Quanah,
I set loglevel to 341 in slapd.conf (trace function calls, configuration
file processing, and stats log connections/operations/results) and
restarted slapd.
I then set local4.* to be written to /var/log/ldap.log and restarted
syslogd. Could have just sent it a SIGHUP but used the sledge hammer.
When a general user does an ldapsearch:
ldapsearch -x -b 'cn=Harvey Snarkfarkel,ou=people,dc=localdomain'
it completes successfully without having to enter a bind password. I
think that is because I set it up to allow anyone to read. I'll work on
being more secure later.
When connecting to LDAP from phpldapadmin, with the Manager username and
password, phpldapadmin works fine. I can even check the ldap user
password without any problem through phpldapadmin.
I then ran authconfig as follows:
authconfig --enableldap --enableldaptls --ldapserver
denali.sdc.cs.boeing.com --ldapbasedn dc=localdomain
One thing I had to do running authconfig was create a pem file in
/etc/openldap/cacerts. All I did there was to create a symbolic link:
ls -la /etc/openldap/cacerts/
total 20
drwxr-xr-x 2 root root 4096 Aug 21 11:06 .
drwxr-xr-x 4 root root 4096 Aug 21 15:32 ..
lrwxrwxrwx 1 root root 23 Aug 21 11:06 CA.pem ->
/usr/share/swamp/CA.pem
Below are the entries added to /var/log/ldap.log when trying to ssh to
this host as the ldap only user. What causes the ber_get_next failed
errno=11 and TLS accept error? errno 11 is just a Try Again error. What
resource would not be available?
Aug 21 15:33:29 denali slapd[30178]: conn=0 fd=12 ACCEPT from
IP=130.42.49.204:50462 (IP=0.0.0.0:389)
Aug 21 15:33:29 denali slapd[30178]: connection_get(12): got connid=0
Aug 21 15:33:29 denali slapd[30178]: connection_read(12): checking for
input on id=0
Aug 21 15:33:29 denali slapd[30178]: ber_get_next on fd 12 failed errno=11
(Resource temporarily unavailable)
Aug 21 15:33:29 denali slapd[30178]: do_extended
Aug 21 15:33:29 denali slapd[30178]: send_ldap_extended: err=0 oid= len=0
Aug 21 15:33:29 denali slapd[30178]: send_ldap_response: msgid=1 tag=120
err=0
Aug 21 15:33:29 denali slapd[30178]: connection_get(12): got connid=0
Aug 21 15:33:29 denali slapd[30178]: connection_read(12): checking for
input on id=0
Aug 21 15:33:29 denali slapd[30178]: connection_get(12): got connid=0
Aug 21 15:33:29 denali slapd[30178]: connection_read(12): checking for
input on id=0
Aug 21 15:33:29 denali slapd[30178]: connection_read(12): TLS accept error
error=-1 id=0, closing
Aug 21 15:33:29 denali slapd[30178]: connection_closing: readying conn=0
sd=12 for close
Aug 21 15:33:29 denali slapd[30178]: connection_close: conn=0 sd=12
Aug 21 15:33:29 denali slapd[30178]: conn=0 fd=12 closed
Aug 21 15:34:29 denali slapd[30178]: conn=1 fd=12 ACCEPT from
IP=130.42.49.204:50464 (IP=0.0.0.0:389)
Aug 21 15:34:29 denali slapd[30178]: connection_get(12): got connid=1
Aug 21 15:34:29 denali slapd[30178]: connection_read(12): checking for
input on id=1
Aug 21 15:34:29 denali slapd[30178]: ber_get_next on fd 12 failed errno=11
(Resource temporarily unavailable)
Aug 21 15:34:29 denali slapd[30178]: do_extended
Aug 21 15:34:29 denali slapd[30178]: send_ldap_extended: err=0 oid= len=0
Aug 21 15:34:29 denali slapd[30178]: send_ldap_response: msgid=1 tag=120
err=0
Aug 21 15:34:29 denali slapd[30178]: connection_get(12): got connid=1
Aug 21 15:34:29 denali slapd[30178]: connection_read(12): checking for
input on id=1
Aug 21 15:34:29 denali slapd[30178]: connection_read(12): TLS accept error
error=-1 id=1, closing
Aug 21 15:34:29 denali slapd[30178]: connection_closing: readying conn=1
sd=12 for close
Aug 21 15:34:29 denali slapd[30178]: connection_close: conn=1 sd=12
Aug 21 15:34:29 denali slapd[30178]: conn=1 fd=12 closed
Thanks for helping me get a clearer picture of what is happening. It was
a big help. Now I just need to figure out how to follow the leads. Ideas
on where to look and what to look for would be greatly appreciated.
---
You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
