Hello, we often have the question on this list: how apply a policy to a branch or a group of users?
I was thinking we could use autogroup we this kind of configuration: dn: olcOverlay={9}autogroup,olcDatabase={1}mdb,cn=config objectClass: top objectClass: olcConfig objectClass: olcAutomaticGroups objectClass: olcOverlayConfig olcOverlay: {9}autogroup olcAGattrSet: pwdPolicy memberUrl seeAlso olcAGmemberOfAd: pwdPolicySubentry The goal is to have a memberUrl inside a pwdPolicy object, that can target accounts that need to have this policy. For example: dn: cn=default,ou=ppolicies,dc=example,dc=com changetype: modify replace: memberURL memberURL: ldap:///ou=users,dc=example,dc=com??one?(uid=user*) The autogroup "olcAGattrSet" is working well, I can see the seeAlso values. But the "olcAGmemberOfAd" does not seem to be applied. I don't know if this is a conflict with ppolicy overlay, or other overlays (dynlist, memberof). I join a full debug log, maybe you can find what is going wrong. We see that "autogroup_member_search_modify_cb" function is called, but user entry is not modified. Do you think this configuration could work? -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com
5bbb13cb daemon: activity on 1 descriptor 5bbb13cb daemon: activity on: 5bbb13cb slap_listener_activate(7): 5bbb13cb daemon: epoll: listen=7 busy 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL 5bbb13cb >>> slap_listener(ldap://127.0.0.1:389) 5bbb13cb daemon: listen=7, new connection on 14 5bbb13cb daemon: activity on 1 descriptor 5bbb13cb daemon: activity on: 5bbb13cb daemon: epoll: listen=7 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL 5bbb13cb daemon: added 14r (active) listener=(nil) 5bbb13cb conn=1001 fd=14 ACCEPT from IP=127.0.0.1:36418 (IP=127.0.0.1:389) 5bbb13cb daemon: activity on 2 descriptors 5bbb13cb daemon: activity on: 14r 5bbb13cb daemon: read active on 14 5bbb13cb daemon: epoll: listen=7 active_threads=0 tvp=NULL 5bbb13cb connection_get(14) 5bbb13cb connection_get(14): got connid=1001 5bbb13cb connection_read(14): checking for input on id=1001 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL ber_get_next ldap_read: want=8, got=8 0000: 30 2c 02 01 01 60 27 02 0,...`'. ldap_read: want=38, got=38 0000: 01 03 04 1a 63 6e 3d 61 64 6d 69 6e 2c 64 63 3d ....cn=admin,dc= 0010: 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 80 06 example,dc=com.. 0020: 73 65 63 72 65 74 secret ber_get_next: tag 0x30 len 44 contents: ber_dump: buf=0x7f293010a580 ptr=0x7f293010a580 end=0x7f293010a5ac len=44 0000: 02 01 01 60 27 02 01 03 04 1a 63 6e 3d 61 64 6d ...`'.....cn=adm 0010: 69 6e 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 in,dc=example,dc 0020: 3d 63 6f 6d 80 06 73 65 63 72 65 74 =com..secret 5bbb13cb op tag 0x60, time 1538986955 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 5bbb13cb conn=1001 op=0 do_bind 5bbb13cb daemon: activity on 1 descriptor 5bbb13cb daemon: activity on: ber_scanf fmt ({imt) ber: ber_dump: buf=0x7f293010a580 ptr=0x7f293010a583 end=0x7f293010a5ac len=41 0000: 60 27 02 01 03 04 1a 63 6e 3d 61 64 6d 69 6e 2c `'.....cn=admin, 0010: 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f dc=example,dc=co 0020: 6d 80 06 73 65 63 72 65 74 m..secret ber_scanf fmt (m}) ber: ber_dump: buf=0x7f293010a580 ptr=0x7f293010a5a4 end=0x7f293010a5ac len=8 5bbb13cb daemon: epoll: listen=7 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL 0000: 00 06 73 65 63 72 65 74 ..secret 5bbb13cb >>> dnPrettyNormal: <cn=admin,dc=example,dc=com> => ldap_bv2dn(cn=admin,dc=example,dc=com,0) <= ldap_bv2dn(cn=admin,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=admin,dc=example,dc=com)=0 5bbb13cb <<< dnPrettyNormal: <cn=admin,dc=example,dc=com>, <cn=admin,dc=example,dc=com> 5bbb13cb conn=1001 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128 5bbb13cb do_bind: version=3 dn="cn=admin,dc=example,dc=com" method=128 5bbb13cb ==> mdb_bind: dn: cn=admin,dc=example,dc=com 5bbb13cb conn=1001 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 5bbb13cb do_bind: v3 bind: "cn=admin,dc=example,dc=com" to "cn=admin,dc=example,dc=com" 5bbb13cb send_ldap_result: conn=1001 op=0 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb => mdb_entry_get: ndn: "cn=admin,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=admin,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=admin,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: get failed: MDB_NOTFOUND: No matching key/data pair found (-30798) 5bbb13cb => mdb_entry_get: cannot find entry: "cn=admin,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=32 5bbb13cb send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ 5bbb13cb conn=1001 op=0 RESULT tag=97 err=0 text= 5bbb13cb daemon: activity on 1 descriptor 5bbb13cb daemon: activity on: 14r 5bbb13cb daemon: read active on 14 5bbb13cb daemon: epoll: listen=7 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL 5bbb13cb connection_get(14) 5bbb13cb connection_get(14): got connid=1001 5bbb13cb connection_read(14): checking for input on id=1001 ber_get_next ldap_read: want=8, got=8 0000: 30 7d 02 01 02 66 78 04 0}...fx. ldap_read: want=119, got=119 0000: 29 63 6e 3d 64 65 66 61 75 6c 74 2c 6f 75 3d 70 )cn=default,ou=p 0010: 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 61 6d policies,dc=exam 0020: 70 6c 65 2c 64 63 3d 63 6f 6d 30 4b 30 49 0a 01 ple,dc=com0K0I.. 0030: 02 30 44 04 09 6d 65 6d 62 65 72 55 52 4c 31 37 .0D..memberURL17 0040: 04 35 6c 64 61 70 3a 2f 2f 2f 6f 75 3d 75 73 65 .5ldap:///ou=use 0050: 72 73 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 63 rs,dc=example,dc 0060: 3d 63 6f 6d 3f 3f 6f 6e 65 3f 28 75 69 64 3d 75 =com??one?(uid=u 0070: 73 65 72 31 32 33 29 ser123) ber_get_next: tag 0x30 len 125 contents: ber_dump: buf=0x7f292c103c90 ptr=0x7f292c103c90 end=0x7f292c103d0d len=125 0000: 02 01 02 66 78 04 29 63 6e 3d 64 65 66 61 75 6c ...fx.)cn=defaul 0010: 74 2c 6f 75 3d 70 70 6f 6c 69 63 69 65 73 2c 64 t,ou=ppolicies,d 0020: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d c=example,dc=com 0030: 30 4b 30 49 0a 01 02 30 44 04 09 6d 65 6d 62 65 0K0I...0D..membe 0040: 72 55 52 4c 31 37 04 35 6c 64 61 70 3a 2f 2f 2f rURL17.5ldap:/// 0050: 6f 75 3d 75 73 65 72 73 2c 64 63 3d 65 78 61 6d ou=users,dc=exam 0060: 70 6c 65 2c 64 63 3d 63 6f 6d 3f 3f 6f 6e 65 3f ple,dc=com??one? 0070: 28 75 69 64 3d 75 73 65 72 31 32 33 29 (uid=user123) 5bbb13cb op tag 0x66, time 1538986955 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 5bbb13cb conn=1001 op=1 do_modify ber_scanf fmt ({m) ber: 5bbb13cb daemon: activity on 1 descriptor 5bbb13cb daemon: activity on: 5bbb13cb daemon: epoll: listen=7 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL ber_dump: buf=0x7f292c103c90 ptr=0x7f292c103c93 end=0x7f292c103d0d len=122 0000: 66 78 04 29 63 6e 3d 64 65 66 61 75 6c 74 2c 6f fx.)cn=default,o 0010: 75 3d 70 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 u=ppolicies,dc=e 0020: 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 30 4b 30 xample,dc=com0K0 0030: 49 0a 01 02 30 44 04 09 6d 65 6d 62 65 72 55 52 I...0D..memberUR 0040: 4c 31 37 04 35 6c 64 61 70 3a 2f 2f 2f 6f 75 3d L17.5ldap:///ou= 0050: 75 73 65 72 73 2c 64 63 3d 65 78 61 6d 70 6c 65 users,dc=example 0060: 2c 64 63 3d 63 6f 6d 3f 3f 6f 6e 65 3f 28 75 69 ,dc=com??one?(ui 0070: 64 3d 75 73 65 72 31 32 33 29 d=user123) 5bbb13cb conn=1001 op=1 do_modify: dn (cn=default,ou=ppolicies,dc=example,dc=com) ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x7f292c103c90 ptr=0x7f292c103cc2 end=0x7f292c103d0d len=75 0000: 30 49 0a 01 02 30 44 04 09 6d 65 6d 62 65 72 55 0I...0D..memberU 0010: 52 4c 31 37 04 35 6c 64 61 70 3a 2f 2f 2f 6f 75 RL17.5ldap:///ou 0020: 3d 75 73 65 72 73 2c 64 63 3d 65 78 61 6d 70 6c =users,dc=exampl 0030: 65 2c 64 63 3d 63 6f 6d 3f 3f 6f 6e 65 3f 28 75 e,dc=com??one?(u 0040: 69 64 3d 75 73 65 72 31 32 33 29 id=user123) 5bbb13cb >>> dnPrettyNormal: <cn=default,ou=ppolicies,dc=example,dc=com> => ldap_bv2dn(cn=default,ou=ppolicies,dc=example,dc=com,0) <= ldap_bv2dn(cn=default,ou=ppolicies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=ppolicies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=ppolicies,dc=example,dc=com)=0 5bbb13cb <<< dnPrettyNormal: <cn=default,ou=ppolicies,dc=example,dc=com>, <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb conn=1001 op=1 modifications: 5bbb13cb replace: memberURL 5bbb13cb one value, length 53 5bbb13cb conn=1001 op=1 MOD dn="cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb conn=1001 op=1 MOD attr=memberURL 5bbb13cb ==> autogroup_modify_entry <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb dnMatch 0 "cn=default,ou=ppolicies,dc=example,dc=com" "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_search 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => access_allowed: search access to "cn=default,ou=ppolicies,dc=example,dc=com" "entry" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb base_candidates: base: "cn=default,ou=ppolicies,dc=example,dc=com" (0x00000040) 5bbb13cb => test_filter 5bbb13cb EQUALITY 5bbb13cb => access_allowed: search access to "cn=default,ou=ppolicies,dc=example,dc=com" "objectClass" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb <= test_filter 5 5bbb13cb mdb_search: 64 does not match filter 5bbb13cb send_ldap_result: conn=1001 op=1 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb ==> unique_modify <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb constraint_update() 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb ppolicy_get: using default policy 5bbb13cb mdb_modify: cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb slap_queue_csn: queueing 0x7f292c104650 20181008082235.383864Z#000000#001#000000 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb mdb_modify_internal: 0x00000040: cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb <= acl_access_allowed: granted to database root 5bbb13cb mdb_modify_internal: replace memberURL 5bbb13cb mdb_modify_internal: replace entryCSN 5bbb13cb mdb_modify_internal: replace modifiersName 5bbb13cb mdb_modify_internal: replace modifyTimestamp 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "device" 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "pwdPolicy" 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "extensibleObject" 5bbb13cb mdb_idl_delete_keys: 40 5bbb13cb mdb_idl_insert_keys: 40 5bbb13cb => mdb_entry_encode(0x00000040): cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb <= mdb_entry_encode(0x00000040): cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb mdb_modify: updated id=00000040 dn="cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb send_ldap_result: conn=1001 op=1 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb ==> autogroup_response MODIFY <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb dnMatch 0 "cn=default,ou=ppolicies,dc=example,dc=com" "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb autogroup_response MODIFY changing memberURL for group <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb ==> autogroup_delete_member_from_group removing all members from <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb => mdb_search 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => access_allowed: search access to "cn=default,ou=ppolicies,dc=example,dc=com" "entry" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb base_candidates: base: "cn=default,ou=ppolicies,dc=example,dc=com" (0x00000040) 5bbb13cb => test_filter 5bbb13cb EQUALITY 5bbb13cb => access_allowed: search access to "cn=default,ou=ppolicies,dc=example,dc=com" "objectClass" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb <= test_filter 5 5bbb13cb mdb_search: 64 does not match filter 5bbb13cb send_ldap_result: conn=1001 op=1 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb ==> unique_modify <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb => access_allowed: manage access to "cn=default,ou=ppolicies,dc=example,dc=com" "entry" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: manage access granted by manage(=mwrscxd) 5bbb13cb unique_modify: administrative bypass, skipping 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb ppolicy_get: using default policy 5bbb13cb mdb_modify: cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb mdb_modify_internal: 0x00000040: cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb <= acl_access_allowed: granted to database root 5bbb13cb mdb_modify_internal: delete seeAlso 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "device" 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "pwdPolicy" 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "extensibleObject" 5bbb13cb => mdb_entry_encode(0x00000040): cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb <= mdb_entry_encode(0x00000040): cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb mdb_modify: updated id=00000040 dn="cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb send_ldap_result: conn=1001 op=1 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb ==> autogroup_delete_group <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb ==> autogroup_add_group <cn=default,ou=ppolicies,dc=example,dc=com> ldap_url_parse_ext(ldap:///ou=users,dc=example,dc=com??one?(uid=user123)) 5bbb13cb >>> dnPrettyNormal: <ou=users,dc=example,dc=com> => ldap_bv2dn(ou=users,dc=example,dc=com,0) <= ldap_bv2dn(ou=users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(ou=users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(ou=users,dc=example,dc=com)=0 5bbb13cb <<< dnPrettyNormal: <ou=users,dc=example,dc=com>, <ou=users,dc=example,dc=com> 5bbb13cb str2filter "(uid=user123)" put_filter: "(uid=user123)" put_filter: simple put_simple_filter: "uid=user123" 5bbb13cb begin get_filter 5bbb13cb EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x7f292c1070f0 ptr=0x7f292c1070f0 end=0x7f292c107100 len=16 0000: a3 0e 04 03 75 69 64 04 07 75 73 65 72 31 32 33 ....uid..user123 5bbb13cb end get_filter 0 5bbb13cb ==> autogroup_add_members_from_filter <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb => mdb_search 5bbb13cb mdb_dn2entry("ou=users,dc=example,dc=com") 5bbb13cb => mdb_dn2id("ou=users,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x2 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => access_allowed: search access to "ou=users,dc=example,dc=com" "entry" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb search_candidates: base="ou=users,dc=example,dc=com" (0x00000002) scope=1 5bbb13cb => mdb_filter_candidates 5bbb13cb OR 5bbb13cb => mdb_list_candidates 0xa1 5bbb13cb => mdb_filter_candidates 5bbb13cb EQUALITY 5bbb13cb => mdb_equality_candidates (objectClass) 5bbb13cb => key_read 5bbb13cb mdb_idl_fetch_key: [b49d1940] 5bbb13cb <= mdb_index_read: failed (-30798) 5bbb13cb <= mdb_equality_candidates: id=0, first=0, last=0 5bbb13cb <= mdb_filter_candidates: id=0 first=0 last=0 5bbb13cb => mdb_filter_candidates 5bbb13cb EQUALITY 5bbb13cb => mdb_equality_candidates (uid) 5bbb13cb => key_read 5bbb13cb mdb_idl_fetch_key: [c04ab411] 5bbb13cb <= mdb_index_read 1 candidates 5bbb13cb <= mdb_equality_candidates: id=1, first=212, last=212 5bbb13cb <= mdb_filter_candidates: id=1 first=212 last=212 5bbb13cb <= mdb_list_candidates: id=1 first=212 last=212 5bbb13cb <= mdb_filter_candidates: id=1 first=212 last=212 5bbb13cb mdb_search_candidates: id=1 first=212 last=212 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => test_filter 5bbb13cb EQUALITY 5bbb13cb => access_allowed: search access to "uid=user123,ou=users,dc=example,dc=com" "uid" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb <= test_filter 6 5bbb13cb ==> autogroup_member_search_modify_cb <uid=user123,ou=users,dc=example,dc=com> 5bbb13cb send_ldap_result: conn=1001 op=1 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb => mdb_search 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => access_allowed: search access to "cn=default,ou=ppolicies,dc=example,dc=com" "entry" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb base_candidates: base: "cn=default,ou=ppolicies,dc=example,dc=com" (0x00000040) 5bbb13cb => test_filter 5bbb13cb EQUALITY 5bbb13cb => access_allowed: search access to "cn=default,ou=ppolicies,dc=example,dc=com" "objectClass" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: search access granted by manage(=mwrscxd) 5bbb13cb <= test_filter 5 5bbb13cb mdb_search: 64 does not match filter 5bbb13cb send_ldap_result: conn=1001 op=1 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb ==> unique_modify <cn=default,ou=ppolicies,dc=example,dc=com> 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb => access_allowed: manage access to "cn=default,ou=ppolicies,dc=example,dc=com" "entry" requested 5bbb13cb <= root access granted 5bbb13cb => access_allowed: manage access granted by manage(=mwrscxd) 5bbb13cb unique_modify: administrative bypass, skipping 5bbb13cb => mdb_entry_get: ndn: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb => mdb_entry_get: oc: "(null)", at: "(null)" 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb => mdb_entry_get: found entry: "cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb mdb_entry_get: rc=0 5bbb13cb ppolicy_get: using default policy 5bbb13cb mdb_modify: cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb mdb_dn2entry("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb => mdb_dn2id("cn=default,ou=ppolicies,dc=example,dc=com") 5bbb13cb <= mdb_dn2id: got id=0x40 5bbb13cb => mdb_entry_decode: 5bbb13cb <= mdb_entry_decode 5bbb13cb mdb_modify_internal: 0x00000040: cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb <= acl_access_allowed: granted to database root 5bbb13cb mdb_modify_internal: add seeAlso 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "device" 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "pwdPolicy" 5bbb13cb oc_check_required entry (cn=default,ou=ppolicies,dc=example,dc=com), objectClass "extensibleObject" 5bbb13cb => mdb_entry_encode(0x00000040): cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb <= mdb_entry_encode(0x00000040): cn=default,ou=ppolicies,dc=example,dc=com 5bbb13cb mdb_modify: updated id=00000040 dn="cn=default,ou=ppolicies,dc=example,dc=com" 5bbb13cb send_ldap_result: conn=1001 op=1 p=3 5bbb13cb send_ldap_result: err=0 matched="" text="" 5bbb13cb autogroup_add_group: added memberURL DN <ou=users,dc=example,dc=com> with filter <(uid=user123)> 5bbb13cb send_ldap_response: msgid=2 tag=103 err=0 ber_flush2: 14 bytes to sd 14 0000: 30 0c 02 01 02 67 07 0a 01 00 04 00 04 00 0....g........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 67 07 0a 01 00 04 00 04 00 0....g........ 5bbb13cb conn=1001 op=1 RESULT tag=103 err=0 text= 5bbb13cb slap_graduate_commit_csn: removing 0x7f292c104650 20181008082235.383864Z#000000#001#000000 5bbb13cb daemon: activity on 1 descriptor 5bbb13cb daemon: activity on: 14r 5bbb13cb daemon: read active on 14 5bbb13cb daemon: epoll: listen=7 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL 5bbb13cb connection_get(14) 5bbb13cb connection_get(14): got connid=1001 5bbb13cb connection_read(14): checking for input on id=1001 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x7f293015e3c0 ptr=0x7f293015e3c0 end=0x7f293015e3c5 len=5 0000: 02 01 03 42 00 ...B. 5bbb13cb op tag 0x42, time 1538986955 ber_get_next ldap_read: want=8, got=0 5bbb13cb ber_get_next on fd 14 failed errno=0 (Success) 5bbb13cb connection_read(14): input error=-2 id=1001, closing. 5bbb13cb connection_closing: readying conn=1001 sd=14 for close 5bbb13cb connection_close: deferring conn=1001 sd=14 5bbb13cb daemon: activity on 1 descriptor 5bbb13cb daemon: activity on: 5bbb13cb conn=1001 op=2 do_unbind 5bbb13cb daemon: epoll: listen=7 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=8 active_threads=0 tvp=NULL 5bbb13cb daemon: epoll: listen=9 active_threads=0 tvp=NULL 5bbb13cb conn=1001 op=2 UNBIND 5bbb13cb connection_resched: attempting closing conn=1001 sd=14 5bbb13cb connection_close: conn=1001 sd=14 5bbb13cb daemon: removing 14 5bbb13cb conn=1001 fd=14 closed