On Wed, Mar 30, 2011 at 12:18 PM, sim123 <[email protected]> wrote: > > > On Wed, Mar 30, 2011 at 7:49 AM, Dan White <[email protected]> wrote: > >> On 30/03/11 04:36 -0700, sim123 wrote: >> >>> On Tue, Mar 29, 2011 at 7:43 PM, Dan White <[email protected]> wrote: >>> >>>> It looks like the search is not returning any entries. From your >>>> confluence >>>> server, can you perform an ldapsearch as your privileged user to see if >>>> you >>>> get any entries returned? >>>> >>> >>> Thanks for your reply. You got me right and I am sure the first two >>> things >>> are working so my authentication user has privileges, Confluence is >>> submitting base,scope and filter. I am not sure about the third point, >>> needs >>> to validate it. >>> >>> I tried doing ldapsearch from ldap server machine (local) and from >>> confluence server using filter on uid/cn. However, don't know why wild >>> card >>> works and specific search doesn't. >>> >>> ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b >>> 'ou=users,dc=example,dc=com' '(uid=123)' >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <ou=users,dc=example,dc=com> with scope subtree >>> # filter: (uid=123) >>> # requesting: ALL >>> # >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 1 >>> >>> where as >>> ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b >>> 'ou=users,dc=example,dc=com' '(uid=123*)' >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <ou=users,dc=example,dc=com> with scope subtree >>> # filter: (uid=123*) >>> # requesting: ALL >>> # >>> >>> # 123, users, example.com >>> dn: uid=123,ou=users,dc=example,dc=com >>> displayName: Barbara Jason >>> objectClass: inetOrgPerson >>> objectClass: organizationalPerson >>> objectClass: person >>> objectClass: top >>> mail: [email protected] >>> uid: 123 >>> userPassword:: bXJhanZhaWR5YQ== >>> sn: Jason >>> cn: Barbara >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 2 >>> # numEntries: 1 >>> >>> again, I tried searching for it but couldn't find it, sorry for being >>> naive >>> but would appreciate any help. Thanks >>> >> >> My guess is that you're running into a bdb/hdb indexing problem. Try >> adding >> an index in your slapd.conf/slapd-config for uid (if it doesn't exist), >> and >> then rebuild your indexes using slapindex. >> >> See the man pages for slapd-bdb/slapd-hdb and slapindex for details. >> >> -- >> Dan White >> > > Thanks for your response, its index, I recreated the index and cane do > ldapsearch. > > Confluence is doing the three step process you described i.e Init session > and bind with confluence user, search for dn and bind with dn. For some > reason I see search can not find anything and log says: > > bdb_nidex_read: failed (-30988) > ---- > bdb_search: no candidates > > I had it working once!! don't know what magic happend that time ... > posting logs incase there is any clue there : > > *Success Logs* > slap_listener_activate(8): > >>> slap_listener(ldap:///) > connection_get(12): got connid=1000 > connection_read(12): checking for input on id=1000 > ber_get_next > ber_get_next: tag 0x30 len 43 contents: > op tag 0x60, time 1301501949 > ber_get_next > conn=1000 op=0 do_bind > ber_scanf fmt ({imt) ber: > ber_scanf fmt (m}) ber: > >>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> > <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, > <cn=manager,dc=example,dc=com> > *do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128* > do_bind: v3 bind: "cn=Manager,dc=example,dc=com" to > "cn=Manager,dc=example,dc=com" > send_ldap_result: conn=1000 op=0 p=3 > send_ldap_response: msgid=1 tag=97 err=0 > ber_flush2: 14 bytes to sd 12 > connection_get(12): got connid=1000 > connection_read(12): checking for input on id=1000 > ber_get_next > ber_get_next: tag 0x30 len 120 contents: > op tag 0x63, time 1301501949 > ber_get_next > conn=1000 op=1 do_search > ber_scanf fmt ({miiiib) ber: > >>> dnPrettyNormal: <ou=users,dc=example,dc=com> > <<< dnPrettyNormal: <ou=users,dc=example,dc=com>, <ou=dc=example,dc=com> > ber_scanf fmt ({mm}) ber: > ber_scanf fmt ({mm}) ber: > ber_scanf fmt ({M}}) ber: > => get_ctrls > ber_scanf fmt ({m) ber: > => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) > <= get_ctrls: n=1 rc=0 err="" > => bdb_search > bdb_dn2entry("ou=users,dc=example,dc=com") > => bdb_dn2id("dc=example,dc=com") > <= bdb_dn2id: got id=0x1 > => bdb_dn2id("ou=users,dc=example,dc=com") > <= bdb_dn2id: got id=0x3 > entry_decode: "ou=users,dc=example,dc=com" > <= entry_decode(ou=users,dc=example,dc=com) > search_candidates: base="ou=users,dc=example,dc=com" (0x00000003) scope=2 > => bdb_equality_candidates (objectClass) > => key_read > <= bdb_index_read: failed (-30988) > <= bdb_equality_candidates: id=0, first=0, last=0 > => bdb_dn2idl("ou=users,dc=example,dc=com") > <= bdb_dn2idl: id=2 first=3 last=6 > => bdb_equality_candidates (objectClass) > => key_read > <= bdb_index_read 2 candidates > <= bdb_equality_candidates: id=2, first=6, last=7 > => bdb_equality_candidates (cn) > => key_read > <= bdb_index_read 1 candidates > <= bdb_equality_candidates: id=1, first=6, last=6 > bdb_search_candidates: id=1 first=6 last=6 > *entry_decode: "uid=123,ou=users,dc=example,dc=com"* > <= entry_decode(uid=123,ou=users,dc=example,dc=com) > => bdb_dn2id("uid=123,ou=users,dc=example,dc=com") > <= bdb_dn2id: got id=0x6 > *=> send_search_entry: conn 1000 dn="uid=123,ou=users,dc=example,dc=com"* > ber_flush2: 265 bytes to sd 12 > <= send_search_entry: conn 1000 exit. > send_ldap_result: conn=1000 op=1 p=3 > send_ldap_response: msgid=2 tag=101 err=0 > ber_flush2: 14 bytes to sd 12 > slap_listener_activate(8): > >>> slap_listener(ldap:///) > connection_get(15): got connid=1001 > connection_read(15): checking for input on id=1001 > ber_get_next > ber_get_next: tag 0x30 len 52 contents: > op tag 0x60, time 1301501949 > ber_get_next > conn=1001 op=0 do_bind > ber_scanf fmt ({imt) ber: > ber_scanf fmt (m}) ber: > >>> dnPrettyNormal: <uid=123,ou=users,dc=example,dc=com> > <<< dnPrettyNormal: <uid=123,ou=users,dc=example,dc=com>, > <uid=123,ou=users,dc=example,dc=com> > *do_bind: version=3 dn="uid=123,ou=users,dc=example,dc=com" method=128* > bdb_dn2entry("uid=123,ou=users,dc=example,dc=com") > do_bind: v3 bind: "uid=123,ou=users,dc=example,dc=com" to > "uid=123,ou=users,dc=example,dc=com" > send_ldap_result: conn=1001 op=0 p=3 > send_ldap_response: msgid=1 tag=97 err=0 > ber_flush2: 14 bytes to sd 15 > connection_get(15): got connid=1001 > connection_read(15): checking for input on id=1001 > ber_get_next > ber_get_next: tag 0x30 len 34 contents: > op tag 0x42, time 1301501968 > ber_get_next > ber_get_next on fd 15 failed errno=0 (Success) > conn=1001 op=1 do_unbind > connection_close: conn=1001 sd=15 > > *Failure log* > > connection_get(12): got connid=1000 > connection_read(12): checking for input on id=1000 > ber_get_next > ber_get_next: tag 0x30 len 118 contents: > op tag 0x63, time 1301512406 > ber_get_next > conn=1000 op=2 do_search > ber_scanf fmt ({miiiib) ber: > >>> dnPrettyNormal: <ou=users,dc=example,dc=com> > <<< dnPrettyNormal: <ou=users,dc=example,dc=com>, > <ou=users,dc=example,dc=com> > ber_scanf fmt ({mm}) ber: > ber_scanf fmt ({mm}) ber: > ber_scanf fmt ({M}}) ber: > => get_ctrls > ber_scanf fmt ({m) ber: > => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) > <= get_ctrls: n=1 rc=0 err="" > => bdb_search > bdb_dn2entry("ou=users,dc=example,dc=com") > search_candidates: base="ou=users,dc=example,dc=com" (0x00000003) scope=2 > => bdb_equality_candidates (objectClass) > => key_read > <= bdb_index_read: failed (-30988) > <= bdb_equality_candidates: id=0, first=0, last=0 > => bdb_dn2idl("ou=users,dc=example,dc=com") > <= bdb_dn2idl: id=2 first=3 last=6 > => bdb_equality_candidates (objectClass) > => key_read > <= bdb_index_read 2 candidates > <= bdb_equality_candidates: id=2, first=6, last=7 > => bdb_equality_candidates (cn) > => key_read > <= bdb_index_read: failed (-30988) > <= bdb_equality_candidates: id=0, first=0, last=0 > bdb_search_candidates: id=0 first=3 last=0 > *bdb_search: no candidates* > send_ldap_result: conn=1000 op=2 p=3 > send_ldap_response: msgid=3 tag=101 err=0 > ber_flush2: 14 bytes to sd 12 > > Thanks >
Sorry for long logs above, I just found out I can use cn field for logging in and it works fine, however uid field doesn't work, I have index on cn and uid so not sure why uid doesn't work. Thanks.
