Hello together,
Just to stay updated. I tried to connect using the distinguished name cn=<username>,ou=Users,dc=domain,dc=my . I have changed the DN to uid=<username>,ou=Users,dc=domain,dc=my and login works. Yet I am confused because I have set index on cn as well as uid attribute (or is uid not an attribute but an element)? Below is an ldif of the user "bjoern" # bjoern, Users, domain.my dn: uid=bjoern,ou=Users,dc=domain,dc=my objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: bjoern uid: bjoern uidNumber: <some number> homeDirectory: <some path> loginShell: /bin/bash gecos: bjoern description: User account sambaSID: <some SID> displayName: bjoern sambaNTPassword: <some hash> sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1338641123 sambaAcctFlags: [U ] gidNumber: <some group id> userPassword:: <some password> Thank you for your support. Bjoern > -----Original Message----- > From: [email protected] [mailto:openldap- > [email protected]] On Behalf Of Bjoern Wuest > Sent: Monday, June 18, 2012 10:14 AM > To: [email protected] > Subject: RE: Binding to openldap fails > > >> On Sun, 17 Jun 2012, Bjoern Wuest wrote: > >> ... > > > However, setting up the mail system (dovecot + postfix) I > > > encountered a problem new to me. When I try to bind as a "normal" user > (here: > > > bjoern) to LDAP it fails with wrong credentials. I can assure that I > > > did not mistyped the password (tried multiple times). Login to the > > > Linux system and samba with same credentials (i.e. bjoern and his > >> password) works. > > > > > > Here is the part of syslog I expect to be the cause: > > > > > > Jun 17 19:36:45 server slapd[23241]: <<< dnPrettyNormal: > > > <cn=bjoern,ou=Users,dc=domain,dc=my>, > > > <cn=bjoern,ou=users,dc=domain,dc=my> > > > Jun 17 19:36:45 server slapd[23241]: conn=1003 op=0 BIND > > > dn="cn=bjoern,ou=Users,dc=domain,dc=my" method=128 Jun 17 19:36:45 > > > server slapd[23241]: do_bind: version=3 > > > dn="cn=bjoern,ou=Users,dc=domain,dc=my" method=128 Jun 17 19:36:45 > > > server slapd[23241]: > > > Jun 17 19:36:45 server slapd[23241]: ==> hdb_bind: dn: > > > cn=bjoern,ou=Users,dc=domain,dc=my > > > Jun 17 19:36:45 server slapd[23241]: > > > bdb_dn2entry("cn=bjoern,ou=users,dc=domain,dc=my") > > > Jun 17 19:36:45 server slapd[23241]: daemon: epoll: listen=8 > > > active_threads=0 tvp=zero > > > Jun 17 19:36:45 server slapd[23241]: => > > > hdb_dn2id("cn=bjoern,ou=users,dc=domain,dc=my") > > > Jun 17 19:36:45 server slapd[23241]: daemon: epoll: listen=9 > > > active_threads=0 tvp=zero > > > Jun 17 19:36:45 server slapd[23241]: daemon: epoll: listen=10 > > > active_threads=0 tvp=zero > > > Jun 17 19:36:45 server slapd[23241]: daemon: epoll: listen=11 > > > active_threads=0 tvp=zero > > > Jun 17 19:36:45 server slapd[23241]: <= hdb_dn2id: get failed: > > DB_NOTFOUND: > > > No matching key/data pair found (-30987) > > > > In my experience, that sort of error from the DB library usually means > > a change to the indexing or schema was made without reindexing and/or > > dumping and reloading. > > > > If you're confident that's not the case here (how confident?), then > > have > you > > compared that log output to the log output of a successful login? > > > > > > Philip Guenther > > Dear Philip, > > thank you for pointing me to the index files. I have recreated all the indexes > but without effect. Here are the indexes I have defined: > > index objectClass eq > index cn pres,sub,eq > index sn pres,sub,eq > index uid pres,sub,eq > index displayName pres,sub,eq > index uidNumber eq > index gidNumber eq > index memberUid eq > index sambaSID eq > index sambaPrimaryGroupSID eq > index sambaDomainName eq > index sambaGroupType eq > index sambaSIDList eq > index default sub > > > and here are the index files created: > > -rw-rw---- 1 openldap openldap 16384 Jun 18 10:01 cn.bdb > -rw-rw---- 1 openldap openldap 24576 Jun 18 10:01 __db.001 > -rw-rw---- 1 openldap openldap 1236992 Jun 18 10:01 __db.002 > -rw-rw---- 1 openldap openldap 20979712 Jun 18 10:01 __db.003 > -rw-rw---- 1 openldap openldap 163840 Jun 18 10:01 __db.004 > -rw-rw---- 1 openldap openldap 1294336 Jun 18 10:01 __db.005 > -rw-rw---- 1 openldap openldap 32768 Jun 18 10:01 __db.006 > -rw-rw---- 1 openldap openldap 194 Mai 20 08:55 DB_CONFIG > -rw-rw---- 1 openldap openldap 16384 Jun 18 10:01 displayName.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:00 dn2id.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 gidNumber.bdb > -rw-rw---- 1 openldap openldap 32768 Jun 18 10:00 id2entry.bdb > -rw-rw---- 1 openldap openldap 10485760 Jun 18 10:01 log.0000000001 > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 memberUid.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 objectClass.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 > sambaDomainName.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 sambaGroupType.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 sambaSID.bdb > -rw------- 1 openldap openldap 8192 Jun 18 10:01 sambaSIDList.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 uid.bdb > -rw-rw---- 1 openldap openldap 8192 Jun 18 10:01 uidNumber.bdb > > The indexes were created using "slapindex -f /etc/ldap/slapd.conf". The > files "dn2id.bdb" and "id2entry.dbd" are old ones because slapindex would > not create any index without them. > > Yet, the problem still remains. User "bjoern" can login to linux (even from > remote hosts) and samba, but fails to login via dovecot as well as > ldapsearch. > > I further compared the syslog when doing a successful login versus an > unsuccessful login. Of course I have restarted nscd and nslcd services to > clear caches (I hope). Yet, nscd / nslcd may also explain why linux and samba > login works. Both are done via nslcd which uses the ldap admin account to > access the ldap. > > So, further indications are welcome. > > If you like I can also provide you with the full slapd.conf file so you would > be able to setup an Ubuntu 12.04 system with the same ldap configuration > in a virtual machine. > > > Regards > Bjoern >
