Re: [OpenLDAP] Proxy OpenLDAP su Active directory

Marco Ristaino Thu, 25 Jun 2009 07:18:34 -0700

Ecco il log generato all'avvio del servizio e subito dopo quello generato
inoltrando una richiesta con ldapsearch


Grazie.

Jun 25 17:57:03 ASMlx033012 slapd[31729]: @(#) $OpenLDAP: slapd 2.3.43 (Jan
21 2009 03:53:11) $
mockbu...@builder16.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd

Jun 25 17:57:03 ASMlx033012 slapd[31729]: >>> dnNormalize:
<cn=proxy-ldap,ou=users,dc=domain,dc=com>
Jun 25 17:57:03 ASMlx033012 slapd[31729]: <<< dnNormalize:
<cn=proxy-ldap,ou=users,dc=domain,dc=com>
Jun 25 17:57:03 ASMlx033012 slapd[31729]: >>> dnNormalize: <cn=Subschema>
Jun 25 17:57:03 ASMlx033012 slapd[31729]: <<< dnNormalize: <cn=subschema>
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matching_rule_use_init
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     1.2.840.113556.1.4.804
(integerBitOrMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $
olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     1.2.840.113556.1.4.803
(integerBitAndMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $
olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     1.3.6.1.4.1.1466.109.114.2
(caseIgnoreIA5Match):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $
mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $
loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber
$ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     1.3.6.1.4.1.1466.109.114.1
(caseExactIA5Match):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $
mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $
loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber
$ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.35 (certificateMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.34
(certificateExactMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.30
(objectIdentifierFirstComponentMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.30 NAME
'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $
supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.29
(integerFirstComponentMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.29 NAME
'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $
gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $
olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $
olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $
olcDbConnectionPoolMax $ olcSpSessionlog $ mailPreferenceOption $
shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber
) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.27
(generalizedTimeMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.24
(protocolInformationMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.23 (uniqueMemberMatch):

Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.22
(presentationAddressMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.20
(telephoneNumberMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $
pager ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.17 (octetStringMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.16 (bitStringMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.14 (integerMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout
$ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $
olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.13 (booleanMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $
olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $
olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn
$ olcDbUseTemporaryConn $ olcSpNoPresent $ olcSpReloadHint ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.11
(caseIgnoreListMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.8 (numericStringMatch):

Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.7
(caseExactSubstringsMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.6
(caseExactOrderingMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.5 (caseExactMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $
olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $
olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile
$ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE
$ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateK
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.4
(caseIgnoreSubstringsMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.3
(caseIgnoreOrderingMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.2 (caseIgnoreMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $
olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $
olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile
$ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE
$ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificate
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     1.2.36.79672281.1.13.3
(rdnMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.1
(distinguishedNameMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $
seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $
olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ member $ owner $
roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $
dITRedirect ) )
Jun 25 17:57:03 ASMlx033012 slapd[31729]:     2.5.13.0
(objectIdentifierMatch):
Jun 25 17:57:03 ASMlx033012 slapd[31729]: matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
Jun 25 17:57:03 ASMlx033012 slapd[31730]: slapd startup: initiated.
Jun 25 17:57:03 ASMlx033012 slapd[31730]: backend_startup_one: starting
"cn=config"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_back_db_open
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry: "cn=config"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"cn=include{0}"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"cn=include{1}"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"cn=include{2}"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"cn=include{3}"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry: "cn=schema"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry: "cn={0}core"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry: "cn={1}cosine"

Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"cn={2}inetorgperson"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry: "cn={3}nis"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"olcDatabase={-1}frontend"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"olcDatabase={0}config"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: config_build_entry:
"olcDatabase={1}ldap"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: backend_startup_one: starting
"dc=domain,dc=com"
Jun 25 17:57:03 ASMlx033012 slapd[31730]: ldap_back_db_open:
URI=ldap://serverDC
Jun 25 17:57:03 ASMlx033012 slapd[31730]: slapd starting

Jun 25 17:58:19 ASMlx033012 slapd[31730]: >>> slap_listener(ldap:///)
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_get(9): got connid=0
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_read(9): checking for
input on id=0
Jun 25 17:58:19 ASMlx033012 slapd[31730]: do_bind
Jun 25 17:58:19 ASMlx033012 slapd[31730]: >>> dnPrettyNormal: <>
Jun 25 17:58:19 ASMlx033012 slapd[31730]: <<< dnPrettyNormal: <>, <>
Jun 25 17:58:19 ASMlx033012 slapd[31730]: do_bind: version=3 dn=""
method=128
Jun 25 17:58:19 ASMlx033012 slapd[31730]: send_ldap_result: conn=0 op=0 p=3
Jun 25 17:58:19 ASMlx033012 slapd[31730]: send_ldap_response: msgid=1 tag=97
err=0
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_get(9): got connid=0
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_read(9): checking for
input on id=0
Jun 25 17:58:19 ASMlx033012 slapd[31730]: do_bind: v3 anonymous bind
Jun 25 17:58:19 ASMlx033012 slapd[31730]: do_search
Jun 25 17:58:19 ASMlx033012 slapd[31730]: >>> dnPrettyNormal:
<cn=users,dc=domain,dc=com>
Jun 25 17:58:19 ASMlx033012 slapd[31730]: <<< dnPrettyNormal:
<cn=users,dc=domain,dc=com>, <cn=users,dc=domain,dc=p7o>
Jun 25 17:58:19 ASMlx033012 slapd[31730]: ==> limits_get: conn=0 op=1
dn="[anonymous]"
Jun 25 17:58:19 ASMlx033012 slapd[31730]: send_ldap_result: conn=0 op=1 p=3
Jun 25 17:58:19 ASMlx033012 slapd[31730]: send_ldap_response: msgid=2
tag=101 err=49
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_get(9): got connid=0
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_read(9): checking for
input on id=0
Jun 25 17:58:19 ASMlx033012 slapd[31730]: ber_get_next on fd 9 failed
errno=0 (Success)
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_closing: readying
conn=0 sd=9 for close
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_close: deferring conn=0
sd=-1
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_resched: attempting
closing conn=0 sd=9
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_close: deferring conn=0
sd=-1
Jun 25 17:58:19 ASMlx033012 slapd[31730]: do_unbind
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_resched: attempting
closing conn=0 sd=9
Jun 25 17:58:19 ASMlx033012 slapd[31730]: connection_close: conn=0 sd=-1
Jun 25 17:58:19 ASMlx033012 slapd[31730]: =>ldap_back_conn_destroy: fetching
conn 0

Il giorno 25 giugno 2009 16.06, Luca Scamoni <luca.scam...@sys-net.it> ha
scritto:

> Potrebbe aiutare vedere cosa scrive nei log openldap...
>
> ----- "Marco Ristaino" <marco.rista...@gmail.com> wrote:
>
> > Buongiorno a tutti,
> > ho configurato un ldap proxy per raccogliere tutte le richieste ldap e
> > inviarle al Domain Controller Windows 2003 Server.
> > la configurazione è la seguente:
> >
> > configurazione slapd.conf su proxyldap
> >
> > database        ldap
> > suffix          "dc=domain,dc=com"
> > lastmod         off
> > loglevel        any
> > uri             " ldap://serverDC/";
> >
> > idassert-bind   bindmethod=simple
> > binddn=" proxy-u...@domain.com "
> > credentials=lapassword
> > mode=self
> > idassert-authzFrom      dn.regex:.*
> >
> > Il tutto è configurato su di un server CentOS 5.2 e la versione del
> > pacchetto openldap-servers è la 2.3.27-8
> > (openldap-servers-2.3.27-8.el5_2.4.i386.rpm)
> > Aggiornando CentOS alla 5.3 viene installato il pacchetto
> > openldap-servers 2.3.43-3 (openldap-servers-2.3.43-3.el5.i386.rpm)
> > smette di funzionare il tutto.
> > Mi spiego meglio:
> > riavviando il servizio ldap mi compare il messaggio
> >
> > Checking configuration files for slapd:  invalid bind config value
> > binddn= u...@domain.com
> > slaptest: bad configuration file!
> > [FAILED]
> >
> > allora ho modificato il file slapd.conf sostituendo:
> >
> > binddn=" proxy-u...@domain.com " con
> > binddn="cn=proxy-user,ou=users,dc=domain,dc=com"
> >
> > a questo punto il servizio parte correttamente:
> >
> > Checking configuration files for slapd:  config file testing succeeded
> > [  OK  ]
> > Starting slapd:                                            [  OK  ]
> >
> > ma facendo un ldapsearch ricevo il seguente messaggio:
> >
> >
> > ldapsearch -x -b "cn=users,dc=domain,dc=com" -h 127.0.0.1 -s sub
> >
> >
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <cn=users,dc=domain,dc=com> with scope subtree
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
> >
> > # search result
> > search: 2
> > result: 49 Invalid credentials
> > text: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
> > error,
> > data 525, vece
> >
> > # numResponses: 1
> >
> > Qualcuno ha avuto lo stesso problema?
> > Sapete gentilmente aiutarmi?
> > Grazie.
> > Saluti.
> > --
> > -------------------------------------------
> > Marco Ristaino
> >
> >
> > _______________________________________________
> > OpenLDAP mailing list
> > OpenLDAP@mail.sys-net.it
> > https://www.sys-net.it/mailman/listinfo/openldap
>
>
> Ing. Luca Scamoni
> Responsabile Ricerca e Sviluppo
>
> SysNet s.r.l.
> Gruppo Partners Associates
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> -----------------------------------
> Office:  +39 0382 573859 (137)
> Fax:     +39 0382 476497
> Email:   luca.scam...@sys-net.it
> -----------------------------------
>
>


-- 
-------------------------------------------
Marco Ristaino
Mobile: +393485227666
Mail: marco.rista...@gmail.com
Msn: mrist...@msn.com

_______________________________________________
OpenLDAP mailing list
OpenLDAP@mail.sys-net.it
https://www.sys-net.it/mailman/listinfo/openldap

Re: [OpenLDAP] Proxy OpenLDAP su Active directory

Rispondere a