[SLE] ldap troubles

From: Tom Allison (tallison_at_tacocat.net)
Date: 10/13/03

  • Next message: Ben Rosenberg: "Re: [SLE] Xmms" 
    Date: Mon, 13 Oct 2003 07:51:35 -0400
To: Suse <suse-linux-e@suse.com>

    OK, I've narrowed one of my LDAP problems to something that might be
    more of a bug in SuSE's installation than anything else.
    Unfortunately it doesn't cover everything.

    First, from the openldap pages it's generally considered a "good idea"
    not to use LDAP v2 protocols as they are being phased out for v3.
    Because of this I did not select v2 as the LDAP client/server
    configuration in ldapd.conf or theYAST client tool.
    This created a consistent error and, after googling a bit, I added
    "allow bind_v2" to /etc/slapd.conf.
    After this I was able to eliminate one of the errors I was getting when
    I attempted to add users to the LDAP database using the YAST tools.

    Now I get messages like this:

    I think "errno=11" is where I start getting into trouble.
    ----------------------------------

    Oct 13 07:50:33 dmz slapd[4102]: daemon: read activity on 12
    Oct 13 07:50:33 dmz slapd[4102]: connection_get(12)
    Oct 13 07:50:33 dmz slapd[4102]: connection_get(12): got connid=9
    Oct 13 07:50:33 dmz slapd[4102]: connection_read(12): checking for input
    on id=9
    Oct 13 07:50:33 dmz slapd[4102]: ber_get_next on fd 12 failed errno=11
    (Resource temporarily unavailable)
    Oct 13 07:50:33 dmz slapd[4148]: do_search
    Oct 13 07:50:33 dmz slapd[4148]: >>> dnPrettyNormal:
    <ou=Group,dc=tacocat,dc=net>
    Oct 13 07:50:33 dmz slapd[4148]: <<< dnPrettyNormal:
    <ou=Group,dc=tacocat,dc=net>, <ou=group,dc=tacocat,dc=net>
    Oct 13 07:50:33 dmz slapd[4102]: daemon: select: listen=6
    active_threads=1 tvp=NULL
    Oct 13 07:50:33 dmz slapd[4148]: SRCH "ou=Group,dc=tacocat,dc=net" 2 0
    Oct 13 07:50:33 dmz slapd[4148]: 0 0 0
    Oct 13 07:50:33 dmz slapd[4148]: begin get_filter
    Oct 13 07:50:33 dmz slapd[4148]: AND
    Oct 13 07:50:33 dmz slapd[4148]: begin get_filter_list
    Oct 13 07:50:33 dmz slapd[4148]: begin get_filter
    Oct 13 07:50:33 dmz slapd[4148]: EQUALITY
    Oct 13 07:50:33 dmz slapd[4148]: end get_filter 0
    Oct 13 07:50:33 dmz slapd[4148]: begin get_filter
    Oct 13 07:50:33 dmz slapd[4148]: EQUALITY
    Oct 13 07:50:33 dmz slapd[4148]: end get_filter 0
    Oct 13 07:50:33 dmz slapd[4148]: end get_filter_list
    Oct 13 07:50:33 dmz slapd[4148]: end get_filter 0
    Oct 13 07:50:33 dmz slapd[4148]: filter:
    (&(objectClass=posixGroup)(?=undefined))
    Oct 13 07:50:33 dmz slapd[4148]: attrs:
    Oct 13 07:50:33 dmz slapd[4148]: cn
    Oct 13 07:50:33 dmz slapd[4148]: userPassword
    Oct 13 07:50:33 dmz slapd[4148]: memberUid
    Oct 13 07:50:33 dmz slapd[4148]: uniqueMember
    Oct 13 07:50:33 dmz slapd[4148]: gidNumber
    Oct 13 07:50:33 dmz slapd[4148]:
    Oct 13 07:50:33 dmz slapd[4148]: conn=9 op=2 SRCH
    base="ou=Group,dc=tacocat,dc=net" scope=2
    filter="(&(objectClass=posixGroup)(?=undefined))
    "
    Oct 13 07:50:33 dmz slapd[4148]: => ldbm_back_search
    Oct 13 07:50:33 dmz slapd[4148]: dn2entry_r: dn:
    "ou=group,dc=tacocat,dc=net"
    Oct 13 07:50:33 dmz slapd[4148]: => dn2id( "ou=group,dc=tacocat,dc=net" )
    Oct 13 07:50:33 dmz slapd[4148]: => ldbm_cache_open( "dn2id.dbb", 73, 600 )
    Oct 13 07:50:33 dmz slapd[4148]: <= ldbm_cache_open (cache 0)
    Oct 13 07:50:33 dmz slapd[4148]: <= dn2id NOID
    Oct 13 07:50:33 dmz slapd[4148]: dn2entry_r: dn: "dc=tacocat,dc=net"
    Oct 13 07:50:33 dmz slapd[4148]: => dn2id( "dc=tacocat,dc=net" )
    Oct 13 07:50:33 dmz slapd[4148]: => ldbm_cache_open( "dn2id.dbb", 73, 600 )
    Oct 13 07:50:33 dmz slapd[4148]: <= ldbm_cache_open (cache 0)
    Oct 13 07:50:33 dmz slapd[4148]: <= dn2id NOID
    Oct 13 07:50:33 dmz slapd[4148]: send_ldap_result: conn=9 op=2 p=2
    Oct 13 07:50:33 dmz slapd[4148]: send_ldap_result: err=10 matched=""
    text=""
    Oct 13 07:50:33 dmz slapd[4148]: send_ldap_response: msgid=3 tag=101 err=32
    Oct 13 07:50:33 dmz slapd[4148]: conn=9 op=2 RESULT tag=101 err=32 text= 

    -- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Ben Rosenberg: "Re: [SLE] Xmms"

    Relevant Pages

    • Re: prevent mails to nonexistent local recipients (LDAP?)
      ... ORF uses LDAP, so it does not have to run on a domain member host, you can ... safely run it on a front-end in the DMZ. ... >> traffic to reduce the load on the server. ...
      (microsoft.public.exchange.connectivity)
    • Re: LDAP proxy, forwarding or redirect
      ... Once I load ADAM on the DMZ server it does load an LDAP listener, ... only thing it can proxy is user authentication to AD. ...
      (microsoft.public.windows.server.active_directory)
    • Re: LDAP proxy, forwarding or redirect
      ... forward requests, but you would be much better served by ADAM and its AD ... This will give you a flexible, extensible LDAP ... OpenLDAP or ADAM instance. ... anything vs. pushing subsets of data to the DMZ. ...
      (microsoft.public.windows.server.active_directory)
    • Re: LDAP proxy, forwarding or redirect
      ... I will install ADAM and use that. ... forward requests, but you would be much better served by ADAM and its AD ... This will give you a flexible, extensible LDAP ... anything vs. pushing subsets of data to the DMZ. ...
      (microsoft.public.windows.server.active_directory)
    • Re: LDAP proxy, forwarding or redirect
      ... anything vs. pushing subsets of data to the DMZ. ... there is no way to LDAP directly from the outside to a GC ... if an LDAP redirector works? ... My firewall will not provide proxy services, only port filtering, so that ...
      (microsoft.public.windows.server.active_directory)