[Novalug] openldap primer

greg pryzby greg@pryzby.org
Fri Mar 27 21:40:10 EDT 2015


# ldapsearch -h localhost  -b "dc=pryzby.dc=org" "cn=gerrit2"
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database


# ldapsearch -h localhost -x -b "dc=pryzby.dc=org" "cn=gerrit2"
# extended LDIF
#
# LDAPv3
# base <dc=pryzby.dc=org> with scope subtree
# filter: cn=gerrit2
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

I know the password works because I setup phpldapadmin.

I have done NOTHING in the past w/ ldap, so need to me...

If there are best practices, please tell me.


# numResponses: 1


(I am going to parse the debug later... sharing now though... I do see
a read error)

in debug (-d 31)
coming from a different computer
ldapsearch -h 192.168.124.121 -x -b "dc=pryzby.dc=org" "cn=gerrit2"


5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 slap_listener_activate(7):
5515ffc6 daemon: epoll: listen=7 busy
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 >>> slap_listener(ldap:///)
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 daemon: listen=7, new connection on 16
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6  16r5515ffc6
5515ffc6 daemon: read active on 16
5515ffc6 daemon: added 16r (active) listener=(nil)
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16)
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16): got connid=1001
5515ffc6 connection_read(16): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=8
  0000:  30 0c 02 01 01 60 07 02                            0....`..
ldap_read: want=6, got=6
  0000:  01 03 04 00 80 00                                  ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008c0 end=0x7fa9bc0008cc len=12
  0000:  02 01 01 60 07 02 01 03  04 00 80 00               ...`........
5515ffc6 op tag 0x60, time 1427505094
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 conn=1001 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008c3 end=0x7fa9bc0008cc len=9
  0000:  60 07 02 01 03 04 00 80  00                        `........
ber_scanf fmt (m}) ber:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008ca end=0x7fa9bc0008cc len=2
  0000:  00 00                                              ..
5515ffc6 >>> dnPrettyNormal: <>
5515ffc6 <<< dnPrettyNormal: <>, <>
5515ffc6 do_bind: version=3 dn="" method=128
5515ffc6 send_ldap_result: conn=1001 op=0 p=3
5515ffc6 send_ldap_result: err=0 matched="" text=""
5515ffc6 send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 16
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
5515ffc6 do_bind: v3 anonymous bind
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6  16r5515ffc6
5515ffc6 daemon: read active on 16
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16)
5515ffc6 connection_get(16): got connid=1001
5515ffc6 connection_read(16): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=8
  0000:  30 37 02 01 02 63 32 04                            07...c2.
ldap_read: want=49, got=49
  0000:  10 64 63 3d 70 72 79 7a  62 79 2e 64 63 3d 6f 72   .dc=pryzby.dc=or
  0010:  67 0a 01 02 0a 01 00 02  01 00 02 01 00 01 01 00   g...............
  0020:  a3 0d 04 02 63 6e 04 07  67 65 72 72 69 74 32 30   ....cn..gerrit20
  0030:  00                                                 .
ber_get_next: tag 0x30 len 55 contents:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c40008f0 end=0x7fa9c4000927 len=55
  0000:  02 01 02 63 32 04 10 64  63 3d 70 72 79 7a 62 79   ...c2..dc=pryzby
  0010:  2e 64 63 3d 6f 72 67 0a  01 02 0a 01 00 02 01 00   .dc=org.........
  0020:  02 01 00 01 01 00 a3 0d  04 02 63 6e 04 07 67 65   ..........cn..ge
  0030:  72 72 69 74 32 30 00                               rrit20.
5515ffc6 op tag 0x63, time 1427505094
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 conn=1001 op=1 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c40008f3 end=0x7fa9c4000927 len=52
  0000:  63 32 04 10 64 63 3d 70  72 79 7a 62 79 2e 64 63   c2..dc=pryzby.dc
  0010:  3d 6f 72 67 0a 01 02 0a  01 00 02 01 00 02 01 00   =org............
  0020:  01 01 00 a3 0d 04 02 63  6e 04 07 67 65 72 72 69   .......cn..gerri
  0030:  74 32 30 00                                        t20.
5515ffc6 >>> dnPrettyNormal: <dc=pryzby.dc=org>
=> ldap_bv2dn(dc=pryzby.dc=org,0)
<= ldap_bv2dn(dc=pryzby.dc=org)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=pryzby.dc\3Dorg)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=pryzby.dc\3Dorg)=0
5515ffc6 <<< dnPrettyNormal: <dc=pryzby.dc\3Dorg>, <dc=pryzby.dc\3Dorg>
5515ffc6 SRCH "dc=pryzby.dc=org" 2 05515ffc6     0 0 0
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c4000916 end=0x7fa9c4000927 len=17
  0000:  a3 0d 04 02 63 6e 04 07  67 65 72 72 69 74 32 30   ....cn..gerrit20
  0010:  00                                                 .
5515ffc6     filter: (cn=gerrit2)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x7fa9c40008f0 ptr=0x7fa9c4000925 end=0x7fa9c4000927 len=2
  0000:  00 00                                              ..
5515ffc6     attrs:5515ffc6
5515ffc6 send_ldap_result: conn=1001 op=1 p=3
5515ffc6 send_ldap_result: err=10 matched="" text=""
5515ffc6 send_ldap_response: msgid=2 tag=101 err=32
ber_flush2: 14 bytes to sd 16
  0000:  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00         0....e... ....
ldap_write: want=14, written=14
  0000:  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00         0....e... ....
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6  16r5515ffc6
5515ffc6 daemon: read active on 16
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_get(16)
5515ffc6 connection_get(16): got connid=1001
5515ffc6 connection_read(16): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=7
  0000:  30 05 02 01 03 42 00                               0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x7fa9bc0008c0 ptr=0x7fa9bc0008c0 end=0x7fa9bc0008c5 len=5
  0000:  02 01 03 42 00                                     ...B.
5515ffc6 op tag 0x42, time 1427505094
ber_get_next
ldap_read: want=8, got=0

5515ffc6 ber_get_next on fd 16 failed errno=0 (Success)
5515ffc6 connection_read(16): input error=-2 id=1001, closing.
5515ffc6 connection_closing: readying conn=1001 sd=16 for close
5515ffc6 daemon: activity on 1 descriptor
5515ffc6 daemon: activity on:5515ffc6
5515ffc6 daemon: epoll: listen=7 active_threads=0 tvp=zero
5515ffc6 daemon: epoll: listen=8 active_threads=0 tvp=zero
5515ffc6 connection_close: deferring conn=1001 sd=16
5515ffc6 conn=1001 op=2 do_unbind
5515ffc6 connection_resched: attempting closing conn=1001 sd=16
5515ffc6 connection_close: conn=1001 sd=16
5515ffc6 daemon: removing 16


On Fri, Mar 27, 2015 at 9:04 PM, Derek LaHousse <dlahouss@mtu.edu> wrote:
> Come on, Greg: How is it failing?
>
> This looks like a good slapcat.  Are you runnung ldapsearch on the
> same host as slapd?  Is slapd runnung?  Try killing it, then running
> in foreground with -d 31 (debug are bitflags: -1 is too noisy).
>
>
>
> On Fri, Mar 27, 2015 at 6:40 PM, greg pryzby via Novalug
> <novalug@firemountain.net> wrote:
>> I have setup openldap and added some OU and CN.... but when I try
>> ldapsearch it is failing. I know I am doing something wrong.
>>
>> My goal is to have jenkins and gerrit auth to openldap
>>
>> Any pointers are welcome
>> (Sometime learning too many things at once is dangerous....)
>>
>>
>> dn: dc=pryzby,dc=org
>> objectClass: top
>> objectClass: dcObject
>> objectClass: organization
>> o: pryzby.org
>> dc: pryzby
>> structuralObjectClass: organization
>> entryUUID: 907fb90c-690a-1034-8231-e5ae4133d5e8
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327202115Z
>> entryCSN: 20150327202115.883303Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327202115Z
>>
>> dn: cn=admin,dc=pryzby,dc=org
>> objectClass: simpleSecurityObject
>> objectClass: organizationalRole
>> cn: admin
>> description: LDAP administrator
>> userPassword:: e1NTSEF9YmUyRU9UeDlTdE1iY0FuNFZtc0pMS21mdkRmMlc5b2k=
>> structuralObjectClass: organizationalRole
>> entryUUID: 9091f086-690a-1034-8232-e5ae4133d5e8
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327202115Z
>> entryCSN: 20150327202116.002667Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327202115Z
>>
>> dn: ou=groups,dc=pryzby,dc=org
>> objectClass: organizationalUnit
>> objectClass: top
>> structuralObjectClass: organizationalUnit
>> entryUUID: 5161c974-6917-1034-93ae-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215233Z
>> ou: groups
>> entryCSN: 20150327215322.434775Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215322Z
>>
>> dn: ou=users,dc=pryzby,dc=org
>> objectClass: organizationalUnit
>> objectClass: top
>> ou: users
>> structuralObjectClass: organizationalUnit
>> entryUUID: 6b95d560-6917-1034-93af-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215317Z
>> entryCSN: 20150327215317.409993Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215317Z
>>
>> dn: cn=admin,ou=groups,dc=pryzby,dc=org
>> gidNumber: 501
>> cn: admin
>> objectClass: posixGroup
>> objectClass: top
>> structuralObjectClass: posixGroup
>> entryUUID: 8e670910-6917-1034-93b0-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215415Z
>> entryCSN: 20150327215415.823552Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215415Z
>>
>> dn: cn=user,ou=groups,dc=pryzby,dc=org
>> gidNumber: 502
>> cn: user
>> objectClass: posixGroup
>> objectClass: top
>> structuralObjectClass: posixGroup
>> entryUUID: a7f24ea8-6917-1034-93b2-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215458Z
>> entryCSN: 20150327215458.679325Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215458Z
>>
>> dn: cn=gerrit2,ou=users,dc=pryzby,dc=org
>> givenName: Gerrit
>> gidNumber: 502
>> homeDirectory: /home/users/gerrit2
>> sn: User
>> loginShell: /bin/sh
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: top
>> userPassword:: e01ENX1EN3dieU9ld0JHVDM2MEJKb0JWSG1nPT0=
>> uidNumber: 1000
>> uid: gerrit2
>> structuralObjectClass: inetOrgPerson
>> entryUUID: f53f6362-6917-1034-93b3-8f3e9ae357eb
>> creatorsName: cn=admin,dc=pryzby,dc=org
>> createTimestamp: 20150327215708Z
>> cn: gerrit2
>> entryCSN: 20150327215807.287890Z#000000#000#000000
>> modifiersName: cn=admin,dc=pryzby,dc=org
>> modifyTimestamp: 20150327215807Z
>>
>>
>> --
>> greg pryzby                              greg at pryzby dot org
>> http://www.linkedin.com/in/gpryzby
>>
>> TWTR: gpryzby
>> WEB:  http://www.MakeRoomForArt.com/
>> BLOG: http://lonetrikerphotography.tumblr.com/ (photos)
>> **********************************************************************
>> The Novalug mailing list is hosted by firemountain.net.
>>
>> To unsubscribe or change delivery options:
>> http://www.firemountain.net/mailman/listinfo/novalug



-- 
greg pryzby                              greg at pryzby dot org
http://www.linkedin.com/in/gpryzby

TWTR: gpryzby
WEB:  http://www.MakeRoomForArt.com/
BLOG: http://lonetrikerphotography.tumblr.com/ (photos)



More information about the Novalug mailing list