Package: slapd Version: 2.4.40+dfsg-1+deb8u1 Severity: important
Hi everyone. >From a fresh install (the server is a virtual machine with VirtualBox), after >basic configuration of slapd, without any configuration other than those make >by apt-get, with no special data I can add this piece of ldif dn: cn=config changeType: modify add: olcTLSVerifyClient olcTLSVerifyClient: never - I always got a root@debian:~# ldapmodify -Y EXTERNAL -H ldapi:/// -f toto.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Server is unwilling to perform (53) and the debug file containt (with LogLevel:1) Dec 14 15:04:12 debian slapd[3597]: slap_listener_activate(11): Dec 14 15:04:12 debian slapd[3597]: >>> slap_listener(ldapi:///) Dec 14 15:04:12 debian slapd[3597]: connection_get(13): got connid=1031 Dec 14 15:04:12 debian slapd[3597]: connection_read(13): checking for input on id=1031 Dec 14 15:04:12 debian slapd[3597]: op tag 0x60, time 1450101852 Dec 14 15:04:12 debian slapd[3597]: conn=1031 op=0 do_bind Dec 14 15:04:12 debian slapd[3597]: >>> dnPrettyNormal: <> Dec 14 15:04:12 debian slapd[3597]: <<< dnPrettyNormal: <>, <> Dec 14 15:04:12 debian slapd[3597]: do_bind: dn () SASL mech EXTERNAL Dec 14 15:04:12 debian slapd[3597]: ==>slap_sasl2dn: converting SASL name gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN Dec 14 15:04:12 debian slapd[3597]: <==slap_sasl2dn: Converted SASL name to <nothing> Dec 14 15:04:12 debian slapd[3597]: SASL Authorize [conn=1031]: proxy authorization allowed authzDN="" Dec 14 15:04:12 debian slapd[3597]: send_ldap_sasl: err=0 len=-1 Dec 14 15:04:12 debian slapd[3597]: do_bind: SASL/EXTERNAL bind: dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" sasl_ssf=0 Dec 14 15:04:12 debian slapd[3597]: send_ldap_response: msgid=1 tag=97 err=0 Dec 14 15:04:12 debian slapd[3597]: <== slap_sasl_bind: rc=0 Dec 14 15:04:12 debian slapd[3597]: connection_get(13): got connid=1031 Dec 14 15:04:12 debian slapd[3597]: connection_read(13): checking for input on id=1031 Dec 14 15:04:12 debian slapd[3597]: op tag 0x66, time 1450101852 Dec 14 15:04:12 debian slapd[3597]: conn=1031 op=1 do_modify Dec 14 15:04:12 debian slapd[3597]: >>> dnPrettyNormal: <cn=config> Dec 14 15:04:12 debian slapd[3597]: <<< dnPrettyNormal: <cn=config>, <cn=config> Dec 14 15:04:12 debian slapd[3597]: oc_check_required entry (cn=config), objectClass "olcGlobal" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "objectClass" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "cn" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcArgsFile" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcPidFile" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcToolThreads" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "structuralObjectClass" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "entryUUID" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "creatorsName" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "createTimestamp" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcConnMaxPending" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcLogLevel" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcTLSVerifyClient" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "entryCSN" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "modifiersName" Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "modifyTimestamp" Dec 14 15:04:12 debian slapd[3597]: send_ldap_result: conn=1031 op=1 p=3 Dec 14 15:04:12 debian slapd[3597]: send_ldap_response: msgid=2 tag=103 err=53 Dec 14 15:04:12 debian slapd[3597]: connection_get(13): got connid=1031 Dec 14 15:04:12 debian slapd[3597]: connection_read(13): checking for input on id=1031 Dec 14 15:04:12 debian slapd[3597]: op tag 0x42, time 1450101852 Dec 14 15:04:12 debian slapd[3597]: ber_get_next on fd 13 failed errno=0 (Success) Dec 14 15:04:12 debian slapd[3597]: conn=1031 op=2 do_unbind Dec 14 15:04:12 debian slapd[3597]: connection_close: conn=1031 sd=13 Dec 14 15:04:58 debian slapd[3597]: slap_listener_activate(11): Dec 14 15:04:58 debian slapd[3597]: >>> slap_listener(ldapi:///) Dec 14 15:04:58 debian slapd[3597]: connection_get(13): got connid=1032 Dec 14 15:04:58 debian slapd[3597]: connection_read(13): checking for input on id=1032 Dec 14 15:04:58 debian slapd[3597]: op tag 0x60, time 1450101898 Dec 14 15:04:58 debian slapd[3597]: conn=1032 op=0 do_bind Dec 14 15:04:58 debian slapd[3597]: >>> dnPrettyNormal: <> Dec 14 15:04:58 debian slapd[3597]: <<< dnPrettyNormal: <>, <> Dec 14 15:04:58 debian slapd[3597]: do_bind: dn () SASL mech EXTERNAL Dec 14 15:04:58 debian slapd[3597]: ==>slap_sasl2dn: converting SASL name gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN Dec 14 15:04:58 debian slapd[3597]: <==slap_sasl2dn: Converted SASL name to <nothing> Dec 14 15:04:58 debian slapd[3597]: SASL Authorize [conn=1032]: proxy authorization allowed authzDN="" Dec 14 15:04:58 debian slapd[3597]: send_ldap_sasl: err=0 len=-1 Dec 14 15:04:58 debian slapd[3597]: do_bind: SASL/EXTERNAL bind: dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" sasl_ssf=0 Dec 14 15:04:58 debian slapd[3597]: send_ldap_response: msgid=1 tag=97 err=0 Dec 14 15:04:58 debian slapd[3597]: <== slap_sasl_bind: rc=0 Dec 14 15:04:58 debian slapd[3597]: connection_get(13): got connid=1032 Dec 14 15:04:58 debian slapd[3597]: connection_read(13): checking for input on id=1032 Dec 14 15:04:58 debian slapd[3597]: op tag 0x63, time 1450101898 Dec 14 15:04:58 debian slapd[3597]: conn=1032 op=1 do_search Dec 14 15:04:58 debian slapd[3597]: >>> dnPrettyNormal: <cn=config> Dec 14 15:04:58 debian slapd[3597]: <<< dnPrettyNormal: <cn=config>, <cn=config> Dec 14 15:04:58 debian slapd[3597]: ==> limits_get: conn=1032 op=1 self="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" this="cn=config" Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="cn=module{0},cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="cn=schema,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="cn={0}core,cn=schema,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="cn={1}cosine,cn=schema,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="cn={2}nis,cn=schema,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="cn={3}inetorgperson,cn=schema,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="olcBackend={0}mdb,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="olcDatabase={-1}frontend,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="olcDatabase={0}config,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: => send_search_entry: conn 1032 dn="olcDatabase={1}mdb,cn=config" Dec 14 15:04:58 debian slapd[3597]: <= send_search_entry: conn 1032 exit. Dec 14 15:04:58 debian slapd[3597]: send_ldap_result: conn=1032 op=1 p=3 Dec 14 15:04:58 debian slapd[3597]: send_ldap_response: msgid=2 tag=101 err=0 Dec 14 15:04:58 debian slapd[3597]: connection_get(13): got connid=1032 Dec 14 15:04:58 debian slapd[3597]: connection_read(13): checking for input on id=1032 Dec 14 15:04:58 debian slapd[3597]: op tag 0x42, time 1450101898 Dec 14 15:04:58 debian slapd[3597]: ber_get_next on fd 13 failed errno=0 (Success) Dec 14 15:04:58 debian slapd[3597]: conn=1032 op=2 do_unbind Dec 14 15:04:58 debian slapd[3597]: connection_close: conn=1032 sd=13 -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages slapd depends on: ii adduser 3.113+nmu3 ii coreutils 8.23-4 ii debconf [debconf-2.0] 1.5.56 ii libc6 2.19-18+deb8u1 ii libdb5.3 5.3.28-9 ii libgnutls-deb0-28 3.3.8-6+deb8u3 ii libldap-2.4-2 2.4.40+dfsg-1+deb8u1 ii libltdl7 2.4.2-1.11 ii libodbc1 2.3.1-3 ii libperl5.20 5.20.2-3+deb8u1 ii libsasl2-2 2.1.26.dfsg1-13+deb8u1 ii libslp1 1.2.1-10+deb8u1 ii libwrap0 7.6.q-25 ii lsb-base 4.1+Debian13+nmu1 ii multiarch-support 2.19-18+deb8u1 ii perl [libmime-base64-perl] 5.20.2-3+deb8u1 ii psmisc 22.21-2 Versions of packages slapd recommends: ii libsasl2-modules 2.1.26.dfsg1-13+deb8u1 Versions of packages slapd suggests: ii ldap-utils 2.4.40+dfsg-1+deb8u1 pn libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi <none> -- debconf information: * slapd/password1: (password omitted) slapd/internal/generated_adminpw: (password omitted) * slapd/password2: (password omitted) slapd/internal/adminpw: (password omitted) slapd/password_mismatch: slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/upgrade_slapcat_failure: slapd/unsafe_selfwrite_acl: * slapd/no_configuration: false * slapd/move_old_database: true slapd/invalid_config: true * slapd/purge_database: true * slapd/allow_ldap_v2: false * slapd/domain: moi.fr slapd/dump_database: when needed * slapd/backend: MDB * shared/organization: moi.fr