Announcement

Collapse
No announcement yet.

OX6 and Ldap authentication

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OX6 and Ldap authentication

    hey guys,
    i'm trying to get the ldap_auth plugin to work with an openLDAP server.

    here are my slapd.conf:

    Code:
    include         /etc/ldap/schema/core.schema
    include         /etc/ldap/schema/cosine.schema
    include         /etc/ldap/schema/nis.schema
    include         /etc/ldap/schema/inetorgperson.schema
    
    pidfile         /var/run/slapd/slapd.pid
    
    argsfile        /var/run/slapd/slapd.args
    
    loglevel        296
    
    modulepath      /usr/lib/ldap
    moduleload      back_hdb
    
    sizelimit 500
    
    tool-threads 1
    
    backend         hdb
    database        hdb
    
    suffix          "dc=example,dc=com"
    
    rootdn          "cn=admin,dc=example,dc=com"
    rootpw          {SSHA}XXXXXXXX
    
    directory       "/var/lib/ldap"
    
    dbconfig set_cachesize 0 2097152 0
    dbconfig set_lk_max_objects 1500
    dbconfig set_lk_max_locks 1500
    dbconfig set_lk_max_lockers 1500
    index           objectClass eq
    lastmod         on
    checkpoint      512 30
    
    access to attrs=userPassword,shadowLastChange
            by dn="cn=admin,dc=exampel,dc=com" write
            by dn="cn=ldapmanager,cn=admins,ou=company-de,dc=example,dc=com" write
            by anonymous auth
            by self write
            by * none
    
    access to dn.base="" by * read
    
    access to *
            by * read
            by dn="cn=ldapmanager,cn=admins,ou=company-de,dc=example,dc=com" write
            by dn="cn=admin,dc=nodomain" write
    and here is my ldap.properties
    Code:
    inetOrgPersonAttributebusinessCategoryName=businessCategory
    
    inetOrgPersonAttributecnName=cn
    
    inetOrgPersonAttributeemployeeNumberName=employeeNumber
    
    inetOrgPersonAttributeemployeeTypeName=employeeType
    
    OXUserObjectAttributecoName=co
    
    inetOrgPersonAttributehomePhoneName=homePhone
    
    inetOrgPersonAttributehomePostalAddressName=homePostalAddress
    
    OXUserObjectAttributeInfoName=info
    
    inetOrgPersonAttributeinitialsName=initials
    
    inetOrgPersonAttributeinternationaliSDNNumberName=internationaliSDNNumber
    
    OXUserObjectAttributeIPPhoneName=IPPhone
    
    OXUserObjectAttributeotherfacsimiletelephonenumberName=otherfacsimiletelephonenumber
    
    inetOrgPersonAttributeroomNumberName=roomNumber
    
    inetOrgPersonAttributetelexNumberName=telexNumber
    
    inetOrgPersonClassName=inetOrgPerson
    
    OXUserObjectAttributebirthDayName=birthDay
    
    OXUserObjectAttributeDistributionListName=OXUserDistributionList
    
    OXUserObjectAttributeAnniversaryName=OXUserAnniversary
    
    OXUserObjectAttributeBranchesName=OXUserBranches
    
    OXUserObjectAttributeCategoriesName=OXUserCategories
    
    OXUserObjectAttributeChildrenName=OXUserChildren
    
    OXUserObjectAttributeCityName=OXUserCity
    
    OXUserObjectAttributeCommentName=OXUserComment
    
    OXUserObjectAttributeComRegName=OXUserComReg
    
    OXUserObjectAttributeEmail2Name=OXUserEmail2
    
    OXUserObjectAttributeEmail3Name=OXUserEmail3
    
    OXUserObjectAttributeInstantMessenger2Name=OXUserInstantMessenger2
    
    OXUserObjectAttributeInstantMessengerName=OXUserInstantMessenger
    
    OXUserObjectAttributeMaritalStatusName=OXUserMaritalStatus
    
    OXUserObjectAttributeNickNameName=OXUserNickName
    
    OXUserObjectAttributeOtherCityName=OXUserOtherCity
    
    OXUserObjectAttributeOtherCountryName=OXUserOtherCountry
    
    OXUserObjectAttributeOtherPostalCodeName=OXUserOtherPostalCode
    
    OXUserObjectAttributeOtherStateName=OXUserOtherState
    
    OXUserObjectAttributeOtherStreetName=OXUserOtherStreet
    
    OXUserObjectAttributePositionName=OXUserPosition
    
    OXUserObjectAttributePostalCodeName=OXUserPostalCode
    
    OXUserObjectAttributeProfessionName=OXUserProfession
    
    OXUserObjectAttributeSalesVolumeName=OXUserSalesVolume
    
    OXUserObjectAttributeSpouseNameName=OXUserSpouseName
    
    OXUserObjectAttributeStateName=OXUserState
    
    OXUserObjectAttributesuffixName=OXUserSuffix
    
    OXUserObjectAttributeTaxIDName=OXUserTaxID
    
    OXUserObjectAttributeTeleAssistantName=OXUserTeleAssistant
    
    OXUserObjectAttributeTeleBusiness2Name=OXUserTeleBusiness2
    
    OXUserObjectAttributeTeleCallbackName=OXUserTeleCallback
    
    OXUserObjectAttributeTeleCarName=OXUserTeleCar
    
    OXUserObjectAttributeTeleCompanyName=OXUserTeleCompany
    
    OXUserObjectAttributeTeleFax2Name=OXUserTeleFax2
    
    OXUserObjectAttributeTeleHome2Name=OXUserTeleHome2
    
    OXUserObjectAttributeTeleMobile2Name=OXUserTeleMobile2
    
    OXUserObjectAttributeTeleOtherName=OXUserTeleOther
    
    OXUserObjectAttributeTelePrimaryName=OXUserTelePrimary
    
    OXUserObjectAttributeTeleRadioName=OXUserTeleRadio
    
    OXUserObjectAttributeTeleTTYName=OXUserTeleTTY
    
    OXUserObjectAttributeurlName=url
    
    OXUserObjectAttributeUserUndef01Name=OXUserUserUndef01
    
    OXUserObjectAttributeUserUndef02Name=OXUserUserUndef02
    
    OXUserObjectAttributeUserUndef03Name=OXUserUserUndef03
    
    OXUserObjectAttributeUserUndef04Name=OXUserUserUndef04
    
    OXUserObjectAttributeUserUndef05Name=OXUserUserUndef05
    
    OXUserObjectAttributeUserUndef06Name=OXUserUserUndef06
    
    OXUserObjectAttributeUserUndef07Name=OXUserUserUndef07
    
    OXUserObjectAttributeUserUndef08Name=OXUserUserUndef08
    
    OXUserObjectAttributeUserUndef09Name=OXUserUserUndef09
    
    OXUserObjectAttributeUserUndef10Name=OXUserUserUndef10
    
    OXUserObjectAttributeUserUndef11Name=OXUserUserUndef11
    
    OXUserObjectAttributeUserUndef12Name=OXUserUserUndef12
    
    OXUserObjectAttributeUserUndef13Name=OXUserUserUndef13
    
    OXUserObjectAttributeUserUndef14Name=OXUserUserUndef14
    
    OXUserObjectAttributeUserUndef15Name=OXUserUserUndef15
    
    OXUserObjectAttributeUserUndef16Name=OXUserUserUndef16
    
    OXUserObjectAttributeUserUndef17Name=OXUserUserUndef17
    
    OXUserObjectAttributeUserUndef18Name=OXUserUserUndef18
    
    OXUserObjectAttributeUserUndef19Name=OXUserUserUndef19
    
    OXUserObjectAttributeUserUndef20Name=OXUserUserUndef20
    
    OXUserObjectClassName=OXUserObject
    
    AllContactUIDSearch=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject))
    
    !AllContactUIDSearchScope=1
    
    AddressAdminsDN=cn=AddressAdmins,[globalAddressBookBaseDN]
    
    globalAddressBookBaseDN=o=AddressBook,ou=OxObjects
    
    GlobalAddressBookEntryDN=uid=[contactid],[globalAddressBookBaseDN]
    
    InternalUsersForeSureNameUIDPatternSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(|(sn=[pattern])(givenname=[pattern])(uid=[pattern]))(mailEnabled=ok))
    
    InternalUsersForDlistSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(cn=[pattern1])(|(mail=[pattern2])(OXUserEmail2=[pattern2])(OXUserEmail3=[pattern2]))(mailEnabled=ok))
    
    InternalUsersStartingLetterSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(sn=[letter]*)(mailEnabled=ok))
    
    UserAddressBookEntryDN=uid=[contactid],[UserAddressBookDN]
    
    OXResourceGroupAttributeresourceGroupAvailableName=resourceGroupAvailable
    
    OXResourceGroupAttributeresourceGroupMemberName=resourceGroupMember
    
    OXResourceGroupAttributeresourceGroupNameName=resourceGroupName
    
    ResourceGroupDN=resourceGroupName=[group],[resourceGroupBaseDN]
    
    ResourceGroupPatternSearchFilter=(&(objectclass=OXResourceGroupObject)(resourceGroupName=[pattern]))
    
    ResourceGroupSearchFilter=(objectclass=OXResourceGroupObject)
    
    !ResourceGroupSearchScope=1
    
    OXResourceAttributeresourceNameName=resourceName
    
    #Where are the resources?
    resourceBaseDN=ou=Resources,ou=ResourceObjects,ou=OxObjects
    
    ResourceDN=resourceName=[resource],[resourceBaseDN]
    
    #Where are the resource groups?
    resourceGroupBaseDN=ou=ResourceGroups,ou=ResourceObjects,ou=OxObjects
    
    #Searches resources with the a pattern.
    ResourcePatternSearchFilter=(&(objectclass=OXResourceObject)(resourceName=[pattern]))
    
    !ResourceSearchScope=1
    
    #Where to search for groups?
    groupBaseDN=ou=Groups,ou=OxObjects
    
    #Complete dn of a group.
    GroupDN=cn=[gid],[groupBaseDN]
    
    GroupSearchFilter=(objectclass=posixGroup)
    
    posixAccountAttributecnName=cn
    
    UserAddressBookDN=ou=addr,uid=[uid],[userBaseDN]
    
    userBaseDN=ou=Users,ou=OxObjects
    
    #DN to the user object
    UserDN=uid=[uid],[userBaseDN]
    
    UserSearchFilter=(&(uid=[uid])(objectClass=OXUserObject))
    
    #The scope with that users will be searched in ldap. USER_SEARCH_SCOPE
    !UserSearchScope=1
    
    UsersPatternSearchFilter=(&(objectclass=posixAccount)(uid=[pattern]))
    
    #Define the objectClasses an user object should belong to if you are performing pattern searches.
    UsersPatternSearchObjectClasses=posixAccount,inetOrgPerson,OXUserObject
    
    GlobalAddressBookSearchScope=1
    
    inetOrgPersonAttributejpegPhotoName=jpegPhoto
    
    OXUserObjectAttributeDayViewEndTimeName=OXDayViewEndTime
    
    OXUserObjectAttributeDayViewStartTimeName=OXDayViewStartTime
    
    OXUserObjectAttributeDayViewIntervalName=OXDayViewInterval
    
    Factory.GeneralSupport=DefaultGeneralSupport
    
    #Aliases of the user
    UserAttributeAlias=alias
    
    #Appointment days of the user.
    UserAttributeAppointmentDays=appointmentDays
    
    #Country of the user.
    UserAttributeCountry=field27
    
    #Second country of the user.
    UserAttributeCountry2=field41
    
    #Display name of the user.
    UserAttributeDisplayName=field01
    
    #Description of the user.
    UserAttributeDescription=field34
    
    #Facsimile of the user.
    UserAttributeFacsimile=field45
    
    #Given name of the user.
    UserAttributeGivenName=field03
    
    #Unique database identifier of the user.
    UserAttributeIdentifier=id
    
    #Name of the attribute containing the imap server host name.
    UserAttributeImapServer=imapServer
    
    #JDBC URL to the database for user specific databases instead of one global database.
    UserAttributeJDBCDatabaseURL=oxJDBCDatabaseURL
    
    #JDBC driver class name for user specific databases instead of one global database.
    UserAttributeJDBCDriverClassName=oxJDBCDriverClassName
    
    #JDBC database login for user specific databases instead of one global database.
    UserAttributeJDBCLogin=oxJDBCLogin
    
    #JDBC password for user specific databases instead of one global database.
    UserAttributeJDBCPassword=oxJDBCPassword
    
    #Labeled URI of the user.
    UserAttributeLabeledURI=field68
    
    #Locality of the user.
    UserAttributeLocality=field25
    
    #Mail address of the user.
    UserAttributeMail=mail
    
    #Mail domain of the user.
    UserAttributeMailDomain=mailDomain
    
    #Name of the attribute saying if the user is enabled or disabled. "OK" means user is enabled.
    UserAttributeEnabled=mailEnabled
    
    #Mobile telephone number of the user.
    UserAttributeMobile=field53
    
    #Last modification of the user.
    UserAttributeModifyTimestamp=changing_date
    
    #Organization of the user.
    UserAttributeOrganization=field18
    
    #Organizational unit of the user.
    UserAttributeOrganizationalUnit=field19
    
    #Pager number of the user.
    UserAttributePager=field57
    
    #Login password of the user.
    UserAttributePassword=userPassword
    
    #Postal code of the user.
    UserAttributePostalCode=field24
    
    #Preferred language of the user.
    UserAttributePreferredLanguage=preferredLanguage
    
    #Days since Jan 1, 1970 that password was last changed
    UserAttributeShadowLastChange=shadowLastChange
    
    #Name of the attribute containing the smtp server host name.
    UserAttributeSmtpServer=smtpServer
    
    #State of the user.
    UserAttributeState=field26
    
    #Street of the user.
    UserAttributeStreet=field23
    
    #Sure name of the user.
    UserAttributeSureName=field02
    
    #Task days of the user.
    UserAttributeTaskDays=taskDays
    
    #Telephone number of the user.
    UserAttributeTelephoneNumber=field43
    
    #Timezone of the user.
    UserAttributeTimeZone=timeZone
    
    #Title of the user.
    UserAttributeTitle=field06
    
    #Identifier of the user.
    UserAttributeUid=uid
    
    #Points to the user that stores the default mail configuration. Normally this is mailadmin.
    DNForDefaultMail=mailadmin
    
    #Filter for searching groups with a pattern.
    GroupsPatternSearchFilter=identifier
    
    #Filter for searching users.
    UsersDisplayNamePatternSearchFilter=field01,uid
    
    #Filter for searching users.
    UsersForeSureNameUIDPatternSearchFilter=field03,field02,uid
    
    #Set this parameter to true to disable writing of contacts into the directory service.
    ContactsDisabled=false
    
    #The mailEnabled attribute contains this value to enable a user.
    MailEnabledOK=OK
    
    #Set this parameter to true to enable full dynamic path names for users. This can be used for integration purposes.
    !UserFullDynamic=false
    
    #This parameter defines if caching is used or not.
    Caching=true
    
    #Name of the class implementing the new resource storage interface
    ResourceStorageImpl=com.openexchange.groupware.ldap.RdbResourceStorage
    
    #Name of the class implementing the new user storage interface
    UserStorageImpl=com.openexchange.groupware.ldap.RdbUserStorage
    and finally my ldapauth.properties
    Code:
    # This file contains the configuration for the ldap authentication.
    
    # URL of the LDAP server to connect to for authenticating users.
    # ldaps is supported.
    java.naming.provider.url=ldap://xxx.xxx.xxx.xxx:389/dc=example,dc=com
    
    # Defines the authentication security that should be used.
    java.naming.security.authentication=simple
    
    # Timeouts are useful to get quick responses for login requests. This timeout is
    # used if a new connection is established.
    com.sun.jndi.ldap.connect.timeout=10000
    
    # This timeout only works since Java 6 SE to time out waiting for a response.
    com.sun.jndi.ldap.read.timeout=10000
    
    # This attribute is used login. E.g. uid=<login>,baseDN
    #uidAttribute=uid
    uidAttribute=cn
    
    # This is the base distinguished name where the user are located.
    baseDN=cn=users,dc=example,dc=com
    When I try to logon to OX i get an error message concering my login credentials and i can see the following in the slapd logs:
    Code:
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
    Mar 30 11:52:06 oxchange slapd[8656]:
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: listen=9, new connection on 14
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: added 14r (active) listener=(nil)
    Mar 30 11:52:06 oxchange slapd[8656]: conn=0 fd=14 ACCEPT from IP=xxx.xxx.xxx.xxx:46160 (IP=0.0.0.0:389)
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
    Mar 30 11:52:06 oxchange slapd[8656]:
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
    Mar 30 11:52:06 oxchange slapd[8656]:  14r
    Mar 30 11:52:06 oxchange slapd[8656]:
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: read active on 14
    Mar 30 11:52:06 oxchange slapd[8656]: conn=0 op=0 BIND dn="" method=128
    Mar 30 11:52:06 oxchange slapd[8656]: conn=0 op=0 RESULT tag=97 err=0 text=
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 2 descriptors
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
    Mar 30 11:52:06 oxchange slapd[8656]:  14r
    Mar 30 11:52:06 oxchange slapd[8656]:
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: read active on 14
    Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" method=128
    Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" mech=SIMPLE ssf=0
    Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 RESULT tag=97 err=0 text=
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on 1 descriptor
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on:
    Mar 30 11:52:07 oxchange slapd[8656]:  14r
    Mar 30 11:52:07 oxchange slapd[8656]:
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: read active on 14
    Mar 30 11:52:07 oxchange slapd[8656]: connection_read(14): input error=-2 id=0, closing.
    Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=2 UNBIND
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: removing 14
    Mar 30 11:52:07 oxchange slapd[8656]: conn=0 fd=14 closed
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on 1 descriptor
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on:
    Mar 30 11:52:07 oxchange slapd[8656]:
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    What is happening here and what does input error=-2 mean?

    When logging on to LDAP manually (for example by using phpldapadmin) with these credentials:
    cn=testuser,cn=users,dc=example,dc=com
    PW: xxxx

    It is working pretty fine. I also tried to use different PW Hashes, actually i tested SHA,MD5,Crypt always with the same behaviour.
    I used oxldapsync for getting the ldapusers to OX.
    But there is only poor logging, also when i use the -v switch. It only logged once, this is a few days ago. Since this logging i have added new users to LDAP and executed oxldapsync a few times again but there are no new log entries.

    Is there anyone who can make head or tail of it? I'm stuck and don't know how to get further.
    Thanks in advance for your effort, i'm thankful for any hints.

    Regards,
    Chris

  • #2
    Addition

    here is a log from slapd with loglevel=-1, hopefully that helps....

    Code:
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 1 descriptor
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
    Mar 31 13:26:45 oxchange slapd[1139]:
    Mar 31 13:26:45 oxchange slapd[1139]: slap_listener_activate(9):
    Mar 31 13:26:45 oxchange slapd[1139]: >>> slap_listener(ldap:///)
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: listen=9, new connection on 14
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: added 14r (active) listener=(nil)
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 fd=14 ACCEPT from IP=xxx.xxx.xxx.xxx:56676 (IP=0.0.0.0:389)
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 1 descriptor
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
    Mar 31 13:26:45 oxchange slapd[1139]:
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 1 descriptor
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
    Mar 31 13:26:45 oxchange slapd[1139]:  14r
    Mar 31 13:26:45 oxchange slapd[1139]:
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: read active on 14
    Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14)
    Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14): got connid=1
    Mar 31 13:26:45 oxchange slapd[1139]: connection_read(14): checking for input on id=1
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=0 do_bind
    Mar 31 13:26:45 oxchange slapd[1139]: >>> dnPrettyNormal: <>
    Mar 31 13:26:45 oxchange slapd[1139]: <<< dnPrettyNormal: <>, <>
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=0 BIND dn="" method=128
    Mar 31 13:26:45 oxchange slapd[1139]: do_bind: version=3 dn="" method=128
    Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: conn=1 op=0 p=3
    Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: err=0 matched="" text=""
    Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_response: msgid=1 tag=97 err=0
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=0 RESULT tag=97 err=0 text=
    Mar 31 13:26:45 oxchange slapd[1139]: do_bind: v3 anonymous bind
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 2 descriptors
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
    Mar 31 13:26:45 oxchange slapd[1139]:  14r
    Mar 31 13:26:45 oxchange slapd[1139]:
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: read active on 14
    Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14)
    Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14): got connid=1
    Mar 31 13:26:45 oxchange slapd[1139]: connection_read(14): checking for input on id=1
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 do_bind
    Mar 31 13:26:45 oxchange slapd[1139]: >>> dnPrettyNormal: <cn=testuser,cn=users,dc=example,dc=com>
    Mar 31 13:26:45 oxchange slapd[1139]: <<< dnPrettyNormal: <cn=testuser,cn=users,dc=example,dc=com>, <cn=testuser,cn=users,dc=example,dc=com>
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" method=128
    Mar 31 13:26:45 oxchange slapd[1139]: do_bind: version=3 dn="cn=testuser,cn=users,dc=example,dc=com" method=128
    Mar 31 13:26:45 oxchange slapd[1139]: ==> hdb_bind: dn: cn=testuser,cn=users,dc=example,dc=com
    Mar 31 13:26:45 oxchange slapd[1139]: bdb_dn2entry("cn=testuser,cn=users,dc=example,dc=com")
    Mar 31 13:26:45 oxchange slapd[1139]: => access_allowed: auth access to "cn=testuser,cn=users,dc=example,dc=com" "userPassword" requested
    Mar 31 13:26:45 oxchange slapd[1139]: => acl_get: [1] attr userPassword
    Mar 31 13:26:45 oxchange slapd[1139]: => slap_access_allowed: result not in cache (userPassword)
    Mar 31 13:26:45 oxchange slapd[1139]: => acl_mask: access to entry "cn=testuser,cn=users,dc=example,dc=com", attr "userPassword" requested
    Mar 31 13:26:45 oxchange slapd[1139]: => acl_mask: to value by "", (=0)
    Mar 31 13:26:45 oxchange slapd[1139]: <= check a_dn_pat: cn=admin,dc=exampel,dc=com
    Mar 31 13:26:45 oxchange slapd[1139]: <= check a_dn_pat: cn=ldapmanager,cn=admins,ou=xxxxx,dc=example,dc=com
    Mar 31 13:26:45 oxchange slapd[1139]: <= check a_dn_pat: anonymous
    Mar 31 13:26:45 oxchange slapd[1139]: <= acl_mask: [3] applying auth(=xd) (stop)
    Mar 31 13:26:45 oxchange slapd[1139]: <= acl_mask: [3] mask: auth(=xd)
    Mar 31 13:26:45 oxchange slapd[1139]: => slap_access_allowed: auth access granted by auth(=xd)
    Mar 31 13:26:45 oxchange slapd[1139]: => access_allowed: auth access granted by auth(=xd)
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" mech=SIMPLE ssf=0
    Mar 31 13:26:45 oxchange slapd[1139]: do_bind: v3 bind: "cn=testuser,cn=users,dc=example,dc=com" to "cn=testuser,cn=users,dc=example,dc=com"
    Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: conn=1 op=1 p=3
    Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: err=0 matched="" text=""
    Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_response: msgid=2 tag=97 err=0
    Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 RESULT tag=97 err=0 text=
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on 2 descriptors
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on:
    Mar 31 13:26:46 oxchange slapd[1139]:  14r
    Mar 31 13:26:46 oxchange slapd[1139]:
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: read active on 14
    Mar 31 13:26:46 oxchange slapd[1139]: connection_get(14)
    Mar 31 13:26:46 oxchange slapd[1139]: connection_get(14): got connid=1
    Mar 31 13:26:46 oxchange slapd[1139]: connection_read(14): checking for input on id=1
    Mar 31 13:26:46 oxchange slapd[1139]: ber_get_next on fd 14 failed errno=0 (Success)
    Mar 31 13:26:46 oxchange slapd[1139]: connection_read(14): input error=-2 id=1, closing.
    Mar 31 13:26:46 oxchange slapd[1139]: connection_closing: readying conn=1 sd=14 for close
    Mar 31 13:26:46 oxchange slapd[1139]: connection_close: deferring conn=1 sd=14
    Mar 31 13:26:46 oxchange slapd[1139]: conn=1 op=2 do_unbind
    Mar 31 13:26:46 oxchange slapd[1139]: conn=1 op=2 UNBIND
    Mar 31 13:26:46 oxchange slapd[1139]: connection_resched: attempting closing conn=1 sd=14
    Mar 31 13:26:46 oxchange slapd[1139]: connection_close: conn=1 sd=14
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: removing 14
    Mar 31 13:26:46 oxchange slapd[1139]: conn=1 fd=14 closed
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on 1 descriptor
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on:
    Mar 31 13:26:46 oxchange slapd[1139]:
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
    Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Last edited by Guest; 03-31-2009, 01:33 PM.

    Comment


    • #3
      Error localization

      ok, one further update:

      The errror isn't a real error, it simply indicates that the user "testuser" does not exist in the ox db.
      In my case i'm running in to trouble with oxldapsync, it seems as if i made a mistake while configuring.
      I will give you an update as soon as i have fixed the problem.

      Cheers,
      chris


      special thanks to "choeger" and "kleini" from the irc channel who gave me support to this issue

      Comment


      • #4
        Solved

        ok, i actually got it:

        be sure to have a correct mapping set in $OXLDAPSYNC_HOME/etc/mapping.openldap.conf

        In my case i simply missed a necessary attribute. After correcting everything works fine.

        Comment

        Working...
        X