[sork] passwd and LDAP

James Satterfield james at uberduper.com
Fri Aug 8 17:37:38 PDT 2003


Guys, I'm completely stumped here. I'm not bothering using the hooks, cause my
ldap allows anonymous, etc. So here's the config. The slapd logs will follow.

passwd/config/backends.php
$backends['ldap'] = array(
    'name' => 'UberDuper',
    'preferred' => '',
    'password policy' => array(
        'minLength' => 3,
        'maxLength' => 16
    ),
    'driver' => 'ldap',
    'params' => array(
        'host' => 'knight.uberduper.com',
        'port' => 389,
        'basedn' => 'ou=accounts,ou=uberduper.com,o=UberDuper',
        'uid' => 'uid',
        'realm' => '', // this will be appended to the username when
                       // looking for the userdn.
        'encryption' => 'plain',
        'tls' => false // make sure the host == cn in the server certificate
    )
);

And here's what I get from slapd when I try to change a password.
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on 1 descriptors
Aug  8 17:29:42 knight slapd[53037]: daemon: new connection on 20
Aug  8 17:29:42 knight slapd[53037]: daemon: added 20r
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on:
Aug  8 17:29:42 knight slapd[53037]:
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=8 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=9 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=10 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on 1 descriptors
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on:
Aug  8 17:29:42 knight slapd[53037]:  20r
Aug  8 17:29:42 knight slapd[53037]:
Aug  8 17:29:42 knight slapd[53037]: daemon: read activity on 20
Aug  8 17:29:42 knight slapd[53037]: connection_get(20)
Aug  8 17:29:42 knight slapd[53037]: connection_get(20): got connid=19
Aug  8 17:29:42 knight slapd[53037]: connection_read(20): checking for input on
id=19
Aug  8 17:29:42 knight slapd[53037]: ber_get_next on fd 20 failed errno=35
(Resource temporarily unavailable)
Aug  8 17:29:42 knight slapd[53037]: do_bind
Aug  8 17:29:42 knight slapd[53037]: >>> dnPrettyNormal: <>
Aug  8 17:29:42 knight slapd[53037]: <<< dnPrettyNormal: <>, <>
Aug  8 17:29:42 knight slapd[53037]: do_bind: version=3 dn="" method=128
Aug  8 17:29:42 knight slapd[53037]: send_ldap_result: conn=19 op=0 p=3
Aug  8 17:29:42 knight slapd[53037]: send_ldap_result: err=0 matched="" text=""
Aug  8 17:29:42 knight slapd[53037]: send_ldap_response: msgid=1 tag=97 err=0
Aug  8 17:29:42 knight slapd[53037]: do_bind: v3 anonymous bind
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=8 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=9 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=10 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on 1 descriptors
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on:
Aug  8 17:29:42 knight slapd[53037]:  20r
Aug  8 17:29:42 knight slapd[53037]:
Aug  8 17:29:42 knight slapd[53037]: daemon: read activity on 20
Aug  8 17:29:42 knight slapd[53037]: connection_get(20)
Aug  8 17:29:42 knight slapd[53037]: connection_get(20): got connid=19
Aug  8 17:29:42 knight slapd[53037]: connection_read(20): checking for input on
id=19
Aug  8 17:29:42 knight slapd[53037]: ber_get_next on fd 20 failed errno=35
(Resource temporarily unavailable)
Aug  8 17:29:42 knight slapd[53037]: do_search
Aug  8 17:29:42 knight slapd[53037]: >>> dnPrettyNormal:
<ou=accounts,ou=uberduper.com,o=UberDuper>
Aug  8 17:29:42 knight slapd[53037]: <<< dnPrettyNormal:
<ou=accounts,ou=uberduper.com,o=UberDuper>,
<ou=accounts,ou=uberduper.com,o=uberduper>
Aug  8 17:29:42 knight slapd[53037]: SRCH
"ou=accounts,ou=uberduper.com,o=UberDuper" 2 0
Aug  8 17:29:42 knight slapd[53037]:     0 0 0
Aug  8 17:29:42 knight slapd[53037]:     filter: (uid=jsatter)
Aug  8 17:29:42 knight slapd[53037]:     attrs:
Aug  8 17:29:42 knight slapd[53037]:
Aug  8 17:29:42 knight slapd[53037]: => bdb_back_search
Aug  8 17:29:42 knight slapd[53037]:
bdb_dn2entry_rw("ou=accounts,ou=uberduper.com,o=uberduper")
Aug  8 17:29:42 knight slapd[53037]: => bdb_dn2id_matched(
"ou=accounts,ou=uberduper.com,o=uberduper" )
Aug  8 17:29:42 knight slapd[53037]: ====>
bdb_cache_find_entry_dn2id("ou=accounts,ou=uberduper.com,o=uberduper"): 7 (1
tries)
Aug  8 17:29:42 knight slapd[53037]: ====> bdb_cache_find_entry_id( 7 )
"ou=accounts,ou=uberduper.com,o=UberDuper" (found) (1 tries)
Aug  8 17:29:42 knight slapd[53037]: search_candidates:
base="ou=accounts,ou=uberduper.com,o=UberDuper" (0x00000007) scope=2
Aug  8 17:29:42 knight slapd[53037]: => bdb_dn2idl(
"ou=accounts,ou=uberduper.com,o=uberduper" )
Aug  8 17:29:42 knight slapd[53037]: bdb_idl_fetch_key:
@ou=accounts,ou=uberduper.com,o=uberduper
Aug  8 17:29:42 knight slapd[53037]: <= bdb_dn2idl: id=2 first=7 last=8
Aug  8 17:29:42 knight slapd[53037]: => bdb_equality_candidates (objectClass)
Aug  8 17:29:42 knight slapd[53037]: => key_read
Aug  8 17:29:42 knight slapd[53037]: bdb_idl_fetch_key: [b49d1940]
Aug  8 17:29:42 knight slapd[53037]: <= bdb_index_read: failed (-30991)
Aug  8 17:29:42 knight slapd[53037]: <= bdb_equality_candidates: id=0, first=0,
last=0
Aug  8 17:29:42 knight slapd[53037]: => bdb_equality_candidates (uid)
Aug  8 17:29:42 knight slapd[53037]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Aug  8 17:29:42 knight slapd[53037]: bdb_search_candidates: id=-1 first=7 last=8
Aug  8 17:29:42 knight slapd[53037]: ====> bdb_cache_return_entry_r( 7 ):
returned (0)
Aug  8 17:29:42 knight slapd[53037]: ====> bdb_cache_find_entry_id( 7 )
"ou=accounts,ou=uberduper.com,o=UberDuper" (found) (1 tries)
Aug  8 17:29:42 knight slapd[53037]: bdb_search: 7 does not match filter
Aug  8 17:29:42 knight slapd[53037]: ====> bdb_cache_return_entry_r( 7 ):
returned (0)
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=8 active_threads=1
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=9 active_threads=1
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=10 active_threads=1
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: ====> bdb_cache_find_entry_id( 8 )
"cn=jsatter,ou=accounts,ou=uberduper.com,o=UberDuper" (found) (1 tries)
Aug  8 17:29:42 knight slapd[53037]: bdb_search: 8 does not match filter
Aug  8 17:29:42 knight slapd[53037]: ====> bdb_cache_return_entry_r( 8 ):
returned (0)
Aug  8 17:29:42 knight slapd[53037]: send_search_result: err=0 matched=""
text=""
Aug  8 17:29:42 knight slapd[53037]: send_ldap_response: msgid=2 tag=101 err=0
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on 1 descriptors
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on:
Aug  8 17:29:42 knight slapd[53037]:  20r
Aug  8 17:29:42 knight slapd[53037]:
Aug  8 17:29:42 knight slapd[53037]: daemon: read activity on 20
Aug  8 17:29:42 knight slapd[53037]: connection_get(20)
Aug  8 17:29:42 knight slapd[53037]: connection_get(20): got connid=19
Aug  8 17:29:42 knight slapd[53037]: connection_read(20): checking for input on
id=19
Aug  8 17:29:42 knight slapd[53037]: ber_get_next on fd 20 failed errno=0
(Undefined error: 0)
Aug  8 17:29:42 knight slapd[53037]: connection_read(20): input error=-2 id=19,
closing.
Aug  8 17:29:42 knight slapd[53037]: connection_closing: readying conn=19 sd=20
for close
Aug  8 17:29:42 knight slapd[53037]: connection_close: deferring conn=19 sd=20
Aug  8 17:29:42 knight slapd[53037]: do_unbind
Aug  8 17:29:42 knight slapd[53037]: connection_resched: attempting closing
conn=19 sd=20
Aug  8 17:29:42 knight slapd[53037]: connection_close: conn=19 sd=20
Aug  8 17:29:42 knight slapd[53037]: daemon: removing 20
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=8 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=9 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=10 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: activity on 1 descriptors
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=8 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=9 active_threads=0
tvp=NULL
Aug  8 17:29:42 knight slapd[53037]: daemon: select: listen=10 active_threads=0
tvp=NULL


It pulls up the corrent user dn
cn=jsatter,ou=accounts,ou=uberduper.com,o=UberDuper, but says that it doesn't
match the filter  (cn=jsatter) which has me super confused. Horde comes back
and says the user wasn't found. I'm not sure how much more of this ldap hell I
can take.

Thanks for any help,
James.



More information about the sork mailing list