debug log: slapd starting
ldap_pvt_gethostbyname_a: host=www.domain.com, r=0
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 50 contents:
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=domain,dc=com>
=> ldap_bv2dn(cn=Manager,dc=domain,dc=com,0)
ldap_err2string
<= ldap_bv2dn(cn=Manager,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=Manager,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=manager,dc=domain,dc=com)=0 Success
<<< dnPrettyNormal: <cn=Manager,dc=domain,dc=com>, <cn=manager,dc=domain,dc=com>
do_bind: version=3 dn="cn=Manager,dc=domain,dc=com" method=128
do_bind: v3 bind: "cn=Manager,dc=domain,dc=com" to "cn=Manager,dc=domain,dc=com"
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 119 contents:
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <uid=ross,ou=people,dc=domain,dc=com>
=> ldap_bv2dn(uid=ross,ou=people,dc=domain,dc=com,0)
ldap_err2string
<= ldap_bv2dn(uid=ross,ou=people,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(uid=ross,ou=people,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(uid=ross,ou=people,dc=domain,dc=com)=0 Success
<<< dnPrettyNormal: <uid=ross,ou=people,dc=domain,dc=com>, <uid=ross,ou=people,dc=domain,dc=com>
ber_scanf fmt (m) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
=> bdb_search
bdb_dn2entry("uid=ross,ou=people,dc=domain,dc=com")
=> bdb_dn2id( "dc=domain,dc=com" )
<= bdb_dn2id: got id=0x00000001
=> bdb_dn2id( "ou=people,dc=domain,dc=com" )
<= bdb_dn2id: got id=0x00000007
=> bdb_dn2id( "uid=ross,ou=people,dc=domain,dc=com" )
<= bdb_dn2id: got id=0x00000008
entry_decode: "uid=ross,ou=people,dc=domain,dc=com"
<= entry_decode(uid=ross,ou=people,dc=domain,dc=com)
=> send_search_entry: dn="uid=ross,ou=people,dc=domain,dc=com"
ber_flush: 74 bytes to sd 10
<= send_search_entry
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 148 contents:
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=groups,dc=domain,dc=com>
=> ldap_bv2dn(ou=groups,dc=domain,dc=com,0)
ldap_err2string
<= ldap_bv2dn(ou=groups,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(ou=groups,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(ou=groups,dc=domain,dc=com)=0 Success
<<< dnPrettyNormal: <ou=groups,dc=domain,dc=com>, <ou=groups,dc=domain,dc=com>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
=> bdb_search
bdb_dn2entry("ou=groups,dc=domain,dc=com")
=> bdb_dn2id( "ou=groups,dc=domain,dc=com" )
<= bdb_dn2id: got id=0x00000006
entry_decode: "ou=groups,dc=domain,dc=com"
<= entry_decode(ou=groups,dc=domain,dc=com)
search_candidates: base="ou=groups,dc=domain,dc=com" (0x00000006) scope=1
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_dn2idl( "ou=groups,dc=domain,dc=com" )
<= bdb_dn2idl: id=4 first=9 last=13
bdb_search_candidates: id=0 first=9 last=0
bdb_search: no candidates
send_ldap_result: conn=0 op=2 p=3
send_ldap_response: msgid=3 tag=101 err=0
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
ber_flush: 14 bytes to sd 10
daemon: shutdown requested and initiated.
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
====> bdb_cache_release_all
slapd shutdown: freeing system resources.
slapd stopped.
Slapd.conf:
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema # Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_bdb.la ####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=domain,dc=com" rootdn "cn=Manager,dc=domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw xxxxx # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq
Tomcat server.xml JNDI part:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=Manager,dc=domain,dc=com"
connectionPassword="xxxxx"
connectionURL="ldap://localhost:389"
userPassword="userPassword"
userPattern="uid={0},ou=people,dc=domain,dc=com"
roleBase="ou=groups,dc=domain,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
Web.XML section:
<security-constraint>
<web-resource-collection>
<web-resource-name>Authentication</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>manager></role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
LDIF of database: extended LDIF # # LDAPv3 # base <dc=domain,dc=com> with scope sub # filter: (objectclass=*) # requesting: ALL #
# domain.com dn: dc=domain,dc=com objectClass: dcObject objectClass: organization o: domain dc: domain
# Manager, domain.com dn: cn=Manager,dc=domain,dc=com objectClass: organizationalRole cn: Manager description: Directory Manager roleOccupant: uid=ross,ou=people,dc=domain,dc=com
# users, domain.com dn: ou=users,dc=domain,dc=com objectClass: organizationalUnit ou: users
# us, domain.com dn: c=us,dc=domain,dc=com objectClass: top objectClass: country c: us
# groups, domain.com dn: ou=groups,dc=domain,dc=com objectClass: top objectClass: organizationalUnit ou: groups
# people, domain.com dn: ou=people,dc=domain,dc=com objectClass: top objectClass: organizationalUnit ou: people
# ross, people, domain.com dn: uid=ross,ou=people,dc=domain,dc=com cn: Ross Rankin sn: Rankin objectClass: inetOrgPerson uid: ross mail: [EMAIL PROTECTED] userPassword:: dGVzdA==
# manager, groups, domain.com dn: cn=manager,ou=groups,dc=domain,dc=com objectClass: groupOfUniqueNames cn: manager uniqueMember: uid=ross,ou=people,dc=domain,dc=com
# tomcat, groups, domain.com dn: cn=tomcat,ou=groups,dc=domain,dc=com objectClass: groupOfUniqueNames cn: tomcat uniqueMember: uid=ross,ou=people,dc=domain,dc=com
# admin, groups, domain.com dn: cn=admin,ou=groups,dc=domain,dc=com objectClass: groupOfUniqueNames cn: admin uniqueMember: uid=ross,ou=people,dc=domain,dc=com
# ralph, people, domain.com dn: uid=ralph,ou=people,dc=domain,dc=com cn: Ralph Mobley sn: Mobley objectClass: inetOrgPerson uid: ralph userPassword:: cGFzc3dvcmQ= mail: [EMAIL PROTECTED]
# user, groups, domain.com dn: cn=user,ou=groups,dc=domain,dc=com objectClass: groupOfUniqueNames cn: user uniqueMember: uid=ross,ou=people,dc=domain,dc=com uniqueMember: uid=ralph,ou=people,dc=domain,dc=com
I think that would be all you need to help me diagnose the issue. Thanks.
Ross
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]