettyNormal:
<cn=metaguru,dc=meta,dc=pov>, <cn=metaguru,dc=meta,dc=pov>
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: conn=1001 op=0 BIND
dn="cn=metaguru,dc=meta,dc=pov" method=128
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: do_bind: version=3
dn="cn=metaguru,dc=meta,dc=pov" method=128
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: conn=1001 op=0 meta_back_bind:
dn="cn=metaguru,dc=meta,dc=pov".
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: conn=1001 op=0:
rootdn="cn=metaguru,dc=meta,dc=pov" bind succeeded
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: conn=1001 op=0 BIND
dn="cn=metaguru,dc=meta,dc=pov" mech=SIMPLE ssf=0
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: do_bind: v3 bind:
"cn=metaguru,dc=meta,dc=pov" to "cn=metaguru,dc=meta,dc=pov"
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: send_ldap_result: conn=1001
op=0 p=3
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: send_ldap_result: err=0
matched="" text=""
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: send_ldap_response: msgid=1
tag=97 err=0
Nov 29 22:23:51 despcdarmradtest01 slapd[20876]: conn=1001 op=0 RESULT tag=97
err=0 text=
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: connection_get(8)
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: connection_get(8): got
connid=1001
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: connection_read(8): checking
for input on id=1001
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: op tag 0x63, time 1322601833
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 do_search
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: >>> dnPrettyNormal:
<dc=meta,dc=pov>
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: <<< dnPrettyNormal:
<dc=meta,dc=pov>, <dc=meta,dc=pov>
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: SRCH "dc=meta,dc=pov" 0 3
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: 0 0 0
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: begin get_filter
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: AND
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: begin get_filter_list
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: begin get_filter
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: EQUALITY
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: end get_filter 0
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: begin get_filter
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: NOT
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: begin get_filter
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: EQUALITY
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: end get_filter 0
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: end get_filter 0
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: end get_filter_list
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: end get_filter 0
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: filter:
(&(objectClass=user)(!(objectClass=computer)))
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: => get_ctrls
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: => get_ctrls:
oid="2.16.840.1.113730.3.4.2" (noncritical)
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: <= get_ctrls: n=1 rc=0 err=""
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: attrs:
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 SRCH
base="dc=meta,dc=pov" scope=0 deref=3
filter="(&(objectClass=user)(!(objectClass=computer)))"
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1:
meta_back_getconn[0]
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1:
meta_back_getconn[1]
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1
meta_back_getconn: candidates=2 conn=ROOTDN fetched
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 >>>
meta_back_search_start[0]
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 >>>
meta_search_dobind_init[0]
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 <<<
meta_search_dobind_init[0]=1
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply
[depth=1] string='dc=meta,dc=pov'
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_rule_apply
rule='((.+),)?dc=meta,[ ]?dc=pov$' string='dc=meta,dc=pov' [1 pass(es)]
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply
[depth=1] res={0,'dc=spcdom,dc=udb'}
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: [rw] searchBase:
"dc=meta,dc=pov" -> "dc=spcdom,dc=udb"
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply
[depth=1] string='(&(objectClass=user)(!(objectClass=computer)))'
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply
[depth=1] res={0,'NULL'}
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: [rw] searchFilter:
"(&(objectClass=user)(!(objectClass=computer)))" ->
"(&(objectClass=user)(!(objectClass=computer)))"
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 <<<
meta_back_search_start[0]=1
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 >>>
meta_back_search_start[1]
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 >>>
meta_search_dobind_init[1]
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 <<<
meta_search_dobind_init[1]=1
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply
[depth=1] string='dc=meta,dc=pov'
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_rule_apply
rule='((.+),)?dc=meta,[ ]?dc=pov$' string='dc=meta,dc=pov' [1 pass(es)] Nov 29
22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply [depth=1]
res={0,'dc=metdom,dc=net'}
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: [rw] searchBase:
"dc=meta,dc=pov" -> "dc=metdom,dc=net"
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply
[depth=1] string='(&(objectClass=user)(!(objectClass=computer)))'
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: ==> rewrite_context_apply
[depth=1] res={0,'NULL'}
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: [rw] searchFilter:
"(&(objectClass=user)(!(objectClass=computer)))" ->
"(&(objectClass=user)(!(objectClass=computer)))"
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 <<<
meta_back_search_start[1]=1
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1
meta_back_search: ncandidates=2 cnd="**"
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1
meta_back_search[0] match="" err=0.
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1
meta_back_search[1] match="" err=0.
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: send_ldap_result: conn=1001
op=1 p=3
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: send_ldap_result: err=0
matched="" text=""
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: send_ldap_response: msgid=2
tag=101 err=0
Nov 29 22:23:53 despcdarmradtest01 slapd[20876]: conn=1001 op=1 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: connection_get(8)
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: connection_get(8): got
connid=1001
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: connection_read(8): checking
for input on id=1001
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: op tag 0x42, time 1322601835
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: ber_get_next on fd 8 failed
errno=0 (Success)
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: connection_read(8): input
error=-2 id=1001, closing.
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: connection_closing: readying
conn=1001 sd=8 for close
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: connection_close: deferring
conn=1001 sd=8
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: conn=1001 op=2 do_unbind
Nov 29 22:23:55 despcdarmradtest01 slapd[20876]: conn=1001 op=2 UNBIND
Kind regards
Waldemar
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]]
Gesendet: Dienstag, 29. November 2011 12:42
An: Siebert, Waldemar
Cc: [email protected]
Betreff: Re: CUCM search
> Hello,
>
> I'v implemented a OpenLDAP Metadirectory that proxying 2 Microsft AD
> targets.
...
> Nov 28 20:27:39 walrhel5 slapd[7447]: filter:
> (&(?objectClass=user)(!(?objectClass=Computer)))
The objectClasses "user" and "computer" are unknown. They need to be defined
in the proxy's schema.
p.
##########################################################################################
Hello,
I'v implemented a OpenLDAP Metadirectory that proxying 2 Microsft AD targets.
Cisco Unified Call Manager (CUCM) sends a rather simpy query:
(&(objectclass=user)(!(objectclass=Computer)))
If CUCM connects AD server directly, all is OK, gets a search result. But
sending this search to Meta, does not work.
Log:
Nov 28 20:27:39 walrhel5 slapd[7447]: ber_get_next on fd 10 failed errno=0
(Success) Nov 28 20:27:39 walrhel5 slapd[7447]: connection_read(10): input
error=-2 id=1000, closing.
If I send the same search with various LDAP-Browsers (Softerra, LDP,
Perlscript...), all is OK.
I tried witch OpenLDAP version: 2.4.26 and 2.4.28
My config:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/ts_ext.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
loglevel -1
#######################################################################
database meta
lastmod off
suffix "dc=meta,dc=pov"
rootdn "cn=metaguru,dc=meta,dc=pov"
rootpw Makaka77
uri "ldap://10.28.4.37:389/dc=meta,dc=pov";
suffixmassage "dc=meta,dc=pov" "dc=spcdom,dc=udb"
idassert-authzFrom "dn:*"
idassert-bind bindmethod=simple
binddn="cn=radiator,cn=Users,dc=spcdom,dc=udb"
credentials="Makaka77"
mode=none
uri "ldap://10.28.4.39:389/dc=meta,dc=pov";
suffixmassage "dc=meta,dc=pov" "dc=metdom,dc=net"
idassert-authzFrom "dn:*"
idassert-bind bindmethod=simple
binddn="cn=predator,cn=Users,dc=metdom,dc=net"
credentials="Makaka99"
mode=none
