AbcLinuxu:/ Poradna / Linuxová poradna / FreeBSD OpenLDAP nelze připojit

Štítky: BIND, BSD, cat, debugging, DNS, FreeBSD, Internet, konzole, LDAP, PAM, password, PHP, programování, server, SHA, SSH, Su, switch, test

Dotaz: FreeBSD OpenLDAP nelze připojit

14.6.2010 13:02 Martin
FreeBSD OpenLDAP nelze připojit

Přečteno: 1977×

Odpovědět | Admin

Dobrý den, snažím se rozjet OpenLDAP server a nedaří se mi. V podstatě jsem postupoval dle tohoto návodu, http://www.root.cz/clanky/poznamky-k-ldap/ Jen podotýkám že je vše postavené na FreeBSD 8.0. Tady jsou mé konfiguráky:

cat /usr/local/etc/openldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE	dc=test, dc=cz
URI	ldap://127.0.0.1/ 
#ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never
#

cat /usr/local/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

#loglevel 255 # pro debugging, do logu se dostane takka ve. Pozdji snite.

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath	/usr/local/libexec/openldap
moduleload	back_bdb
# moduleload	back_ldap
# moduleload	back_ldbm
# moduleload	back_passwd
# moduleload	back_shell

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#allow bind_v2  
# abyste mohli pouvat LDAP funkce PHP
password-hash {SSHA} 
# nebo njakou jinou; vyberte si z SMD5, SHA, SSHA, CRYPT

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"dc=test,dc=cz"
rootdn		"cn=root,dc=test,dc=cz"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		{SSHA}GPtyCSYW9X9+Qsx8FKGNehYjFjjQePdt
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/var/db/openldap-data
# Indices to maintain
index	objectClass	eq
#

cat /usr/local/etc/ldap.conf 
suffix  "dc=test, dc=cz"
host 127.0.0.1
#uri ldaps://ldap.test.cz/
pam_password md5

ldap_version 3
bind_policy             soft
pam_filter              objectclass=posixAccount
pam_login_attribute     uid
pam_member_attribute    memberuid

nss_base_passwd ou=People,dc=test,dc=cz
nss_base_shadow ou=People,dc=test,dc=cz
nss_base_group  ou=Group,dc=test,dc=cz

#nss_reconnect_sleeptime
#nss_reconnect_maxsleeptime
#nss_reconnect_maxconntries directives

scope one

cat /etc/pam.d/system 
#%PAM-1.0

auth            required        pam_env.so
auth            sufficient      pam_unix.so likeauth nullok
auth            sufficient      /usr/local/lib/pam_ldap.so use_first_pass
auth            required        pam_deny.so

account         required        pam_unix.so
account         sufficient      /usr/local/lib/pam_ldap.so

password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password        sufficient      pam_unix.so nullok md5 shadow use_authtok
password        sufficient      /usr/local/lib/pam_ldap.so use_authtok
password        required        pam_deny.so

session         required        pam_limits.so
session         required        pam_unix.so
session         optional        /usr/local/lib/pam_ldap.so

cat /etc/pam.d/sshd 
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth		sufficient	pam_opie.so		no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so	no_warn allow_local
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth 		sufficient 	/usr/local/lib/pam_ldap.so no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account 	required	pam_krb5.so
account		required	pam_login_access.so
account sufficient /usr/local/lib/pam_ldap.so
account		required	pam_unix.so

# session
#session 	optional	pam_ssh.so
session sufficient /usr/local/lib/pam_ldap.so
session		required	pam_permit.so

# password
#password	sufficient	pam_krb5.so		no_warn try_first_pass
password sufficient /usr/local/lib/pam_ldap.so
password	required	pam_unix.so		no_warn try_first_pass

cat /etc/nsswitch.conf 
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

Po nastartování OpenLDAP mi vyhodí do logu:

Jun 14 12:11:49 freebsd sshd[5132]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Jun 14 12:11:49 freebsd sshd[5132]: pam_ldap: reconnecting to LDAP server...
Jun 14 12:11:49 freebsd sshd[5132]: pam_ldap: ldap_simple_bind Can't contact LDAP server

pokud se snažím připojit pomocí ssh tak:

sshd[5132]: in _openpam_check_error_code(): pam_sm_acct_mgmt(): unexpected return value 12

a pokud pomocí su z konzole tak:

su root
su: pam_start: system error

Mohl by mi někdo poradit co dělám špatně? Uživatele mám převedené pomocí scriptů. A pokud zadám ldapsearch -x -D "cn=root,dc=test,dc=cz" -W tak to taky správně vše vypíše.

Nástroje: Začni sledovat (0) ?

Odpovědi

14.6.2010 19:07 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Odkomentuj řádek loglevel, nastav na 255, spusť openldap server, zkus se přihlásit a pak pošli log.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 19:33 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Takže log zapnutý, udělal jsem to že se připojuji na pomocí SSH na server jako root.

auth.log
Jun 14 19:28:54 freebsd sshd[5261]: pam_ldap: error trying to bind as user "uid=root,ou=People,dc=test,dc=cz" (Invalid credentials)
Jun 14 19:28:54 freebsd sshd[5259]: Accepted keyboard-interactive/pam for root from 192.168.56.1 port 40699 ssh2

debug.log
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=sshd,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=sshd,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=sshd,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=smmsp,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=smmsp,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=smmsp,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=mailnull,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=mailnull,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=mailnull,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=guest,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=guest,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=guest,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=bind,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=bind,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=bind,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=proxy,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=proxy,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=proxy,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=authpf,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=authpf,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=authpf,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=_pflogd,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_pflogd,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=_dhcp,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=_dhcp,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=uucp,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=uucp,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=uucp,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=dialer,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=dialer,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=dialer,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=network,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=network,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=network,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=audit,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=audit,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=audit,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=www,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=www,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=www,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=nogroup,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=nogroup,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nogroup,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=nobody,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=nobody,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=nobody,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=ldap,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=ldap,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=ldap,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=freeradius,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=freeradius,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=freeradius,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=pheek,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=pheek,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=pheek,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     AND
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter_and
Jun 14 19:30:07 freebsd slapd[5211]: => test_filter
Jun 14 19:30:07 freebsd slapd[5211]:     EQUALITY
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access to "cn=test,ou=Group,dc=test,dc=cz" "objectClass" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default search access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: search access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter_and 6
Jun 14 19:30:07 freebsd slapd[5211]: <= test_filter 6
Jun 14 19:30:07 freebsd slapd[5211]: => send_search_entry: conn 10 dn="cn=test,ou=Group,dc=test,dc=cz"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "entry" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "cn" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "userPassword" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access to "cn=test,ou=Group,dc=test,dc=cz" "gidNumber" requested
Jun 14 19:30:07 freebsd slapd[5211]: => slap_access_allowed: backend default read access granted to "(anonymous)"
Jun 14 19:30:07 freebsd slapd[5211]: => access_allowed: read access granted by read(=rscxd)
Jun 14 19:30:07 freebsd slapd[5211]: <= send_search_entry: conn 10 exit.
Jun 14 19:30:07 freebsd slapd[5211]: send_paged_response: lastid=0x00000000 nentries=33
Jun 14 19:30:07 freebsd slapd[5211]: send_ldap_result: conn=10 op=1 p=3
Jun 14 19:30:07 freebsd slapd[5211]: send_ldap_result: err=0 matched="" text=""
Jun 14 19:30:07 freebsd slapd[5211]: send_ldap_response: msgid=2 tag=101 err=0
Jun 14 19:30:07 freebsd slapd[5211]: daemon: activity on 1 descriptor
Jun 14 19:30:07 freebsd slapd[5211]: daemon: activity on:
Jun 14 19:30:07 freebsd slapd[5211]:  11r
Jun 14 19:30:07 freebsd slapd[5211]: 
Jun 14 19:30:07 freebsd slapd[5211]: daemon: read activity on 11
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: connection_get(11)
Jun 14 19:30:07 freebsd slapd[5211]: connection_get(11): got connid=10
Jun 14 19:30:07 freebsd slapd[5211]: connection_read(11): checking for input on id=10
Jun 14 19:30:07 freebsd slapd[5211]: ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
Jun 14 19:30:07 freebsd slapd[5211]: connection_read(11): input error=-2 id=10, closing.
Jun 14 19:30:07 freebsd slapd[5211]: connection_closing: readying conn=10 sd=11 for close
Jun 14 19:30:07 freebsd slapd[5211]: daemon: activity on 1 descriptor
Jun 14 19:30:07 freebsd slapd[5211]: daemon: waked
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 14 19:30:07 freebsd slapd[5211]: connection_close: conn=10 sd=11
Jun 14 19:30:07 freebsd slapd[5211]: daemon: removing 11

messages
Jun 14 19:28:54 freebsd sshd[5261]: pam_ldap: error trying to bind as user "uid=root,ou=People,dc=test,dc=cz" (Invalid credentials)

14.6.2010 19:39 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Bylo by možný poslat ten debug log od stejného časového údaje, jaký je uveden u toho chybného přihlášení? Tj. Jun 14 19:28:54 nebo o pár vteřin dřív? Mám určité tušení…

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 19:47 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

degug.log (139216 bytů)

Posílám.

14.6.2010 19:57 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Takže, chybka bude někde tady:


Jun 14 19:28:54 freebsd slapd[5211]: >>> dnPrettyNormal: uid=root,ou=People,dc=test,dc=cz
Jun 14 19:28:54 freebsd slapd[5211]: <<< dnPrettyNormal: uid=root,ou=People,dc=test,dc=cz, uid=root,ou=people,dc=test,dc=cz
Jun 14 19:28:54 freebsd slapd[5211]: do_bind: version=3 dn="uid=root,ou=People,dc=test,dc=cz" method=128
Jun 14 19:28:54 freebsd slapd[5211]: ==> bdb_bind: dn: uid=root,ou=People,dc=test,dc=cz
Jun 14 19:28:54 freebsd slapd[5211]: bdb_dn2entry("uid=root,ou=people,dc=test,dc=cz")
Jun 14 19:28:54 freebsd slapd[5211]: => access_allowed: auth access to "uid=root,ou=People,dc=test,dc=cz" "userPassword" requested
Jun 14 19:28:54 freebsd slapd[5211]: => slap_access_allowed: backend default auth access granted to "(anonymous)"
Jun 14 19:28:54 freebsd slapd[5211]: => access_allowed: auth access granted by read(=rscxd)
Jun 14 19:28:54 freebsd slapd[5211]: send_ldap_result: conn=8 op=3 p=3
Jun 14 19:28:54 freebsd slapd[5211]: send_ldap_result: err=49 matched="" text=""
Jun 14 19:28:54 freebsd slapd[5211]: send_ldap_response: msgid=4 tag=97 err=49

Přesněji řečeno ta chyba 49. Pohledem do dokumentace jsem zjistil, že err=49 znamená LDAP_INVALID_CREDENTIALS, nicméně je to u uživatele, skrze kterého se snažíte připojit k LDAP serveru, nikoliv kterého se snažíte autentifikovat. Mohl byste zaslat ještě konfigurák k tomu ldap PAM modulu?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:00 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Mod děkuji za pomoc, já už vyzkoušel všechno co jsem mohl ale nic nepomohlo, tady je konfigurák:

cat ldap.conf 
host 127.0.0.1
suffix  "dc=test, dc=cz"

uri ldap://127.0.0.1
pam_password md5

ldap_version 3
bind_policy             soft
pam_filter              objectclass=posixAccount
pam_login_attribute     uid
pam_member_attribute    memberuid

nss_base_passwd ou=People,dc=test,dc=cz
nss_base_shadow ou=People,dc=test,dc=cz
nss_base_group  ou=Group,dc=test,dc=cz

scope one

14.6.2010 20:06 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Prima. Zkuste do toho souboru dopsat řádky
binddn "cn=root,dc=test,dc=cz"
bindpw {SSHA}GPtyCSYW9X9+Qsx8FKGNehYjFjjQePdt
Pak to bude chtít asi restartovat PAM subsystém.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:22 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Takže jsem přidal, výsledek po restartu je:

debug.log
Jun 14 20:18:37 freebsd slapd[5685]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcT
Jun 14 20:18:37 freebsd slapd[5685]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olc
Jun 14 20:20:10 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:10 freebsd slapd[5686]: send_ldap_response: msgid=1 tag=97 err=34
Jun 14 20:20:10 freebsd slapd[5686]: ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
Jun 14 20:20:10 freebsd slapd[5686]: connection_read(11): input error=-2 id=0, closing.
Jun 14 20:20:10 freebsd slapd[5686]: connection_close: deferring conn=0 sd=11

Nevím jak v freebsd restartovat pam, ostatní logy mlčí. Při pokus se přihlásit:

debug.log
Jun 14 20:20:39 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:39 freebsd slapd[5686]: send_ldap_response: msgid=1 tag=97 err=34
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_response: msgid=2 tag=97 err=34
Jun 14 20:20:41 freebsd slapd[5686]: ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
Jun 14 20:20:41 freebsd slapd[5686]: connection_read(11): input error=-2 id=1, closing.
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_result: err=34 matched="" text="invalid DN"
Jun 14 20:20:41 freebsd slapd[5686]: send_ldap_response: msgid=1 tag=97 err=34

auth.log
Jun 14 20:20:39 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)
Jun 14 20:20:41 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)
Jun 14 20:20:41 freebsd sshd[5689]: Accepted keyboard-interactive/pam for root from 192.168.56.1 port 60097 ssh2
Jun 14 20:20:41 freebsd sshd[5692]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Invalid DN syntax

message
Jun 14 20:18:37 freebsd slapd[5685]: nss_ldap: could not search LDAP server - Server is unavailable
Jun 14 20:20:39 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)
Jun 14 20:20:41 freebsd sshd[5691]: pam_ldap: error trying to bind (Invalid DN syntax)

14.6.2010 20:28 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Okey, tak zkuste ten binddn zapsat bez uvozovek a taky zkuste to bindpw zadat nezašifrované, tedy v plaintextu (je to to heslo, co máte jako admin do LDAP). Nejsem si právě jist, v jakém tvaru to má být zapsané.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:42 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

debug.log (136017 bytů)

Bez uvozovek je to o něco lepší ale stále to nefunguje. Zkusil jsme i plaintext ale to je stejné jako když tam dám SSHA Log po restartu:

debug.log
Jun 14 20:31:29 freebsd slapd[5754]: daemon: shutdown requested and initiated.
Jun 14 20:31:29 freebsd slapd[5754]: daemon: closing 6
Jun 14 20:31:29 freebsd slapd[5754]: daemon: closing 7
Jun 14 20:31:29 freebsd slapd[5754]: slapd shutdown: waiting for 0 operations/tasks to finish
Jun 14 20:31:29 freebsd slapd[5754]: slapd shutdown: initiated
Jun 14 20:31:29 freebsd slapd[5754]: ====> bdb_cache_release_all
Jun 14 20:31:29 freebsd slapd[5754]: slapd destroy: freeing system resources.
Jun 14 20:31:29 freebsd slapd[5754]: slapd stopped.
Jun 14 20:31:29 freebsd slapd[5797]: @(#) $OpenLDAP: slapd 2.4.18 (Sep  9 2009 07:45:36) $ 	root@freebsd.org:/work/a/ports/net/openldap24-server/work/openldap-2.4.18/servers/slapd
Jun 14 20:31:29 freebsd slapd[5797]: line 18 (pidfile		/var/run/openldap/slapd.pid)
Jun 14 20:31:29 freebsd slapd[5797]: line 19 (argsfile	/var/run/openldap/slapd.args)
Jun 14 20:31:29 freebsd slapd[5797]: line 22 (modulepath	/usr/local/libexec/openldap)
Jun 14 20:31:29 freebsd slapd[5797]: line 23 (moduleload	back_bdb)
Jun 14 20:31:29 freebsd slapd[5797]: loaded module back_bdb
Jun 14 20:31:29 freebsd slapd[5797]: bdb_back_initialize: initialize BDB backend
Jun 14 20:31:29 freebsd slapd[5797]: bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
Jun 14 20:31:29 freebsd slapd[5797]: module back_bdb: null module registered
Jun 14 20:31:29 freebsd slapd[5797]: line 53 (password-hash {SSHA})
Jun 14 20:31:29 freebsd slapd[5797]: line 59 (database	bdb)
Jun 14 20:31:29 freebsd slapd[5797]: bdb_db_init: Initializing BDB database
Jun 14 20:31:29 freebsd slapd[5797]: line 60 (suffix		"=test,=cz")
Jun 14 20:31:29 freebsd slapd[5797]: >>> dnPrettyNormal: <=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: <<< dnPrettyNormal: <=test,=cz>, <=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: line 61 (rootdn		"=root,=test,=cz")
Jun 14 20:31:29 freebsd slapd[5797]: >>> dnPrettyNormal: <=root,=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: <<< dnPrettyNormal: <=root,=test,=cz>, <=root,=test,=cz>
Jun 14 20:31:29 freebsd slapd[5797]: line 65 (rootpw ***)
Jun 14 20:31:29 freebsd slapd[5797]: line 69 (directory	/var/db/openldap-data)
Jun 14 20:31:29 freebsd slapd[5797]: line 71 (index	objectClass	eq)
Jun 14 20:31:29 freebsd slapd[5797]: index objectClass 0x0004
Jun 14 20:31:29 freebsd slapd[5797]: >>> dnNormalize: <=Subschema>
Jun 14 20:31:29 freebsd slapd[5797]: <<< dnNormalize: <=subschema>
Jun 14 20:31:29 freebsd slapd[5797]: matching_rule_use_init
Jun 14 20:31:29 freebsd slapd[5797]:     1.2.840.113556.1.4.804 (integerBitOrMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     1.2.840.113556.1.4.803 (integerBitAndMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $  $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ AMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
Jun 14 20:31:29 freebsd slapd[5797]:     1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $  $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ AMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.39 (certificateListMatch): 
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.38 (certificateListExactMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.35 (certificateMatch): 
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.34 (certificateExactMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.30 (objectIdentifierFirstComponentMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.29 (integerFirstComponentMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.27 (generalizedTimeMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.24 (protocolInformationMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.23 (uniqueMemberMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.22 (presentationAddressMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.20 (telephoneNumberMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.17 (octetStringMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.16 (bitStringMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.14 (integerMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcSpSessionlog $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.13 (booleanMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSpNoPresent $ olcSpReloadHint $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.11 (caseIgnoreListMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.8 (numericStringMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.7 (caseExactSubstringsMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.6 (caseExactOrderingMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.5 (caseExactMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $  $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcT
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.4 (caseIgnoreSubstringsMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.3 (caseIgnoreOrderingMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.2 (caseIgnoreMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $  $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olc
Jun 14 20:31:29 freebsd slapd[5797]:     1.2.36.79672281.1.13.3 (rdnMatch): 
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.1 (distinguishedNameMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcRelay $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect ) )
Jun 14 20:31:29 freebsd slapd[5797]:     2.5.13.0 (objectIdentifierMatch): 
Jun 14 20:31:29 freebsd slapd[5797]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )
Jun 14 20:31:29 freebsd slapd[5798]: slapd startup: initiated.
Jun 14 20:31:29 freebsd slapd[5798]: backend_startup_one: starting "=config"
Jun 14 20:31:29 freebsd slapd[5798]: config_back_db_open
Jun 14 20:31:29 freebsd slapd[5798]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "=config"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "=module{0}"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "=schema"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={0}core"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={1}cosine"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={2}inetorgperson"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "={3}nis"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "olcDatabase={-1}frontend"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "olcDatabase={0}config"
Jun 14 20:31:29 freebsd slapd[5798]: config_build_entry: "olcDatabase={1}bdb"
Jun 14 20:31:29 freebsd slapd[5798]: backend_startup_one: starting "=test,=cz"
Jun 14 20:31:29 freebsd slapd[5798]: bdb_db_open: "=test,=cz"
Jun 14 20:31:29 freebsd slapd[5798]: bdb_db_open: database "=test,=cz": dbenv_open(/var/db/openldap-data).
Jun 14 20:31:29 freebsd slapd[5798]: slapd starting
Jun 14 20:31:29 freebsd slapd[5798]: daemon: added 4r listener=0x0
Jun 14 20:31:29 freebsd slapd[5798]: daemon: added 6r listener=0x8019450c0
Jun 14 20:31:29 freebsd slapd[5798]: daemon: added 7r listener=0x801945180
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 14 20:31:29 freebsd slapd[5798]: daemon: activity on 1 descriptor
Jun 14 20:31:29 freebsd slapd[5798]: daemon: waked
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 14 20:31:29 freebsd slapd[5798]: daemon: select: listen=7 active_threads=0 tvp=NULL

Log debug je zase přílohou a je to už při pokusu o přihlášení.

auth.log
Jun 14 20:34:03 freebsd sshd[5813]: pam_ldap: error trying to bind as user "uid=root,ou=People,=test,=cz" (Invalid credentials)
Jun 14 20:34:03 freebsd sshd[5811]: Accepted keyboard-interactive/pam for root from 192.168.56.1 port 41477 ssh2

message
Jun 14 20:34:03 freebsd sshd[5813]: pam_ldap: error trying to bind as user "uid=root,ou=People,=test,=cz" (Invalid credentials)

14.6.2010 20:53 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Hmm, tak už mě napadá jen jedna věc. A to že jsou špatně nastavená oprávnění. Tudíž bych zkusil zakomentovat ty dva řádky, co jsi zadal a vrátil se zpátky k slapd.conf a zkusil tam dát


access to attrs=userPassword
 	by dn="cn=root,dc=test,dc=cz" write
 	by anonymous auth
 	by self write
 	by * none

access to attrs=uidNumber,gidNumber,uid,homeDirectory
 	by dn="cn=root,dc=test,dc=cz" write
 	by self read
 	by * read

access to *
 	by dn="cn=root,dc=test,dc=cz" write
 	by self write
 	by * read

Ve zkratce. V první sekci se nastavuje, že k userPasswd bude mít R/W práva root a samotný uživatel, anonymous bude mít možnost čtení a ostatní se k němu nedostanou. Atributy uidNumber,gidNumber,uid,homeDirectory budou R/W pro roota, pro uživatele pro čtení a pro ostatní pro čtení. Ostatní atributy budou R/W přístupny pro roota, pro uživatele a pro ostatní jen pro čtení.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:55 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

A nakonec… máš povolené přihlášení roota přes SSH?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 20:56 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Odpovím si sám. Máš. :-)

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:06 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

JJ povolený mám, protože přes pam se tam přihlásím, jak vůbec zjistím přes co se tam uživatel dostal? Ty poslední kroky jsem vyzkoušel a nic, pořád stejné, už si s tím nevím rady, přece to nějak fungovat musí. Uživatele jsem vytvořil pomoci MigrationTools-47, takže tam ten uživatel root musí být. I jiní uživatelé která v systému jsou a vzal jsem je do LDAP nejedou. :(

14.6.2010 21:11 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Bylo by možné zkusit u nějakého uživatele změnit LDAP heslo a pak se znovu přihlásit?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:16 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

A zkus ještě změnit loglevel na 384 a restartovat openldap a přihlásit se. A pak zase oblíbené kolečko s logy :-)

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:23 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Nechci být za hňupa, ale jak zmenit heslo nějakému uživateli v LDAP, když nemám nainstalované nějaké klikátko :) Jinak log jsem zvedl a je to zajimavé:

debug.log
Jun 14 21:21:33 freebsd slapd[1562]: @(#) $OpenLDAP: slapd 2.4.18 (Sep  9 2009 07:45:36) $ 	root@freebsd.org:/work/a/ports/net/openldap24-server/work/openldap-2.4.18/servers/slapd
Jun 14 21:21:33 freebsd slapd[1563]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
Jun 14 21:21:33 freebsd slapd[1563]: slapd starting

14.6.2010 21:24 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

následně se v logu ukazalo toto:

Jun 14 21:22:08 freebsd slapd[1563]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:36857 (IP=127.0.0.1:389)
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 op=0 RESULT tag=97 err=49 text=
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 op=1 UNBIND
Jun 14 21:22:08 freebsd slapd[1563]: conn=0 fd=11 closed
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 op=0 RESULT tag=97 err=49 text=
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 fd=12 ACCEPT from IP=127.0.0.1:23152 (IP=127.0.0.1:389)
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 op=1 UNBIND
Jun 14 21:22:08 freebsd slapd[1563]: conn=1 fd=12 closed

14.6.2010 21:28 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Nevím, co máš přesně za konzolové nástroje, ale dalo by se to udělat kupříkladu přes Apache Directory Studio (klient pro Win). A nebo zkusit ldapmodify? Nevím, k produkčnímu serveru se teďka nedostanu, a je to dlouho, co jsem něco takového použil.

Pošli zase část logu, když se přihlašuješ. Je tam něco shnilého s ACL.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:34 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

tady je další část logu po přihlášení:

debug.log
Jun 14 21:32:11 freebsd slapd[1723]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:56043 (IP=127.0.0.1:389)
Jun 14 21:32:11 freebsd slapd[1723]: conn=0 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:11 freebsd slapd[1723]: conn=0 op=0 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=0 op=1 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:13 freebsd slapd[1723]: conn=0 op=1 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=0 fd=11 closed (connection lost)
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 fd=11 ACCEPT from IP=127.0.0.1:25834 (IP=127.0.0.1:389)
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 op=0 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 op=1 UNBIND
Jun 14 21:32:13 freebsd slapd[1723]: conn=1 fd=11 closed
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 fd=11 ACCEPT from IP=127.0.0.1:40514 (IP=127.0.0.1:389)
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 op=0 BIND dn="cn=root,dc=test,dc=cz" method=128
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 op=0 RESULT tag=97 err=49 text=
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 op=1 UNBIND
Jun 14 21:32:13 freebsd slapd[1723]: conn=2 fd=11 closed

auth.log
Jun 14 21:32:11 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1724]: Accepted keyboard-interactive/pam for test from 192.168.56.1 port 48165 ssh2
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Invalid credentials
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Invalid credentials
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: could not search LDAP server - Server is unavailable

message
Jun 14 21:32:11 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1726]: pam_ldap: error trying to bind (Invalid credentials)
Jun 14 21:32:13 freebsd sshd[1727]: nss_ldap: could not search LDAP server - Server is unavailable

14.6.2010 21:36 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Mohl bys ještě poslat obsah souboru /usr/local/etc/nss_ldap.conf?

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:41 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Ten je stejný jako ldap.conf, mám ho z tohoto soubory symlinkovanej.

14.6.2010 21:46 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

db.txt (16629 bytů)

pokud zadám ldapsearch -D "cn=root,dc=testdc=cz" -W tak mi DB notmálně vyjede, přikládám ji.

14.6.2010 21:52 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Ale pokud zadám ldapsearch -x -H ldap://127.0.0.1 "cn=root,dc=test,dc=cz" -W tak dostanu:

# extended LDIF
#
# LDAPv3
# base <=test,=cz> (default) with scope subtree
# filter: =root,=test,=cz
# requesting: -W 
#

# search result
search: 2
result: 0 Success

# numResponses: 1

nevím zda je ten příkaz správně abych se připojil k LDAP na 127.0.0.1 musel jsem odstranit z výpisu DC a CN znaky tak aby mi tato konference výpis logu vzala-

14.6.2010 21:53 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Hm, dobře. Pro dnešek bych to ukončil a pokračoval zítra, nevadilo by? Podívám se zítra na server, jak to tam mám.

Překvapuje mě, že jsou u všech uživatelů stejné hashe hesel. Navíc mi ten typ hashe nic neříká.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:57 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

OK ukončíme to, jen se zeptám, nebyl by na tebe nějaký kontakt, třeba Jabber nebo ICQ, jsem ti moc vděčný za pomoc.

14.6.2010 21:58 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Jabber honza@betik.cz

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 21:57 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Heslo uživatele by mělo jít změnit pomocí příkazu

ldappasswd -D "cn=root,dc=test,dc=cz" -S -W "uid=UŽIVATEL,ou=SKUPINA,dc=test,dc=cz"

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 22:04 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

heslo jsem změnil pro uživatele "test" ale když se přihlásím tak zase jenom starým heslem a to tím které je v systému. Jseš online?

14.6.2010 22:05 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Jj, jsem. Já to vypínám málokdy.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 22:07 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

přidal jsem si tě ale nevidím tě online :(

14.6.2010 22:09 cynic_asshole | skóre: 28
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Tak napiš, nejspíš to bude dělat antispam. A nebo můžeš svoje JID poslat e-mailem na stejnou adresu jako mám jabber.

Neznáš nějakou linuxovou distribuci pro Windows?

14.6.2010 19:41 Martin
Rozbalit Rozbalit vše Re: FreeBSD OpenLDAP nelze připojit

Příloha:

debug.log (16002 bytů)

A takhle vypadá log po startu LDAP

Založit nové vlákno • Nahoru

Tiskni Sdílej: