Re: Logging bind password

Pierangelo Masarati Tue, 14 Oct 2008 07:57:28 -0700

----- "Alfonsas Stonis" <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> Is there any way to log password that was used during bind?
> I tried adding option
> loglevel 18446744073709551615


where did you find that documented?  Since the log level is a mask, I doubt 
adding digits can help to any extent.

> and many other options. Nothing helps. I get the following output
> (without password)
> 
> Oct 14 10:56:47 dr slapd[28331]: daemon: read activity on 12
> Oct 14 10:56:47 dr slapd[28331]: connection_get(12)
> Oct 14 10:56:47 dr slapd[28331]: connection_get(12): got connid=2
> Oct 14 10:56:47 dr slapd[28331]: connection_read(12): checking for
> input on id=2
> Oct 14 10:56:47 dr slapd[28331]: ber_get_next on fd 12 failed
> errno=11
> (Resource temporarily unavailable)
> Oct 14 10:56:47 dr slapd[28331]: daemon: select: listen=6
> active_threads=0 tvp=NULL
> Oct 14 10:56:47 dr slapd[28331]: daemon: select: listen=7
> active_threads=0 tvp=NULL
> Oct 14 10:56:47 dr slapd[28331]: do_bind
> Oct 14 10:56:47 dr slapd[28331]: >>> dnPrettyNormal:
> <cn=jbaker007,ou=users,o=arhub>
> Oct 14 10:56:47 dr slapd[28331]: <<< dnPrettyNormal:
> <cn=jbaker007,ou=users,o=arhub>, <cn=jbaker007,ou=users,o=arhub>
> Oct 14 10:56:47 dr slapd[28331]: do_bind: version=3
> dn="cn=jbaker007,ou=users,o=arhub" method=128
> Oct 14 10:56:47 dr slapd[28331]: conn=2 op=0 BIND
> dn="cn=jbaker007,ou=users,o=arhub" method=128
> Oct 14 10:56:47 dr slapd[28331]: ==> bdb_bind: dn:
> cn=jbaker007,ou=users,o=arhub
> Oct 14 10:56:47 dr slapd[28331]:
> bdb_dn2entry("cn=jbaker007,ou=users,o=arhub")
> Oct 14 10:56:47 dr slapd[28331]: => access_allowed: auth access to
> "cn=jbaker007,ou=users,o=arhub" "userPassword" requested
> Oct 14 10:56:47 dr slapd[28331]: => acl_get: [1] attr userPassword
> Oct 14 10:56:47 dr slapd[28331]: => acl_mask: access to entry
> "cn=jbaker007,ou=users,o=arhub", attr "userPassword" requested
> Oct 14 10:56:47 dr slapd[28331]: => acl_mask: to all values by "",
> (=n)
> Oct 14 10:56:47 dr slapd[28331]: <= check a_dn_pat: ou=rba,o=arhub
> Oct 14 10:56:47 dr slapd[28331]: <= check a_dn_pat: self
> Oct 14 10:56:47 dr slapd[28331]: <= check a_dn_pat: *
> Oct 14 10:56:47 dr slapd[28331]: <= acl_mask: [3] applying auth(=x)
> (stop)
> Oct 14 10:56:47 dr slapd[28331]: <= acl_mask: [3] mask: auth(=x)
> Oct 14 10:56:47 dr slapd[28331]: => access_allowed: auth access
> granted by auth(=x)
> Oct 14 10:56:47 dr slapd[28331]: send_ldap_result: conn=2 op=0 p=3
> Oct 14 10:56:47 dr slapd[28331]: send_ldap_result: err=49 matched=""
> text=""
> Oct 14 10:56:47 dr slapd[28331]: send_ldap_response: msgid=1 tag=97
> err=49
> Oct 14 10:56:47 dr slapd[28331]: conn=2 op=0 RESULT tag=97 err=49
> text=
> Oct 14 10:56:47 dr slapd[28331]: daemon: activity on 1 descriptors
> Oct 14 10:56:47 dr slapd[28331]: daemon: activity on:
> 
> The problem is that I know that I have correct password but ldap
> keeps
> rejecting it. So, I need to test maybe application is somehow
> changing
> it, but I can not see it.
> Can someone help me?

Try "packets"; you'll get something like

slapd starting
ldap_read: want=8, got=8
  0000:  30 2e 02 01 01 60 29 02                            0....`).          
ldap_read: want=40, got=40
  0000:  01 03 04 1c 63 6e 3d 6d  61 6e 61 67 65 72 2c 64   ....cn=manager,d  
  0010:  63 3d 65 78 61 6d 70 6c  65 2c 64 63 3d 63 6f 6d   c=example,dc=com  
  0020:  80 06 73 65 63 72 65 74                            ..secret          
ldap_read: want=8 error=Resource temporarily unavailable

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   [EMAIL PROTECTED]
-----------------------------------

Re: Logging bind password

Reply via email to