Re: openldap password fails to update
Le samedi 8 mars 2014, 14:20:23 Matthew Weigel a écrit : > On 03/08/2014 12:16 PM, Stéphane Guedon wrote: > >> I am looking through logs and config since the beginning of the > >> day... Actually, asking help on forums or mailing lists is always > >> my last step in solving problems... > > We try to help. > > But... giving detailed descriptions of the problem, and showing > relevant configs and logs the first time, goes a long way to > helping people help you. > > Reading manuals helps too. Among others, ypldap(8), ypldap.conf(5), > login.conf(5), login_ldap(8) from ports, and whatever manuals for > OpenLDAP. > > But why can't I authenticate (using ssh or login) on the system ? > > Do I really have to go through ypldap ? Sounds not efficient to > > have an intermediate ! > > There are two separate mechanisms: how user information is looked > up, and how users are authenticated. You provide zero details on > how ypldap or login_ldap are configured, so it's hard to guess > whether you have some configuration wrong. I can say it works for > me. Because when beginning, I just tried to auth with ldap alone ! Now that I try with ldap + ypldap, it works. Thanks Guys ! I solved it... > > The user lookup is configured (via +:: entries in /etc/passwd and > /etc/group) to use YP routines. Thus the user is looked up in ypldap > when they attempt to login, which is configured to identify the > user's login class as ldap. The ldap login class is configured in > login.conf to authenticate via login_ldap talking to the LDAP > server, which is configured to have the appropriate users. > > This is what I meant by "that's a lot more moving parts than just > passwords in LDAP." [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: openldap password fails to update
Le samedi 8 mars 2014, 16:14:53 Matthew Weigel a écrit : > On 03/08/2014 03:11 PM, Stéphane Guedon wrote: > > when I use 127.0.0.1 in php scripts, I can use ldap. > > if the script is running with 'localhost' then, no ldap data... > > > > Any idea why ? > > I have checked host resolution... > > telnet localhost ldap gives the good behavior > > Is PHP running inside a chroot? Does that chroot have an /etc/hosts > with an entry for localhost? you get it ! By copying the hosts system file in the nginx/php chroot, I am now able to log in. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: openldap password fails to update
On 03/08/2014 03:11 PM, Stéphane Guedon wrote: > when I use 127.0.0.1 in php scripts, I can use ldap. > if the script is running with 'localhost' then, no ldap data... > > Any idea why ? > I have checked host resolution... > telnet localhost ldap gives the good behavior Is PHP running inside a chroot? Does that chroot have an /etc/hosts with an entry for localhost? -- Matthew Weigel hacker unique & idempot . ent
Re: openldap password fails to update
Le samedi 8 mars 2014, 19:16:07 Stéphane Guedon a écrit :
> Le samedi 8 mars 2014, 17:21:26 Stéphane Guedon a écrit :
> > Le samedi 8 mars 2014, 09:09:08 Matthew Weigel a écrit :
> > > On Mar 8, 2014, at 6:29 AM, Stéphane Guedon
> >
> > wrote:
> > > > Notably, the user fails to auth and do login (with openbsd
> > > > login
> > > > system AND webpages) eventhough password is correct according
> > > > to
> > > > ldap itself !
> > >
> > > That's a lot more moving parts than just passwords in LDAP.
> >
> > Yes, but passwords are the first things to change to secure your
> > users/install.
> >
> > I am currently working on a little webpage in python to allow
> > easy
> > ldap management (add/remove users and groups, passwords update).
> >
> > > Have you
> > > checked your configuration of all those moving parts? Looked at
> > > logs? You don't even mention what else you're using, much less
> > > how
> > > they've been configured or what their logs report.
> >
> > I am looking through logs and config since the beginning of the
> > day... Actually, asking help on forums or mailing lists is always
> > my last step in solving problems...
> >
> > here is my config :
> >
> >
> > include schema/core.schema
> > include schema/cosine.schema
> > include schema/inetorgperson.schema
> > include schema/misc.schema
> > include schema/nis.schema
> > include schema/openldap.schema
> >
> > loglevel256
> >
> > pidfile run/slapd.pid
> > argsfilerun/slapd.args
> > allow bind_v2
> > password-hash {SHA}
> >
> > ##
> > ## ### # BDB database definitions
> > ##
> > ## ###
> >
> > databasebdb
> > suffix "dc=22decembre,dc=eu"
> > rootdn "cn=admin,dc=22decembre,dc=eu"
> >
> > access to dn.base="" by * read
> > access to dn.base="cn=Subschema" by * read
> >
> > #access to attrs=userpassword
> > # by self write
> > # by anonymous auth
> > # by * none
> >
> > #rootpw secret
> > rootpw {SSHA}vdszl5a7z9UlAU6iHU0xlKJCY+Tpgmv+
> >
> > # The database directory MUST exist prior to running slapd AND
> > # should only be accessible by the slapd and slap tools.
> > # Mode 700 recommended.
> > directory data
> > # Indices to maintain
> > index objectClass eq
> > index uid eq
> > index uidNumber eq
> > index gidNumber eq
> > index memberUid eq
> > index homeDirectory eq
> > index loginShell eq
> > index cn,gn,mail pres,eq,sub
> >
> > ##
> >
> > I have tried to disable all acl (so default policy : everything
> > readable). But still no possible to logon.
> >
> > Here is what I get when trying to using the login_ldap with
> > debugging
> >
> >
> > # /usr/local/libexec/auth/login_-ldap -d -s login stephane ldap
> > Password:
> >
> > load_ssl_certs says:
> > cacert none
> > cacertdir none
> > usercert none
> > userkey none
> >
> > parse_server_line buf = localhost
> > parse_server_line port == NULL, will use default
> > parse_server_line mode == NULL, will use default
> > host localhost, port 389, version 3
> > setting cert info
> > clearing ssl set
> > connect success!
> > set version to 3
> >
> > defaults:
> > basedn ou=users,dc=22decembre,dc=eu
> > binddn none
> > bindpw none
> >
> > set timeout sec 60, usec 6
> > set noref 0
> > set keepcreds 0
> > bind success!
> >
> > usearch:
> > ufilter (&(objectclass=posixAccount)(uid=stephane))
> > scope: sub
> >
> > 0: search (ou=users,dc=22decembre,dc=eu,
> > (&(objectclass=posixAccount) (uid=stephane)))
> > 1: msgid 0, type 64
> > 1: SEARCH_ENTRY userdn uid=stephane,ou=users,dc=22decembre,dc=eu
> > 1: msgid 1, type 65
> > 1: returning userdn = uid=stephane,ou=users,dc=22decembre,dc=eu
> > userdn uid=stephane,ou=users,dc=22decembre,dc=eu
> > user bind failed, dn: uid=stephane,ou=users,dc=22decembre,dc=eu
> > reject
>
> when using the one in /usr/libexec/auth/login_... instead of
> /usr/local/libexec... it works !
>
> and I can start ypldap !
>
> But why can't I authenticate (using ssh or login) on the system ? Do
> I really have to go through ypldap ? Sounds not efficient to have
> an intermediate !
>
> And still having problem with my php scripts, which I am debugging
> now.
found the thing...
when I use 127.0.0.1 in php scripts, I can use ldap.
if the script is running with 'localhost' then, no ldap data...
Any idea why ?
I have checked host resolution...
telnet localhost ldap gives the good behavior
# netstat -at|grep ldap
tcp 0 0 localhost.29434localhost.ldap
TIME_WAIT
tcp 0 0 *.ldap *.*
LISTEN
tcp 0 0 localhost.ldap *.*
LISTEN
tcp6
Re: openldap password fails to update
On 2014-03-08, Stéphane Guedon wrote: > Notably, the user fails to auth and do login (with openbsd login > system AND webpages) eventhough password is correct according to ldap > itself ! How are you doing ldap authentication? (i.e. what software are you using, and how does it authenticate? attempt binding as the user trying to login, or looking up the password via a high-privileged account? I'm using login-ldap from packages for ldap password auth, this works fine for me against passwords stored in openldap. I have this in login.conf: ldap:\ :auth=-ldap:\ :x-ldap-server=127.0.0.1:\ :x-ldap-timeout=5:\ :x-ldap-basedn=ou=user,dc=exaple,dc=com:\ :x-ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\ :tc=default: and set the login class to "ldap" on accounts which should use this as their password source (e.g. class is the 5th field in master.passwd if using statically configured accounts with ldap passwords, or 'fixed attribute class "ldap"' in ypldap.conf if doing it that way).
Re: openldap password fails to update
On 03/08/2014 12:16 PM, Stéphane Guedon wrote: >> I am looking through logs and config since the beginning of the >> day... Actually, asking help on forums or mailing lists is always >> my last step in solving problems... We try to help. But... giving detailed descriptions of the problem, and showing relevant configs and logs the first time, goes a long way to helping people help you. Reading manuals helps too. Among others, ypldap(8), ypldap.conf(5), login.conf(5), login_ldap(8) from ports, and whatever manuals for OpenLDAP. > But why can't I authenticate (using ssh or login) on the system ? Do I > really have to go through ypldap ? Sounds not efficient to have an > intermediate ! There are two separate mechanisms: how user information is looked up, and how users are authenticated. You provide zero details on how ypldap or login_ldap are configured, so it's hard to guess whether you have some configuration wrong. I can say it works for me. The user lookup is configured (via +:: entries in /etc/passwd and /etc/group) to use YP routines. Thus the user is looked up in ypldap when they attempt to login, which is configured to identify the user's login class as ldap. The ldap login class is configured in login.conf to authenticate via login_ldap talking to the LDAP server, which is configured to have the appropriate users. This is what I meant by "that's a lot more moving parts than just passwords in LDAP." -- Matthew Weigel hacker unique & idempot . ent
Re: openldap password fails to update
Le samedi 8 mars 2014, 17:21:26 Stéphane Guedon a écrit :
> Le samedi 8 mars 2014, 09:09:08 Matthew Weigel a écrit :
> > On Mar 8, 2014, at 6:29 AM, Stéphane Guedon
>
> wrote:
> > > Notably, the user fails to auth and do login (with openbsd login
> > > system AND webpages) eventhough password is correct according to
> > > ldap itself !
> >
> > That's a lot more moving parts than just passwords in LDAP.
>
> Yes, but passwords are the first things to change to secure your
> users/install.
>
> I am currently working on a little webpage in python to allow easy
> ldap management (add/remove users and groups, passwords update).
>
> > Have you
> > checked your configuration of all those moving parts? Looked at
> > logs? You don't even mention what else you're using, much less how
> > they've been configured or what their logs report.
>
> I am looking through logs and config since the beginning of the
> day... Actually, asking help on forums or mailing lists is always
> my last step in solving problems...
>
> here is my config :
>
>
> include schema/core.schema
> include schema/cosine.schema
> include schema/inetorgperson.schema
> include schema/misc.schema
> include schema/nis.schema
> include schema/openldap.schema
>
> loglevel256
>
> pidfile run/slapd.pid
> argsfilerun/slapd.args
> allow bind_v2
> password-hash {SHA}
>
>
> ### # BDB database definitions
>
> ###
>
> databasebdb
> suffix "dc=22decembre,dc=eu"
> rootdn "cn=admin,dc=22decembre,dc=eu"
>
> access to dn.base="" by * read
> access to dn.base="cn=Subschema" by * read
>
> #access to attrs=userpassword
> # by self write
> # by anonymous auth
> # by * none
>
> #rootpw secret
> rootpw {SSHA}vdszl5a7z9UlAU6iHU0xlKJCY+Tpgmv+
>
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory data
> # Indices to maintain
> index objectClass eq
> index uid eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index homeDirectory eq
> index loginShell eq
> index cn,gn,mail pres,eq,sub
>
> ##
>
> I have tried to disable all acl (so default policy : everything
> readable). But still no possible to logon.
>
> Here is what I get when trying to using the login_ldap with
> debugging
>
>
> # /usr/local/libexec/auth/login_-ldap -d -s login stephane ldap
> Password:
> load_ssl_certs says:
> cacert none
> cacertdir none
> usercert none
> userkey none
> parse_server_line buf = localhost
> parse_server_line port == NULL, will use default
> parse_server_line mode == NULL, will use default
> host localhost, port 389, version 3
> setting cert info
> clearing ssl set
> connect success!
> set version to 3
> defaults:
> basedn ou=users,dc=22decembre,dc=eu
> binddn none
> bindpw none
> set timeout sec 60, usec 6
> set noref 0
> set keepcreds 0
> bind success!
> usearch:
> ufilter (&(objectclass=posixAccount)(uid=stephane))
> scope: sub
> 0: search (ou=users,dc=22decembre,dc=eu,
> (&(objectclass=posixAccount) (uid=stephane)))
> 1: msgid 0, type 64
> 1: SEARCH_ENTRY userdn uid=stephane,ou=users,dc=22decembre,dc=eu
> 1: msgid 1, type 65
> 1: returning userdn = uid=stephane,ou=users,dc=22decembre,dc=eu
> userdn uid=stephane,ou=users,dc=22decembre,dc=eu
> user bind failed, dn: uid=stephane,ou=users,dc=22decembre,dc=eu
> reject
when using the one in /usr/libexec/auth/login_... instead of
/usr/local/libexec... it works !
and I can start ypldap !
But why can't I authenticate (using ssh or login) on the system ? Do I
really have to go through ypldap ? Sounds not efficient to have an
intermediate !
And still having problem with my php scripts, which I am debugging
now.
Thanks for your help and answers. Please continue if you have any idea
! :D
>
> > I am using ypldap from base and login_ldap from ports; your
> > mileage
> > may vary.
> >
> > > By the way, anybody use the light ldapd daemon included in base
> > > ?
> > > can we update password with it ?
> >
> > I use it. It does not currently support the modify password
> > extended operation (what ldappasswd relies on). I am working on a
> > patch for it but I haven't finished it and it requires a bit more
> > refactoring than just processing one new request.
>
> Ok, so I think I will check ldapd from time to time...
>
> > --
> > Matthew Weigel
Re: openldap password fails to update
Le samedi 8 mars 2014, 09:09:08 Matthew Weigel a écrit :
> On Mar 8, 2014, at 6:29 AM, Stéphane Guedon
wrote:
> > Notably, the user fails to auth and do login (with openbsd login
> > system AND webpages) eventhough password is correct according to
> > ldap itself !
>
> That's a lot more moving parts than just passwords in LDAP.
Yes, but passwords are the first things to change to secure your
users/install.
I am currently working on a little webpage in python to allow easy
ldap management (add/remove users and groups, passwords update).
> Have you
> checked your configuration of all those moving parts? Looked at
> logs? You don't even mention what else you're using, much less how
> they've been configured or what their logs report.
I am looking through logs and config since the beginning of the day...
Actually, asking help on forums or mailing lists is always my last
step in solving problems...
here is my config :
include schema/core.schema
include schema/cosine.schema
include schema/inetorgperson.schema
include schema/misc.schema
include schema/nis.schema
include schema/openldap.schema
loglevel256
pidfile run/slapd.pid
argsfilerun/slapd.args
allow bind_v2
password-hash {SHA}
###
# BDB database definitions
###
databasebdb
suffix "dc=22decembre,dc=eu"
rootdn "cn=admin,dc=22decembre,dc=eu"
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
#access to attrs=userpassword
# by self write
# by anonymous auth
# by * none
#rootpw secret
rootpw {SSHA}vdszl5a7z9UlAU6iHU0xlKJCY+Tpgmv+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory data
# Indices to maintain
index objectClass eq
index uid eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index homeDirectory eq
index loginShell eq
index cn,gn,mail pres,eq,sub
##
I have tried to disable all acl (so default policy : everything
readable). But still no possible to logon.
Here is what I get when trying to using the login_ldap with debugging
:
# /usr/local/libexec/auth/login_-ldap -d -s login stephane ldap
Password:
load_ssl_certs says:
cacert none
cacertdir none
usercert none
userkey none
parse_server_line buf = localhost
parse_server_line port == NULL, will use default
parse_server_line mode == NULL, will use default
host localhost, port 389, version 3
setting cert info
clearing ssl set
connect success!
set version to 3
defaults:
basedn ou=users,dc=22decembre,dc=eu
binddn none
bindpw none
set timeout sec 60, usec 6
set noref 0
set keepcreds 0
bind success!
usearch:
ufilter (&(objectclass=posixAccount)(uid=stephane))
scope: sub
0: search (ou=users,dc=22decembre,dc=eu, (&(objectclass=posixAccount)
(uid=stephane)))
1: msgid 0, type 64
1: SEARCH_ENTRY userdn uid=stephane,ou=users,dc=22decembre,dc=eu
1: msgid 1, type 65
1: returning userdn = uid=stephane,ou=users,dc=22decembre,dc=eu
userdn uid=stephane,ou=users,dc=22decembre,dc=eu
user bind failed, dn: uid=stephane,ou=users,dc=22decembre,dc=eu
reject
> I am using ypldap from base and login_ldap from ports; your mileage
> may vary.
> > By the way, anybody use the light ldapd daemon included in base ?
> > can we update password with it ?
>
> I use it. It does not currently support the modify password extended
> operation (what ldappasswd relies on). I am working on a patch for
> it but I haven't finished it and it requires a bit more refactoring
> than just processing one new request.
Ok, so I think I will check ldapd from time to time...
> --
> Matthew Weigel
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Re: openldap password fails to update
On Mar 8, 2014, at 6:29 AM, Stéphane Guedon wrote: > > Notably, the user fails to auth and do login (with openbsd login > system AND webpages) eventhough password is correct according to ldap > itself ! That's a lot more moving parts than just passwords in LDAP. Have you checked your configuration of all those moving parts? Looked at logs? You don't even mention what else you're using, much less how they've been configured or what their logs report. I am using ypldap from base and login_ldap from ports; your mileage may vary. > By the way, anybody use the light ldapd daemon included in base ? can > we update password with it ? I use it. It does not currently support the modify password extended operation (what ldappasswd relies on). I am working on a patch for it but I haven't finished it and it requires a bit more refactoring than just processing one new request. Until that's done I rely on a short Perl script I wrote. It's a pretty simple kind of thing to do; it is more a codification of a particular policy than a technically challenging problem. -- Matthew Weigel
Re: openldap password fails to update
Le samedi 8 mars 2014, 12:23:19 Stuart Henderson a écrit :
> On 2014-03-07, Stéphane Guedon wrote:
> > But when I try to change this user password it fails :
> >
> > # ldappasswd -x -v -D "uid=test,ou=users,dc=22decembre,dc=eu" \
> > -w somesecret -s anothersec
> > ldap_initialize( )
> > Result: Other (e.g., implementation specific) error (80)
> > Additional info: password hash failed
>
> What is "password-hash" set to in slapd.conf on the server?
>
> I think there is a bug with "password-hash {CRYPT}", if you use this
> you can try "password-hash {SSHA}" for now, or (probably better)
> encrypt the password locally and change it using ldapmodify (or
> ldapvi, etc).
>
> > slappasswd never gives the same result !
>
> That's expected for salted hashes.
>
> > Does any of you can suggest what's wrong ? Do you need other
> > information ?
>
> It won't necessarily help, but you should always mention versions
> (or dates if building from source) of any relevant software and
> what machine architecture you use in any problem report.
Thanks everybody from the list...
I changed the standard hash yesterday and now, password update works.
But I am still having problems with other parts of the ldap...
Notably, the user fails to auth and do login (with openbsd login
system AND webpages) eventhough password is correct according to ldap
itself !
By the way, anybody use the light ldapd daemon included in base ? can
we update password with it ?
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Re: openldap password fails to update
On 2014-03-07, Stéphane Guedon wrote:
> But when I try to change this user password it fails :
>
> # ldappasswd -x -v -D "uid=test,ou=users,dc=22decembre,dc=eu" \
> -w somesecret -s anothersec
> ldap_initialize( )
> Result: Other (e.g., implementation specific) error (80)
> Additional info: password hash failed
What is "password-hash" set to in slapd.conf on the server?
I think there is a bug with "password-hash {CRYPT}", if you use this
you can try "password-hash {SSHA}" for now, or (probably better)
encrypt the password locally and change it using ldapmodify (or
ldapvi, etc).
> slappasswd never gives the same result !
That's expected for salted hashes.
> Does any of you can suggest what's wrong ? Do you need other
> information ?
It won't necessarily help, but you should always mention versions (or
dates if building from source) of any relevant software and what machine
architecture you use in any problem report.
Re: openldap password fails to update
On 03/07/2014 04:22 AM, Stéphane Guedon wrote:
# ldappasswd -x -v -D "uid=test,ou=users,dc=22decembre,dc=eu" \
-w somesecret -s anothersec
ldap_initialize( )
Result: Other (e.g., implementation specific) error (80)
Additional info: password hash failed
I'm sorry, it's not clear that this is an OpenBSD problem. See, for
example,
http://www.openldap.org/lists/openldap-technical/200902/msg00186.html
There's another thing strange, maybe related to the problem :
slappasswd never gives the same result !
# slappasswd
New password:
Re-enter new password:
{SSHA}8ip4+k3gVAN6Gggf2szhJxo052sI3Fyc
# slappasswd
New password:
Re-enter new password:
{SSHA}JvduTI/JAX1G9AhtlCYEjNHl/6DbE6hs
The whole point of salting is to make the hash different each time. A
random salt is used to alter the hash and then that salt is added to the
end of the hashed string before being base64-encoded to give you the
hash you see.
--
Matthew Weigel
hacker
unique & idempot . ent
openldap password fails to update
Hello everybody.
I am currently finishing my openbsd server. Most of installation gone
pretty well :-).
I run now in openldap. I successfully installed the server and
launched it in chroot for security.
My problem is weird : using ldapadd, I can add peoples and stuff.
ldapadd -x -D "cn=admin,dc=22decembre,dc=eu" -w secret -f stef.ldif
adding new entry "uid=test,ou=users,dc=22decembre,dc=eu"
But when I try to change this user password it fails :
# ldappasswd -x -v -D "uid=test,ou=users,dc=22decembre,dc=eu" \
-w somesecret -s anothersec
ldap_initialize( )
Result: Other (e.g., implementation specific) error (80)
Additional info: password hash failed
and when looking in logs I don't see why it fails !
Mar 7 10:29:35 blackblock slapd[26351]: => slap_access_allowed: auth
access granted by auth(=xd)
Mar 7 10:29:35 blackblock slapd[26351]: => access_allowed: auth
access granted by auth(=xd)
Mar 7 10:29:35 blackblock slapd[26351]: conn=1014 op=0 BIND
dn="uid=test,ou=users,dc=22decembre,dc=eu" mech=SIMPLE ssf=0
Mar 7 10:29:35 blackblock slapd[26351]: do_bind: v3 bind:
"uid=test,ou=users,dc=22decembre,dc=eu" to
"uid=test,ou=users,dc=22decembre,dc=eu"
Mar 7 10:29:35 blackblock slapd[26351]: send_ldap_result: conn=1014
op=0 p=3
Mar 7 10:29:35 blackblock slapd[26351]: send_ldap_result: err=0
matched="" text=""
Mar 7 10:29:35 blackblock slapd[26351]: send_ldap_response: msgid=1
tag=97 err=0
Mar 7 10:29:35 blackblock slapd[26351]: conn=1014 op=0 RESULT tag=97
err=0 text=
Mar 7 10:29:35 blackblock slapd[26351]: daemon: activity on 1
descriptor
Mar 7 10:29:35 blackblock slapd[26351]: daemon: activity on:
Mar 7 10:29:35 blackblock slapd[26351]: 22r
Mar 7 10:29:35 blackblock slapd[26351]:
Mar 7 10:29:35 blackblock slapd[26351]: daemon: read activity on 22
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=6
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=7
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: connection_get(22)
Mar 7 10:29:35 blackblock slapd[26351]: connection_get(22): got
connid=1014
Mar 7 10:29:35 blackblock slapd[26351]: connection_read(22): checking
for input on id=1014
Mar 7 10:29:35 blackblock slapd[26351]: op tag 0x77, time 1394184575
Mar 7 10:29:35 blackblock slapd[26351]: daemon: activity on 1
descriptor
Mar 7 10:29:35 blackblock slapd[26351]: daemon: waked
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=6
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=7
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: conn=1014 op=1 do_extended
Mar 7 10:29:35 blackblock slapd[26351]: conn=1014 op=1 EXT
oid=1.3.6.1.4.1.4203.1.11.1
Mar 7 10:29:35 blackblock slapd[26351]: do_extended:
oid=1.3.6.1.4.1.4203.1.11.1
Mar 7 10:29:35 blackblock slapd[26351]: conn=1014 op=1 PASSMOD new
Mar 7 10:29:35 blackblock slapd[26351]:
bdb_dn2entry("uid=test,ou=users,dc=22decembre,dc=eu")
Mar 7 10:29:35 blackblock slapd[26351]: send_ldap_extended: err=80
oid= len=0
Mar 7 10:29:35 blackblock slapd[26351]: send_ldap_response: msgid=2
tag=120 err=80
Mar 7 10:29:35 blackblock slapd[26351]: conn=1014 op=1 RESULT oid=
err=80 text=password hash failed
Mar 7 10:29:35 blackblock slapd[26351]: daemon: activity on 1
descriptor
Mar 7 10:29:35 blackblock slapd[26351]: daemon: activity on:
Mar 7 10:29:35 blackblock slapd[26351]: 22r
Mar 7 10:29:35 blackblock slapd[26351]:
Mar 7 10:29:35 blackblock slapd[26351]: daemon: read activity on 22
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=6
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: connection_get(22)
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=7
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: connection_get(22): got
connid=1014
Mar 7 10:29:35 blackblock slapd[26351]: connection_read(22): checking
for input on id=1014
Mar 7 10:29:35 blackblock slapd[26351]: op tag 0x42, time 1394184575
Mar 7 10:29:35 blackblock slapd[26351]: ber_get_next on fd 22 failed
errno=0 (Undefined error: 0)
Mar 7 10:29:35 blackblock slapd[26351]: connection_read(22): input
error=-2 id=1014, closing.
Mar 7 10:29:35 blackblock slapd[26351]: connection_closing: readying
conn=1014 sd=22 for close
Mar 7 10:29:35 blackblock slapd[26351]: daemon: activity on 1
descriptor
Mar 7 10:29:35 blackblock slapd[26351]: daemon: waked
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=6
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: daemon: select: listen=7
active_threads=0 tvp=NULL
Mar 7 10:29:35 blackblock slapd[26351]: connection_close: deferring
conn=1014 sd=22
Mar 7 10:29:35 blackblock slapd[26351]: conn=1014 op=2 do_unbin
