Please keep the discussion on-list so that others can find it
if they have similar problems.

On Tue, Aug 08, 2017 at 12:44:25PM +0200, R H wrote:
> Subject: Re: Openldap Configuration issues

> > No point in changing stuff without knowing what is going on.
> > Add this to your config and restart slapd:
> >        loglevel stats,stats2

> after setting loglevel to stats, stats2
> 
> Aug  8 05:40:18 docker slapd[2990]: daemon: read active on 14
> Aug  8 05:40:18 docker slapd[2990]: daemon: epoll: listen=9 active_threads=0
> tvp=zero
> Aug  8 05:40:18 docker slapd[2990]: daemon: epoll: listen=10 active_threads=0
> tvp=zero

No - something has set a different log level. You are seeing a lot of
connection-management and debug stuff rather than the query and
response summaries that you need.

You might do better to stop the server and run it manually. Something
like this:

        /usr/sbin/slapd -d stats,stats2 -h ldap:/// -g openldap -u openldap

What I am expecting to see looks more like this (from a Cyrus mailbox
server using LDAP via saslauthd):

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND anonymous 
mech=implicit ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND 
dn="cn=saslauthd,dc=ldap,dc=example,dc=com" method=128
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 BIND 
dn="cn=saslauthd,dc=ldap,dc=example,dc=com" mech=SIMPLE ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=103 RESULT tag=97 err=0 text=

That shows saslauthd connecting to LDAP and authenticating correctly.

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH 
base="dc=example,dc=com" scope=2 deref=0 filter="(uid=myusername)"
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SRCH attr=dn

That is the search to find the user account.

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 ENTRY 
dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=104 SEARCH RESULT tag=101 err=0 
nentries=1 text=

That shows the search result: the user entry is 
"uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"

Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND anonymous 
mech=implicit ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND 
dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
 method=128
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 BIND 
dn="uniqueIdentifier=1405431085.7365.0,associatedDomain=example.co.uk,ou=domains,dc=example,dc=com"
 mech=SIMPLE ssf=0
Aug  8 17:48:33 owl slapd[616]: conn=1282270 op=105 RESULT tag=97 err=0 text=

Finally the password is checked by binding to LDAP using the account DN and 
password as credentials.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Reply via email to