[Novalug] openldap primer
greg pryzby
greg@pryzby.org
Fri Mar 27 21:40:10 EDT 2015
# ldapsearch -h localhost -b "dc=pryzby.dc=org" "cn=gerrit2"
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
# ldapsearch -h localhost -x -b "dc=pryzby.dc=org" "cn=gerrit2"
# extended LDIF
#
# LDAPv3
# base <dc=pryzby.dc=org> with scope subtree
# filter: cn=gerrit2
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
I know the password works because I setup phpldapadmin.
I have done NOTHING in the past w/ ldap, so need to me...
If there are best practices, please tell me.
# numResponses: 1
(I am going to parse the debug later... sharing now though... I do see
a read error)
in debug (-d 31)
coming from a different computer
ldapsearch -h 192.168.124.121 -x -b "dc=pryzby.dc=org" "cn=gerrit2"
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 slap_listener_activate(7):
5515ffc6 daemon: epoll: listen=7 busy
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 >>> slap_listener(ldap:///)
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 daemon: listen=7, new connection on 16
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6 16r5515ffc6
5515ffc6 daemon: read active on 16
5515ffc6 daemon: added 16r (active) listener=(nil)
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16)
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16): got connid=1001
5515ffc6 connection_read(16): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 60 07 02 0....`..
ldap_read: want=6, got=6
0000: 01 03 04 00 80 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008c0 end=0x7fa9bc0008cc len=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
5515ffc6 op tag 0x60, time 1427505094
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 conn=1001 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008c3 end=0x7fa9bc0008cc len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_scanf fmt (m}) ber:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008ca end=0x7fa9bc0008cc len=2
0000: 00 00 ..
5515ffc6 >>> dnPrettyNormal: <>
5515ffc6 <<< dnPrettyNormal: <>, <>
5515ffc6 do_bind: version=3 dn="" method=128
5515ffc6 send_ldap_result: conn=1001 op=0 p=3
5515ffc6 send_ldap_result: err=0 matched="" text=""
5515ffc6 send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 16
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
5515ffc6 do_bind: v3 anonymous bind
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6 16r5515ffc6
5515ffc6 daemon: read active on 16
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16)
5515ffc6 connection_get(16): got connid=1001
5515ffc6 connection_read(16): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=8
0000: 30 37 02 01 02 63 32 04 07...c2.
ldap_read: want=49, got=49
0000: 10 64 63 3d 70 72 79 7a 62 79 2e 64 63 3d 6f 72 .dc=pryzby.dc=or
0010: 67 0a 01 02 0a 01 00 02 01 00 02 01 00 01 01 00 g...............
0020: a3 0d 04 02 63 6e 04 07 67 65 72 72 69 74 32 30 ....cn..gerrit20
0030: 00 .
ber_get_next: tag 0x30 len 55 contents:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c40008f0 end=0x7fa9c4000927 len=55
0000: 02 01 02 63 32 04 10 64 63 3d 70 72 79 7a 62 79 ...c2..dc=pryzby
0010: 2e 64 63 3d 6f 72 67 0a 01 02 0a 01 00 02 01 00 .dc=org.........
0020: 02 01 00 01 01 00 a3 0d 04 02 63 6e 04 07 67 65 ..........cn..ge
0030: 72 72 69 74 32 30 00 rrit20.
5515ffc6 op tag 0x63, time 1427505094
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 conn=1001 op=1 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c40008f3 end=0x7fa9c4000927 len=52
0000: 63 32 04 10 64 63 3d 70 72 79 7a 62 79 2e 64 63 c2..dc=pryzby.dc
0010: 3d 6f 72 67 0a 01 02 0a 01 00 02 01 00 02 01 00 =org............
0020: 01 01 00 a3 0d 04 02 63 6e 04 07 67 65 72 72 69 .......cn..gerri
0030: 74 32 30 00 t20.
5515ffc6 >>> dnPrettyNormal: <dc=pryzby.dc=org>
=> ldap_bv2dn(dc=pryzby.dc=org,0)
<= ldap_bv2dn(dc=pryzby.dc=org)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=pryzby.dc\3Dorg)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=pryzby.dc\3Dorg)=0
5515ffc6 <<< dnPrettyNormal: <dc=pryzby.dc\3Dorg>, <dc=pryzby.dc\3Dorg>
5515ffc6 SRCH "dc=pryzby.dc=org" 2 05515ffc6 0 0 0
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c4000916 end=0x7fa9c4000927 len=17
0000: a3 0d 04 02 63 6e 04 07 67 65 72 72 69 74 32 30 ....cn..gerrit20
0010: 00 .
5515ffc6 filter: (cn=gerrit2)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c4000925 end=0x7fa9c4000927 len=2
0000: 00 00 ..
5515ffc6 attrs:5515ffc6
5515ffc6 send_ldap_result: conn=1001 op=1 p=3
5515ffc6 send_ldap_result: err=10 matched="" text=""
5515ffc6 send_ldap_response: msgid=2 tag=101 err=32
ber_flush2: 14 bytes to sd 16
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6 16r5515ffc6
5515ffc6 daemon: read active on 16
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16)
5515ffc6 connection_get(16): got connid=1001
5515ffc6 connection_read(16): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008c0 end=0x7fa9bc0008c5 len=5
0000: 02 01 03 42 00 ...B.
5515ffc6 op tag 0x42, time 1427505094
ber_get_next
ldap_read: want=8, got=0
5515ffc6 ber_get_next on fd 16 failed errno=0 (Success)
5515ffc6 connection_read(16): input error=-2 id=1001, closing.
5515ffc6 connection_closing: readying conn=1001 sd=16 for close
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_close: deferring conn=1001 sd=16
5515ffc6 conn=1001 op=2 do_unbind
5515ffc6 connection_resched: attempting closing conn=1001 sd=16
5515ffc6 connection_close: conn=1001 sd=16
5515ffc6 daemon: removing 16
On Fri, Mar 27, 2015 at 9:04 PM, Derek LaHousse <dlahouss@mtu.edu> wrote:
> Come on, Greg: How is it failing?
>
> This looks like a good slapcat. Are you runnung ldapsearch on the
> same host as slapd? Is slapd runnung? Try killing it, then running
> in foreground with -d 31 (debug are bitflags: -1 is too noisy).
>
>
>
> On Fri, Mar 27, 2015 at 6:40 PM, greg pryzby via Novalug
> <novalug@firemountain.net> wrote:
>> I have setup openldap and added some OU and CN.... but when I try
>> ldapsearch it is failing. I know I am doing something wrong.
>>
>> My goal is to have jenkins and gerrit auth to openldap
>>
>> Any pointers are welcome
>> (Sometime learning too many things at once is dangerous....)
>>
>>
>> dn: dc=pryzby,dc=org
>> objectClass: top
>> objectClass: dcObject
>> objectClass: organization
>> o: pryzby.org
>> dc: pryzby
>> structuralObjectClass: organization
>> entryUUID: 907fb90c-690a-1034-8231-e5ae4133d5e8
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327202115Z
>> entryCSN: 20150327202115.883303Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327202115Z
>>
>> dn: cn=admin,dc=pryzby,dc=org
>> objectClass: simpleSecurityObject
>> objectClass: organizationalRole
>> cn: admin
>> description: LDAP administrator
>> userPassword:: e1NTSEF9YmUyRU9UeDlTdE1iY0FuNFZtc0pMS21mdkRmMlc5b2k=
>> structuralObjectClass: organizationalRole
>> entryUUID: 9091f086-690a-1034-8232-e5ae4133d5e8
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327202115Z
>> entryCSN: 20150327202116.002667Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327202115Z
>>
>> dn: ou=groups,dc=pryzby,dc=org
>> objectClass: organizationalUnit
>> objectClass: top
>> structuralObjectClass: organizationalUnit
>> entryUUID: 5161c974-6917-1034-93ae-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215233Z
>> ou: groups
>> entryCSN: 20150327215322.434775Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215322Z
>>
>> dn: ou=users,dc=pryzby,dc=org
>> objectClass: organizationalUnit
>> objectClass: top
>> ou: users
>> structuralObjectClass: organizationalUnit
>> entryUUID: 6b95d560-6917-1034-93af-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215317Z
>> entryCSN: 20150327215317.409993Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215317Z
>>
>> dn: cn=admin,ou=groups,dc=pryzby,dc=org
>> gidNumber: 501
>> cn: admin
>> objectClass: posixGroup
>> objectClass: top
>> structuralObjectClass: posixGroup
>> entryUUID: 8e670910-6917-1034-93b0-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215415Z
>> entryCSN: 20150327215415.823552Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215415Z
>>
>> dn: cn=user,ou=groups,dc=pryzby,dc=org
>> gidNumber: 502
>> cn: user
>> objectClass: posixGroup
>> objectClass: top
>> structuralObjectClass: posixGroup
>> entryUUID: a7f24ea8-6917-1034-93b2-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215458Z
>> entryCSN: 20150327215458.679325Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215458Z
>>
>> dn: cn=gerrit2,ou=users,dc=pryzby,dc=org
>> givenName: Gerrit
>> gidNumber: 502
>> homeDirectory: /home/users/gerrit2
>> sn: User
>> loginShell: /bin/sh
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: top
>> userPassword:: e01ENX1EN3dieU9ld0JHVDM2MEJKb0JWSG1nPT0=
>> uidNumber: 1000
>> uid: gerrit2
>> structuralObjectClass: inetOrgPerson
>> entryUUID: f53f6362-6917-1034-93b3-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215708Z
>> cn: gerrit2
>> entryCSN: 20150327215807.287890Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215807Z
>>
>>
>> --
>> greg pryzby greg at pryzby dot org
>> http://www.linkedin.com/in/gpryzby
>>
>> TWTR: gpryzby
>> WEB: http://www.MakeRoomForArt.com/
>> BLOG: http://lonetrikerphotography.tumblr.com/ (photos)
>> **********************************************************************
>> The Novalug mailing list is hosted by firemountain.net.
>>
>> To unsubscribe or change delivery options:
>> http://www.firemountain.net/mailman/listinfo/novalug
--
greg pryzby greg at pryzby dot org
http://www.linkedin.com/in/gpryzby
TWTR: gpryzby
WEB: http://www.MakeRoomForArt.com/
BLOG: http://lonetrikerphotography.tumblr.com/ (photos)
More information about the Novalug
mailing list