Announcement

Collapse
No announcement yet.

OX6 and Ldap authentication

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    OX6 and Ldap authentication

    hey guys,
    i'm trying to get the ldap_auth plugin to work with an openLDAP server.

    here are my slapd.conf:

    Code:
    include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

pidfile         /var/run/slapd/slapd.pid

argsfile        /var/run/slapd/slapd.args

loglevel        296

modulepath      /usr/lib/ldap
moduleload      back_hdb

sizelimit 500

tool-threads 1

backend         hdb
database        hdb

suffix          "dc=example,dc=com"

rootdn          "cn=admin,dc=example,dc=com"
rootpw          {SSHA}XXXXXXXX

directory       "/var/lib/ldap"

dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass eq
lastmod         on
checkpoint      512 30

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=exampel,dc=com" write
        by dn="cn=ldapmanager,cn=admins,ou=company-de,dc=example,dc=com" write
        by anonymous auth
        by self write
        by * none

access to dn.base="" by * read

access to *
        by * read
        by dn="cn=ldapmanager,cn=admins,ou=company-de,dc=example,dc=com" write
        by dn="cn=admin,dc=nodomain" write
    and here is my ldap.properties
    Code:
    inetOrgPersonAttributebusinessCategoryName=businessCategory

inetOrgPersonAttributecnName=cn

inetOrgPersonAttributeemployeeNumberName=employeeNumber

inetOrgPersonAttributeemployeeTypeName=employeeType

OXUserObjectAttributecoName=co

inetOrgPersonAttributehomePhoneName=homePhone

inetOrgPersonAttributehomePostalAddressName=homePostalAddress

OXUserObjectAttributeInfoName=info

inetOrgPersonAttributeinitialsName=initials

inetOrgPersonAttributeinternationaliSDNNumberName=internationaliSDNNumber

OXUserObjectAttributeIPPhoneName=IPPhone

OXUserObjectAttributeotherfacsimiletelephonenumberName=otherfacsimiletelephonenumber

inetOrgPersonAttributeroomNumberName=roomNumber

inetOrgPersonAttributetelexNumberName=telexNumber

inetOrgPersonClassName=inetOrgPerson

OXUserObjectAttributebirthDayName=birthDay

OXUserObjectAttributeDistributionListName=OXUserDistributionList

OXUserObjectAttributeAnniversaryName=OXUserAnniversary

OXUserObjectAttributeBranchesName=OXUserBranches

OXUserObjectAttributeCategoriesName=OXUserCategories

OXUserObjectAttributeChildrenName=OXUserChildren

OXUserObjectAttributeCityName=OXUserCity

OXUserObjectAttributeCommentName=OXUserComment

OXUserObjectAttributeComRegName=OXUserComReg

OXUserObjectAttributeEmail2Name=OXUserEmail2

OXUserObjectAttributeEmail3Name=OXUserEmail3

OXUserObjectAttributeInstantMessenger2Name=OXUserInstantMessenger2

OXUserObjectAttributeInstantMessengerName=OXUserInstantMessenger

OXUserObjectAttributeMaritalStatusName=OXUserMaritalStatus

OXUserObjectAttributeNickNameName=OXUserNickName

OXUserObjectAttributeOtherCityName=OXUserOtherCity

OXUserObjectAttributeOtherCountryName=OXUserOtherCountry

OXUserObjectAttributeOtherPostalCodeName=OXUserOtherPostalCode

OXUserObjectAttributeOtherStateName=OXUserOtherState

OXUserObjectAttributeOtherStreetName=OXUserOtherStreet

OXUserObjectAttributePositionName=OXUserPosition

OXUserObjectAttributePostalCodeName=OXUserPostalCode

OXUserObjectAttributeProfessionName=OXUserProfession

OXUserObjectAttributeSalesVolumeName=OXUserSalesVolume

OXUserObjectAttributeSpouseNameName=OXUserSpouseName

OXUserObjectAttributeStateName=OXUserState

OXUserObjectAttributesuffixName=OXUserSuffix

OXUserObjectAttributeTaxIDName=OXUserTaxID

OXUserObjectAttributeTeleAssistantName=OXUserTeleAssistant

OXUserObjectAttributeTeleBusiness2Name=OXUserTeleBusiness2

OXUserObjectAttributeTeleCallbackName=OXUserTeleCallback

OXUserObjectAttributeTeleCarName=OXUserTeleCar

OXUserObjectAttributeTeleCompanyName=OXUserTeleCompany

OXUserObjectAttributeTeleFax2Name=OXUserTeleFax2

OXUserObjectAttributeTeleHome2Name=OXUserTeleHome2

OXUserObjectAttributeTeleMobile2Name=OXUserTeleMobile2

OXUserObjectAttributeTeleOtherName=OXUserTeleOther

OXUserObjectAttributeTelePrimaryName=OXUserTelePrimary

OXUserObjectAttributeTeleRadioName=OXUserTeleRadio

OXUserObjectAttributeTeleTTYName=OXUserTeleTTY

OXUserObjectAttributeurlName=url

OXUserObjectAttributeUserUndef01Name=OXUserUserUndef01

OXUserObjectAttributeUserUndef02Name=OXUserUserUndef02

OXUserObjectAttributeUserUndef03Name=OXUserUserUndef03

OXUserObjectAttributeUserUndef04Name=OXUserUserUndef04

OXUserObjectAttributeUserUndef05Name=OXUserUserUndef05

OXUserObjectAttributeUserUndef06Name=OXUserUserUndef06

OXUserObjectAttributeUserUndef07Name=OXUserUserUndef07

OXUserObjectAttributeUserUndef08Name=OXUserUserUndef08

OXUserObjectAttributeUserUndef09Name=OXUserUserUndef09

OXUserObjectAttributeUserUndef10Name=OXUserUserUndef10

OXUserObjectAttributeUserUndef11Name=OXUserUserUndef11

OXUserObjectAttributeUserUndef12Name=OXUserUserUndef12

OXUserObjectAttributeUserUndef13Name=OXUserUserUndef13

OXUserObjectAttributeUserUndef14Name=OXUserUserUndef14

OXUserObjectAttributeUserUndef15Name=OXUserUserUndef15

OXUserObjectAttributeUserUndef16Name=OXUserUserUndef16

OXUserObjectAttributeUserUndef17Name=OXUserUserUndef17

OXUserObjectAttributeUserUndef18Name=OXUserUserUndef18

OXUserObjectAttributeUserUndef19Name=OXUserUserUndef19

OXUserObjectAttributeUserUndef20Name=OXUserUserUndef20

OXUserObjectClassName=OXUserObject

AllContactUIDSearch=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject))

!AllContactUIDSearchScope=1

AddressAdminsDN=cn=AddressAdmins,[globalAddressBookBaseDN]

globalAddressBookBaseDN=o=AddressBook,ou=OxObjects

GlobalAddressBookEntryDN=uid=[contactid],[globalAddressBookBaseDN]

InternalUsersForeSureNameUIDPatternSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(|(sn=[pattern])(givenname=[pattern])(uid=[pattern]))(mailEnabled=ok))

InternalUsersForDlistSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(cn=[pattern1])(|(mail=[pattern2])(OXUserEmail2=[pattern2])(OXUserEmail3=[pattern2]))(mailEnabled=ok))

InternalUsersStartingLetterSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(sn=[letter]*)(mailEnabled=ok))

UserAddressBookEntryDN=uid=[contactid],[UserAddressBookDN]

OXResourceGroupAttributeresourceGroupAvailableName=resourceGroupAvailable

OXResourceGroupAttributeresourceGroupMemberName=resourceGroupMember

OXResourceGroupAttributeresourceGroupNameName=resourceGroupName

ResourceGroupDN=resourceGroupName=[group],[resourceGroupBaseDN]

ResourceGroupPatternSearchFilter=(&(objectclass=OXResourceGroupObject)(resourceGroupName=[pattern]))

ResourceGroupSearchFilter=(objectclass=OXResourceGroupObject)

!ResourceGroupSearchScope=1

OXResourceAttributeresourceNameName=resourceName

#Where are the resources?
resourceBaseDN=ou=Resources,ou=ResourceObjects,ou=OxObjects

ResourceDN=resourceName=[resource],[resourceBaseDN]

#Where are the resource groups?
resourceGroupBaseDN=ou=ResourceGroups,ou=ResourceObjects,ou=OxObjects

#Searches resources with the a pattern.
ResourcePatternSearchFilter=(&(objectclass=OXResourceObject)(resourceName=[pattern]))

!ResourceSearchScope=1

#Where to search for groups?
groupBaseDN=ou=Groups,ou=OxObjects

#Complete dn of a group.
GroupDN=cn=[gid],[groupBaseDN]

GroupSearchFilter=(objectclass=posixGroup)

posixAccountAttributecnName=cn

UserAddressBookDN=ou=addr,uid=[uid],[userBaseDN]

userBaseDN=ou=Users,ou=OxObjects

#DN to the user object
UserDN=uid=[uid],[userBaseDN]

UserSearchFilter=(&(uid=[uid])(objectClass=OXUserObject))

#The scope with that users will be searched in ldap. USER_SEARCH_SCOPE
!UserSearchScope=1

UsersPatternSearchFilter=(&(objectclass=posixAccount)(uid=[pattern]))

#Define the objectClasses an user object should belong to if you are performing pattern searches.
UsersPatternSearchObjectClasses=posixAccount,inetOrgPerson,OXUserObject

GlobalAddressBookSearchScope=1

inetOrgPersonAttributejpegPhotoName=jpegPhoto

OXUserObjectAttributeDayViewEndTimeName=OXDayViewEndTime

OXUserObjectAttributeDayViewStartTimeName=OXDayViewStartTime

OXUserObjectAttributeDayViewIntervalName=OXDayViewInterval

Factory.GeneralSupport=DefaultGeneralSupport

#Aliases of the user
UserAttributeAlias=alias

#Appointment days of the user.
UserAttributeAppointmentDays=appointmentDays

#Country of the user.
UserAttributeCountry=field27

#Second country of the user.
UserAttributeCountry2=field41

#Display name of the user.
UserAttributeDisplayName=field01

#Description of the user.
UserAttributeDescription=field34

#Facsimile of the user.
UserAttributeFacsimile=field45

#Given name of the user.
UserAttributeGivenName=field03

#Unique database identifier of the user.
UserAttributeIdentifier=id

#Name of the attribute containing the imap server host name.
UserAttributeImapServer=imapServer

#JDBC URL to the database for user specific databases instead of one global database.
UserAttributeJDBCDatabaseURL=oxJDBCDatabaseURL

#JDBC driver class name for user specific databases instead of one global database.
UserAttributeJDBCDriverClassName=oxJDBCDriverClassName

#JDBC database login for user specific databases instead of one global database.
UserAttributeJDBCLogin=oxJDBCLogin

#JDBC password for user specific databases instead of one global database.
UserAttributeJDBCPassword=oxJDBCPassword

#Labeled URI of the user.
UserAttributeLabeledURI=field68

#Locality of the user.
UserAttributeLocality=field25

#Mail address of the user.
UserAttributeMail=mail

#Mail domain of the user.
UserAttributeMailDomain=mailDomain

#Name of the attribute saying if the user is enabled or disabled. "OK" means user is enabled.
UserAttributeEnabled=mailEnabled

#Mobile telephone number of the user.
UserAttributeMobile=field53

#Last modification of the user.
UserAttributeModifyTimestamp=changing_date

#Organization of the user.
UserAttributeOrganization=field18

#Organizational unit of the user.
UserAttributeOrganizationalUnit=field19

#Pager number of the user.
UserAttributePager=field57

#Login password of the user.
UserAttributePassword=userPassword

#Postal code of the user.
UserAttributePostalCode=field24

#Preferred language of the user.
UserAttributePreferredLanguage=preferredLanguage

#Days since Jan 1, 1970 that password was last changed
UserAttributeShadowLastChange=shadowLastChange

#Name of the attribute containing the smtp server host name.
UserAttributeSmtpServer=smtpServer

#State of the user.
UserAttributeState=field26

#Street of the user.
UserAttributeStreet=field23

#Sure name of the user.
UserAttributeSureName=field02

#Task days of the user.
UserAttributeTaskDays=taskDays

#Telephone number of the user.
UserAttributeTelephoneNumber=field43

#Timezone of the user.
UserAttributeTimeZone=timeZone

#Title of the user.
UserAttributeTitle=field06

#Identifier of the user.
UserAttributeUid=uid

#Points to the user that stores the default mail configuration. Normally this is mailadmin.
DNForDefaultMail=mailadmin

#Filter for searching groups with a pattern.
GroupsPatternSearchFilter=identifier

#Filter for searching users.
UsersDisplayNamePatternSearchFilter=field01,uid

#Filter for searching users.
UsersForeSureNameUIDPatternSearchFilter=field03,field02,uid

#Set this parameter to true to disable writing of contacts into the directory service.
ContactsDisabled=false

#The mailEnabled attribute contains this value to enable a user.
MailEnabledOK=OK

#Set this parameter to true to enable full dynamic path names for users. This can be used for integration purposes.
!UserFullDynamic=false

#This parameter defines if caching is used or not.
Caching=true

#Name of the class implementing the new resource storage interface
ResourceStorageImpl=com.openexchange.groupware.ldap.RdbResourceStorage

#Name of the class implementing the new user storage interface
UserStorageImpl=com.openexchange.groupware.ldap.RdbUserStorage
    and finally my ldapauth.properties
    Code:
    # This file contains the configuration for the ldap authentication.

# URL of the LDAP server to connect to for authenticating users.
# ldaps is supported.
java.naming.provider.url=ldap://xxx.xxx.xxx.xxx:389/dc=example,dc=com

# Defines the authentication security that should be used.
java.naming.security.authentication=simple

# Timeouts are useful to get quick responses for login requests. This timeout is
# used if a new connection is established.
com.sun.jndi.ldap.connect.timeout=10000

# This timeout only works since Java 6 SE to time out waiting for a response.
com.sun.jndi.ldap.read.timeout=10000

# This attribute is used login. E.g. uid=<login>,baseDN
#uidAttribute=uid
uidAttribute=cn

# This is the base distinguished name where the user are located.
baseDN=cn=users,dc=example,dc=com
    When I try to logon to OX i get an error message concering my login credentials and i can see the following in the slapd logs:
    Code:
    Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
Mar 30 11:52:06 oxchange slapd[8656]:
Mar 30 11:52:06 oxchange slapd[8656]: daemon: listen=9, new connection on 14
Mar 30 11:52:06 oxchange slapd[8656]: daemon: added 14r (active) listener=(nil)
Mar 30 11:52:06 oxchange slapd[8656]: conn=0 fd=14 ACCEPT from IP=xxx.xxx.xxx.xxx:46160 (IP=0.0.0.0:389)
Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
Mar 30 11:52:06 oxchange slapd[8656]:
Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
Mar 30 11:52:06 oxchange slapd[8656]:  14r
Mar 30 11:52:06 oxchange slapd[8656]:
Mar 30 11:52:06 oxchange slapd[8656]: daemon: read active on 14
Mar 30 11:52:06 oxchange slapd[8656]: conn=0 op=0 BIND dn="" method=128
Mar 30 11:52:06 oxchange slapd[8656]: conn=0 op=0 RESULT tag=97 err=0 text=
Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 2 descriptors
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on:
Mar 30 11:52:06 oxchange slapd[8656]:  14r
Mar 30 11:52:06 oxchange slapd[8656]:
Mar 30 11:52:06 oxchange slapd[8656]: daemon: read active on 14
Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" method=128
Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" mech=SIMPLE ssf=0
Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 RESULT tag=97 err=0 text=
Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on 1 descriptor
Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on:
Mar 30 11:52:07 oxchange slapd[8656]:  14r
Mar 30 11:52:07 oxchange slapd[8656]:
Mar 30 11:52:07 oxchange slapd[8656]: daemon: read active on 14
Mar 30 11:52:07 oxchange slapd[8656]: connection_read(14): input error=-2 id=0, closing.
Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=2 UNBIND
Mar 30 11:52:07 oxchange slapd[8656]: daemon: removing 14
Mar 30 11:52:07 oxchange slapd[8656]: conn=0 fd=14 closed
Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on 1 descriptor
Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on:
Mar 30 11:52:07 oxchange slapd[8656]:
Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    What is happening here and what does input error=-2 mean?

    When logging on to LDAP manually (for example by using phpldapadmin) with these credentials:
    cn=testuser,cn=users,dc=example,dc=com
    PW: xxxx

    It is working pretty fine. I also tried to use different PW Hashes, actually i tested SHA,MD5,Crypt always with the same behaviour.
    I used oxldapsync for getting the ldapusers to OX.
    But there is only poor logging, also when i use the -v switch. It only logged once, this is a few days ago. Since this logging i have added new users to LDAP and executed oxldapsync a few times again but there are no new log entries.

    Is there anyone who can make head or tail of it? I'm stuck and don't know how to get further.
    Thanks in advance for your effort, i'm thankful for any hints.

    Regards,
    Chris
    Tags: None
  • #2
    Addition

    here is a log from slapd with loglevel=-1, hopefully that helps....

    Code:
    Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 1 descriptor
Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
Mar 31 13:26:45 oxchange slapd[1139]:
Mar 31 13:26:45 oxchange slapd[1139]: slap_listener_activate(9):
Mar 31 13:26:45 oxchange slapd[1139]: >>> slap_listener(ldap:///)
Mar 31 13:26:45 oxchange slapd[1139]: daemon: listen=9, new connection on 14
Mar 31 13:26:45 oxchange slapd[1139]: daemon: added 14r (active) listener=(nil)
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 fd=14 ACCEPT from IP=xxx.xxx.xxx.xxx:56676 (IP=0.0.0.0:389)
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 1 descriptor
Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
Mar 31 13:26:45 oxchange slapd[1139]:
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 1 descriptor
Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
Mar 31 13:26:45 oxchange slapd[1139]:  14r
Mar 31 13:26:45 oxchange slapd[1139]:
Mar 31 13:26:45 oxchange slapd[1139]: daemon: read active on 14
Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14)
Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14): got connid=1
Mar 31 13:26:45 oxchange slapd[1139]: connection_read(14): checking for input on id=1
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=0 do_bind
Mar 31 13:26:45 oxchange slapd[1139]: >>> dnPrettyNormal: <>
Mar 31 13:26:45 oxchange slapd[1139]: <<< dnPrettyNormal: <>, <>
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=0 BIND dn="" method=128
Mar 31 13:26:45 oxchange slapd[1139]: do_bind: version=3 dn="" method=128
Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: conn=1 op=0 p=3
Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: err=0 matched="" text=""
Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_response: msgid=1 tag=97 err=0
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=0 RESULT tag=97 err=0 text=
Mar 31 13:26:45 oxchange slapd[1139]: do_bind: v3 anonymous bind
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on 2 descriptors
Mar 31 13:26:45 oxchange slapd[1139]: daemon: activity on:
Mar 31 13:26:45 oxchange slapd[1139]:  14r
Mar 31 13:26:45 oxchange slapd[1139]:
Mar 31 13:26:45 oxchange slapd[1139]: daemon: read active on 14
Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14)
Mar 31 13:26:45 oxchange slapd[1139]: connection_get(14): got connid=1
Mar 31 13:26:45 oxchange slapd[1139]: connection_read(14): checking for input on id=1
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 do_bind
Mar 31 13:26:45 oxchange slapd[1139]: >>> dnPrettyNormal: <cn=testuser,cn=users,dc=example,dc=com>
Mar 31 13:26:45 oxchange slapd[1139]: <<< dnPrettyNormal: <cn=testuser,cn=users,dc=example,dc=com>, <cn=testuser,cn=users,dc=example,dc=com>
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" method=128
Mar 31 13:26:45 oxchange slapd[1139]: do_bind: version=3 dn="cn=testuser,cn=users,dc=example,dc=com" method=128
Mar 31 13:26:45 oxchange slapd[1139]: ==> hdb_bind: dn: cn=testuser,cn=users,dc=example,dc=com
Mar 31 13:26:45 oxchange slapd[1139]: bdb_dn2entry("cn=testuser,cn=users,dc=example,dc=com")
Mar 31 13:26:45 oxchange slapd[1139]: => access_allowed: auth access to "cn=testuser,cn=users,dc=example,dc=com" "userPassword" requested
Mar 31 13:26:45 oxchange slapd[1139]: => acl_get: [1] attr userPassword
Mar 31 13:26:45 oxchange slapd[1139]: => slap_access_allowed: result not in cache (userPassword)
Mar 31 13:26:45 oxchange slapd[1139]: => acl_mask: access to entry "cn=testuser,cn=users,dc=example,dc=com", attr "userPassword" requested
Mar 31 13:26:45 oxchange slapd[1139]: => acl_mask: to value by "", (=0)
Mar 31 13:26:45 oxchange slapd[1139]: <= check a_dn_pat: cn=admin,dc=exampel,dc=com
Mar 31 13:26:45 oxchange slapd[1139]: <= check a_dn_pat: cn=ldapmanager,cn=admins,ou=xxxxx,dc=example,dc=com
Mar 31 13:26:45 oxchange slapd[1139]: <= check a_dn_pat: anonymous
Mar 31 13:26:45 oxchange slapd[1139]: <= acl_mask: [3] applying auth(=xd) (stop)
Mar 31 13:26:45 oxchange slapd[1139]: <= acl_mask: [3] mask: auth(=xd)
Mar 31 13:26:45 oxchange slapd[1139]: => slap_access_allowed: auth access granted by auth(=xd)
Mar 31 13:26:45 oxchange slapd[1139]: => access_allowed: auth access granted by auth(=xd)
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" mech=SIMPLE ssf=0
Mar 31 13:26:45 oxchange slapd[1139]: do_bind: v3 bind: "cn=testuser,cn=users,dc=example,dc=com" to "cn=testuser,cn=users,dc=example,dc=com"
Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: conn=1 op=1 p=3
Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_result: err=0 matched="" text=""
Mar 31 13:26:45 oxchange slapd[1139]: send_ldap_response: msgid=2 tag=97 err=0
Mar 31 13:26:45 oxchange slapd[1139]: conn=1 op=1 RESULT tag=97 err=0 text=
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 31 13:26:45 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on 2 descriptors
Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on:
Mar 31 13:26:46 oxchange slapd[1139]:  14r
Mar 31 13:26:46 oxchange slapd[1139]:
Mar 31 13:26:46 oxchange slapd[1139]: daemon: read active on 14
Mar 31 13:26:46 oxchange slapd[1139]: connection_get(14)
Mar 31 13:26:46 oxchange slapd[1139]: connection_get(14): got connid=1
Mar 31 13:26:46 oxchange slapd[1139]: connection_read(14): checking for input on id=1
Mar 31 13:26:46 oxchange slapd[1139]: ber_get_next on fd 14 failed errno=0 (Success)
Mar 31 13:26:46 oxchange slapd[1139]: connection_read(14): input error=-2 id=1, closing.
Mar 31 13:26:46 oxchange slapd[1139]: connection_closing: readying conn=1 sd=14 for close
Mar 31 13:26:46 oxchange slapd[1139]: connection_close: deferring conn=1 sd=14
Mar 31 13:26:46 oxchange slapd[1139]: conn=1 op=2 do_unbind
Mar 31 13:26:46 oxchange slapd[1139]: conn=1 op=2 UNBIND
Mar 31 13:26:46 oxchange slapd[1139]: connection_resched: attempting closing conn=1 sd=14
Mar 31 13:26:46 oxchange slapd[1139]: connection_close: conn=1 sd=14
Mar 31 13:26:46 oxchange slapd[1139]: daemon: removing 14
Mar 31 13:26:46 oxchange slapd[1139]: conn=1 fd=14 closed
Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on 1 descriptor
Mar 31 13:26:46 oxchange slapd[1139]: daemon: activity on:
Mar 31 13:26:46 oxchange slapd[1139]:
Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Mar 31 13:26:46 oxchange slapd[1139]: daemon: epoll: listen=9 active_threads=0 tvp=zero
    Last edited by Guest; 03-31-2009, 01:33 PM.

    Comment

    • #3
      Error localization

      ok, one further update:

      The errror isn't a real error, it simply indicates that the user "testuser" does not exist in the ox db.
      In my case i'm running in to trouble with oxldapsync, it seems as if i made a mistake while configuring.
      I will give you an update as soon as i have fixed the problem.

      Cheers,
      chris


      special thanks to "choeger" and "kleini" from the irc channel who gave me support to this issue

      Comment

      • #4
        Solved

        ok, i actually got it:

        be sure to have a correct mapping set in $OXLDAPSYNC_HOME/etc/mapping.openldap.conf

        In my case i simply missed a necessary attribute. After correcting everything works fine.

        Comment

        Previous template Next
        Working...
        X