> ... what does the output from "slapd -d -1" show in the following bits:
>
> (a) running as root, up until waiting for a connection
> (b) running as root, getting a problem connection
> (c) running as openldap user, up until waiting for a connection
> (d) running as openldap user, getting a problem connection
(a) and (b) are in the attached file slapd-root.txt
(c) and (d) are in the attached file slapd-openldap.txt
In both files I put some whitespace and a comment line to indicate where
slapd started waiting for a connection.
(a) and (b) output was generated and captured using (all on one line):
# /usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/ ldap://[::1]/
ldaps://[::1]/ ldap://ldap.misumasu.dyndns.org/
ldaps://ldap.misumasu.dyndns.org/' -d 1 > /tmp/slapd-root.txt 2>&1
(c) and (d) output was generated and captured using (all on one line):
# /usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/ ldap://[::1]/
ldaps://[::1]/ ldap://ldap.misumasu.dyndns.org/
ldaps://ldap.misumasu.dyndns.org/' -u openldap -g openldap -d 1 >
/tmp/slapd-openldap.txt 2>&1
Running "ldapsearch -x -ZZ" generated thousands of lines of output in the
root versioon, so to keep this tractable, I targeted the search command as
$ ldapsearch -x -ZZ '(sambaDomainName=MISUMASU)'
This command was run to trigger the (b) and (d) cases.
Running "diff -u slapd-root.txt slapd-openldap.txt" is interesting.
The interesting chunks before they completely diverge (root returning a
result vs. openldap returning an error) are:
--- slapd-root.txt 2006-08-09 18:52:49.000000000 -0600
+++ slapd-openldap.txt 2006-08-09 18:53:00.000000000 -0600
...
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
+ldap_create
+ldap_url_parse_ext(ldap://ldap.misumasu.dyndns.org/)
+ldap_create
+ldap_url_parse_ext(ldap://ldap.misumasu.dyndns.org/)
+ldap_extended_operation_s
+ldap_extended_operation
+ldap_send_initial_request
+ldap_new_connection 1 1 0
+ldap_int_open_connection
+ldap_connect_to_host: TCP ldap.misumasu.dyndns.org:389
+ldap_new_socket: 12
+ldap_prepare_socket: 12
+ldap_connect_to_host: Trying 172.30.1.1:389
+ldap_connect_timeout: fd: 12 tm: 30 async: 0
+ldap_ndelay_on: 12
+ldap_is_sock_ready: 12
+ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)
+ldap_close_socket: 12
+ldap_unbind
matching_rule_use_init
...
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
-TLS trace: SSL_accept:SSLv3 write server done A
+TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
So right before SSL fails, the root version "writes server done" while the
openldap version "writes certificate request".
@(#) $OpenLDAP: slapd 2.3.25 (Aug 4 2006 01:06:05) $
[EMAIL
PROTECTED]:/build/buildd/openldap2.3-2.3.25/debian/build/servers/slapd
daemon_init: listen on ldap://127.0.0.1/
daemon_init: listen on ldaps://127.0.0.1/
daemon_init: listen on ldap://[::1]/
daemon_init: listen on ldaps://[::1]/
daemon_init: listen on ldap://ldap.misumasu.dyndns.org/
daemon_init: listen on ldaps://ldap.misumasu.dyndns.org/
daemon_init: 6 listeners to open...
ldap_url_parse_ext(ldap://127.0.0.1/)
daemon: listener initialized ldap://127.0.0.1/
ldap_url_parse_ext(ldaps://127.0.0.1/)
daemon: listener initialized ldaps://127.0.0.1/
ldap_url_parse_ext(ldap://[::1]/)
daemon: listener initialized ldap://[::1]/
ldap_url_parse_ext(ldaps://[::1]/)
daemon: listener initialized ldaps://[::1]/
ldap_url_parse_ext(ldap://ldap.misumasu.dyndns.org/)
daemon: listener initialized ldap://ldap.misumasu.dyndns.org/
ldap_url_parse_ext(ldaps://ldap.misumasu.dyndns.org/)
daemon: listener initialized ldaps://ldap.misumasu.dyndns.org/
daemon_init: 6 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=misumasu,dc=dyndns,dc=org>
<<< dnPrettyNormal: <dc=misumasu,dc=dyndns,dc=org>,
<dc=misumasu,dc=dyndns,dc=org>
>>> dnNormalize: <>
<<< dnNormalize: <>
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion
$ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming
$ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning
$ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber
$ oncRpcNumber $ sambaPwdLastSet $ sambaPwdCanChange $ sambaPwdMustChange $
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaBadPasswordCount $
sambaBadPasswordTime $ sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $
sambaNextRid $ sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength
$ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge
$ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold
$ sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion
$ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming
$ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning
$ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber
$ oncRpcNumber $ sambaPwdLastSet $ sambaPwdCanChange $ sambaPwdMustChange $
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaBadPasswordCount $
sambaBadPasswordTime $ sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $
sambaNextRid $ sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength
$ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge
$ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold
$ sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ mail
$ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $
sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $
memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $
ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry $ sambaLMPassword $
sambaNTPassword $ sambaAcctFlags $ sambaLogonHours $ sambaHomeDrive $
sambaPasswordHistory $ sambaSID $ sambaPrimaryGroupSID $ sambaSIDList $
sambaStringOption $ sambaTrustFlags ) )
1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ mail
$ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $
sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $
memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $
ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry $ sambaLMPassword $
sambaNTPassword $ sambaAcctFlags $ sambaLogonHours $ sambaHomeDrive $
sambaPasswordHistory $ sambaSID $ sambaPrimaryGroupSID $ sambaSIDList $
sambaStringOption $ sambaTrustFlags ) )
2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl
$ supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME
'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $
gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ mailPreferenceOption $ shadowLastChange $
shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $
shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ sambaPwdLastSet
$ sambaPwdCanChange $ sambaPwdMustChange $ sambaLogonTime $ sambaLogoffTime $
sambaKickoffTime $ sambaBadPasswordCount $ sambaBadPasswordTime $
sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $ sambaNextRid $
sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength $
sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager )
)
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch'
APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval
$ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $
olcToolThreads $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber $ sambaPwdLastSet $
sambaPwdCanChange $ sambaPwdMustChange $ sambaLogonTime $ sambaLogoffTime $
sambaKickoffTime $ sambaBadPasswordCount $ sambaBadPasswordTime $
sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $ sambaNextRid $
sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength $
sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch'
APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $
olcReverseLookup $ sambaBoolOption $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex ) )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion
$ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $
olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $
olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $
olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $
olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $
olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $
olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $
olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $
olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile
$ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $
knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title
$ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier
$ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $
roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $
documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ ipServiceProtocol $
nisMapName $ carLicense $ departmentNumber $ displayName $ employeeNumber $
employeeType $ preferredLanguage $ sambaLogonScript $ sambaProfilePath $
sambaUserWorkstations $ sambaHomePath $ sambaDomainName $ sambaMungedDial $
sambaShareName $ sambaOptionName $ sambaStringListOption $ olcDbCheckpoint $
olcDbConfig $ olcDbIndex $ olcDbLockDetect ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $
olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $
olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $
olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $
olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $
olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $
olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile
$ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $
knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title
$ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier
$ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $
roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $
documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ ipServiceProtocol $
nisMapName $ carLicense $ departmentNumber $ displayName $ employeeNumber $
employeeType $ preferredLanguage $ sambaLogonScript $ sambaProfilePath $
sambaUserWorkstations $ sambaHomePath $ sambaDomainName $ sambaMungedDial $
sambaShareName $ sambaOptionName $ sambaStringListOption $ olcDbCheckpoint $
olcDbConfig $ olcDbIndex $ olcDbLockDetect ) )
1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch):
matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES (
creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $
aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $
olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner $
roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $
dITRedirect ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=include{0}"
config_build_entry: "cn=include{1}"
config_build_entry: "cn=include{2}"
config_build_entry: "cn=include{3}"
config_build_entry: "cn=include{4}"
config_build_entry: "cn=module{0}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}nis"
config_build_entry: "cn={3}inetorgperson"
config_build_entry: "cn={4}samba"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
backend_startup_one: starting "dc=misumasu,dc=dyndns,dc=org"
bdb_db_open: dbenv_open(/var/lib/ldap)
slapd starting
# slapd is waiting for connections
ldap_pvt_gethostbyname_a: host=server, r=0
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 15
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_read(15): unable to get TLS client DN, error=49 id=0
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=97 err=0
ber_flush: 14 bytes to sd 15
do_bind: v3 anonymous bind
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 81 contents:
ber_get_next
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <dc=misumasu,dc=dyndns,dc=org>
<<< dnPrettyNormal: <dc=misumasu,dc=dyndns,dc=org>,
<dc=misumasu,dc=dyndns,dc=org>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
==> limits_get: conn=0 op=2 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("dc=misumasu,dc=dyndns,dc=org")
=> bdb_dn2id("dc=misumasu,dc=dyndns,dc=org")
<= bdb_dn2id: got id=0x00000001
entry_decode: "dc=misumasu,dc=dyndns,dc=org"
<= entry_decode(dc=misumasu,dc=dyndns,dc=org)
search_candidates: base="dc=misumasu,dc=dyndns,dc=org" (0x00000001) scope=2
=> bdb_dn2idl("dc=misumasu,dc=dyndns,dc=org")
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_equality_candidates (sambaDomainName)
=> key_read
<= bdb_index_read 1 candidates
<= bdb_equality_candidates: id=1, first=18, last=18
bdb_search_candidates: id=1 first=18 last=18
entry_decode: "sambaDomainName=MISUMASU,dc=misumasu,dc=dyndns,dc=org"
<= entry_decode(sambaDomainName=MISUMASU,dc=misumasu,dc=dyndns,dc=org)
=> bdb_dn2id("sambaDomainName=misumasu,dc=misumasu,dc=dyndns,dc=org")
<= bdb_dn2id: got id=0x00000012
=> acl_string_expand: pattern: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> acl_string_expand: expanded: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
=> send_search_entry: conn 0
dn="sambaDomainName=MISUMASU,dc=misumasu,dc=dyndns,dc=org"
=> acl_string_expand: pattern: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> acl_string_expand: expanded: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
=> acl_string_expand: pattern: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> acl_string_expand: expanded: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
=> acl_string_expand: pattern: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> acl_string_expand: expanded: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
=> acl_string_expand: pattern: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> acl_string_expand: expanded: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
=> acl_string_expand: pattern: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> acl_string_expand: expanded: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
=> acl_string_expand: pattern: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> acl_string_expand: expanded: cn=admin,dc=misumasu,dc=dyndns,dc=org
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
ber_flush: 251 bytes to sd 15
<= send_search_entry: conn 0 exit.
send_ldap_result: conn=0 op=2 p=3
send_ldap_response: msgid=3 tag=101 err=0
ber_flush: 14 bytes to sd 15
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
ber_get_next
do_unbind
TLS trace: SSL3 alert read:warning:close notify
ber_get_next on fd 15 failed errno=0 (Success)
connection_read(15): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=15 for close
connection_close: deferring conn=0 sd=15
connection_resched: attempting closing conn=0 sd=15
connection_close: conn=0 sd=15
TLS trace: SSL3 alert write:warning:close notify
daemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
====> bdb_cache_release_all
slapd destroy: freeing system resources.
slapd stopped.
@(#) $OpenLDAP: slapd 2.3.25 (Aug 4 2006 01:06:05) $
[EMAIL
PROTECTED]:/build/buildd/openldap2.3-2.3.25/debian/build/servers/slapd
daemon_init: listen on ldap://127.0.0.1/
daemon_init: listen on ldaps://127.0.0.1/
daemon_init: listen on ldap://[::1]/
daemon_init: listen on ldaps://[::1]/
daemon_init: listen on ldap://ldap.misumasu.dyndns.org/
daemon_init: listen on ldaps://ldap.misumasu.dyndns.org/
daemon_init: 6 listeners to open...
ldap_url_parse_ext(ldap://127.0.0.1/)
daemon: listener initialized ldap://127.0.0.1/
ldap_url_parse_ext(ldaps://127.0.0.1/)
daemon: listener initialized ldaps://127.0.0.1/
ldap_url_parse_ext(ldap://[::1]/)
daemon: listener initialized ldap://[::1]/
ldap_url_parse_ext(ldaps://[::1]/)
daemon: listener initialized ldaps://[::1]/
ldap_url_parse_ext(ldap://ldap.misumasu.dyndns.org/)
daemon: listener initialized ldap://ldap.misumasu.dyndns.org/
ldap_url_parse_ext(ldaps://ldap.misumasu.dyndns.org/)
daemon: listener initialized ldaps://ldap.misumasu.dyndns.org/
daemon_init: 6 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=misumasu,dc=dyndns,dc=org>
<<< dnPrettyNormal: <dc=misumasu,dc=dyndns,dc=org>,
<dc=misumasu,dc=dyndns,dc=org>
>>> dnNormalize: <>
<<< dnNormalize: <>
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
ldap_create
ldap_url_parse_ext(ldap://ldap.misumasu.dyndns.org/)
ldap_create
ldap_url_parse_ext(ldap://ldap.misumasu.dyndns.org/)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.misumasu.dyndns.org:389
ldap_new_socket: 12
ldap_prepare_socket: 12
ldap_connect_to_host: Trying 172.30.1.1:389
ldap_connect_timeout: fd: 12 tm: 30 async: 0
ldap_ndelay_on: 12
ldap_is_sock_ready: 12
ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)
ldap_close_socket: 12
ldap_unbind
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion
$ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming
$ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning
$ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber
$ oncRpcNumber $ sambaPwdLastSet $ sambaPwdCanChange $ sambaPwdMustChange $
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaBadPasswordCount $
sambaBadPasswordTime $ sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $
sambaNextRid $ sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength
$ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge
$ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold
$ sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion
$ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming
$ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $
mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning
$ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber
$ oncRpcNumber $ sambaPwdLastSet $ sambaPwdCanChange $ sambaPwdMustChange $
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaBadPasswordCount $
sambaBadPasswordTime $ sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $
sambaNextRid $ sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength
$ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge
$ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold
$ sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ mail
$ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $
sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $
memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $
ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry $ sambaLMPassword $
sambaNTPassword $ sambaAcctFlags $ sambaLogonHours $ sambaHomeDrive $
sambaPasswordHistory $ sambaSID $ sambaPrimaryGroupSID $ sambaSIDList $
sambaStringOption $ sambaTrustFlags ) )
1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ mail
$ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $
sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $
memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $
ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry $ sambaLMPassword $
sambaNTPassword $ sambaAcctFlags $ sambaLogonHours $ sambaHomeDrive $
sambaPasswordHistory $ sambaSID $ sambaPrimaryGroupSID $ sambaSIDList $
sambaStringOption $ sambaTrustFlags ) )
2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl
$ supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME
'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $
gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ mailPreferenceOption $ shadowLastChange $
shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $
shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ sambaPwdLastSet
$ sambaPwdCanChange $ sambaPwdMustChange $ sambaLogonTime $ sambaLogoffTime $
sambaKickoffTime $ sambaBadPasswordCount $ sambaBadPasswordTime $
sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $ sambaNextRid $
sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength $
sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager )
)
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch'
APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval
$ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $
olcToolThreads $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber $ sambaPwdLastSet $
sambaPwdCanChange $ sambaPwdMustChange $ sambaLogonTime $ sambaLogoffTime $
sambaKickoffTime $ sambaBadPasswordCount $ sambaBadPasswordTime $
sambaGroupType $ sambaNextUserRid $ sambaNextGroupRid $ sambaNextRid $
sambaAlgorithmicRidBase $ sambaIntegerOption $ sambaMinPwdLength $
sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
sambaForceLogoff $ sambaRefuseMachinePwdChange $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
) )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch'
APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $
olcReverseLookup $ sambaBoolOption $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex ) )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion
$ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $
olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $
olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $
olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $
olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $
olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $
olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $
olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $
olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile
$ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $
knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title
$ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier
$ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $
roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $
documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ ipServiceProtocol $
nisMapName $ carLicense $ departmentNumber $ displayName $ employeeNumber $
employeeType $ preferredLanguage $ sambaLogonScript $ sambaProfilePath $
sambaUserWorkstations $ sambaHomePath $ sambaDomainName $ sambaMungedDial $
sambaShareName $ sambaOptionName $ sambaStringListOption $ olcDbCheckpoint $
olcDbConfig $ olcDbIndex $ olcDbLockDetect ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $
olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $
olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $
olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $
olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $
olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $
olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $
olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile
$ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $
knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title
$ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $
destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier
$ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $
roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $
documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ ipServiceProtocol $
nisMapName $ carLicense $ departmentNumber $ displayName $ employeeNumber $
employeeType $ preferredLanguage $ sambaLogonScript $ sambaProfilePath $
sambaUserWorkstations $ sambaHomePath $ sambaDomainName $ sambaMungedDial $
sambaShareName $ sambaOptionName $ sambaStringListOption $ olcDbCheckpoint $
olcDbConfig $ olcDbIndex $ olcDbLockDetect ) )
1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch):
matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES (
creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $
aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $
olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner $
roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $
dITRedirect ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=include{0}"
config_build_entry: "cn=include{1}"
config_build_entry: "cn=include{2}"
config_build_entry: "cn=include{3}"
config_build_entry: "cn=include{4}"
config_build_entry: "cn=module{0}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}nis"
config_build_entry: "cn={3}inetorgperson"
config_build_entry: "cn={4}samba"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
backend_startup_one: starting "dc=misumasu,dc=dyndns,dc=org"
bdb_db_open: dbenv_open(/var/lib/ldap)
slapd starting
# slapd is waiting for connections
ldap_pvt_gethostbyname_a: host=server, r=0
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 15
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate s3_srvr.c:2455
connection_read(15): TLS accept failure error=-1 id=0, closing
connection_closing: readying conn=0 sd=15 for close
connection_close: conn=0 sd=15
daemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
====> bdb_cache_release_all
slapd destroy: freeing system resources.
slapd stopped.
