PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Postfix mit LDAP und SASL tut nicht was er soll



TheDarkRose
16.07.10, 09:14
Hallo

Habe mir am Server Postfix mit LDAP und SASL Auth eingerichtet. als pwcheck verwenden ich auxprop ldapdb um DIGEST-MD5 anbieten zu können. Proxyuser ist eingerichtet und sollte eingentlich so stimmen. die smptd.conf für SASL ist unter /etc/postfix/sasl gepseichert.

Will ich aber nun eine Email verschicken, meldet mir mein Client das die Auth fehlschlägt und in den logs steht das SASL versucht auf die sasldb zuzugreifen, welchenatürlich logischerweiße nicht besteht. Was kann da falsch rennen?

System ist ubuntu 10.04. Logs und die genau Config kann ich erst später posten, habe im moment keinen Zugriff auf den Server.

TheDarkRose
16.07.10, 15:58
hier meine Konfig:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = alpha.example.com
mydomain = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $mydomain, $myhostname, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 188.40.154.52 127.0.0.1
inet_protocols = ipv4

virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-alias.cf
canonical_maps = ldap:/etc/postfix/ldap-canonical.cf

smtpd_sasl_path = smtpd

smtpd_client_restrictions = permit_mynetworks, reject
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions = reject_sender_login_mismatch, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

smtpd_sender_login_maps = ldap:/etc/postfix/ldap-sender.cf


die smptd.conf

pwcheck_method: auxprop
auxporb_plugin: ldapdb
mech_list: PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5
ldapdb_uri: ldap://127.0.0.1
ldapdb_id: proxyuser
ldapdb_pw: secret
ldapdb_mech: DIGEST-MD5


der proxyuser

dn: cn=proxyuser,ou=Roles,o=Example
cn: postfix
objectClass: simpleSecurityObject
objectClass: organizationalRole
objectClass: extensibleObject
objectClass: top
userPassword:: secret
authzTo: {0}dn.regex:uid=(.*),ou=People,o=Example


und die olcAuthzRegexp

dn: cn=config
olcAuthzPolicy: to
olcAuthzRegexp: {0}uid=root,cn=[^,]*,cn=auth cn=Administrator,ou=Roles,o=Example
olcAuthzRegexp: {1}uid=proxyuser,cn=[^,]*,cn=auth cn=proxyuser,ou=Roles,o=Example
olcAuthzRegexp: {2}uid=([^,]*),cn=[^,]*,cn=auth uid=$1,ou=People,o=Example


und die logsf

Jul 16 13:45:33 alpha postfix/smtpd[6286]: connect from 178.115.240.17.wireless.dyn.drei.com[178.115.240.17]
Jul 16 13:49:01 alpha postfix/smtpd[6286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jul 16 13:49:01 alpha postfix/smtpd[6286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jul 16 13:49:01 alpha postfix/smtpd[6286]: warning: SASL authentication failure: Password verification failed
Jul 16 13:49:01 alpha postfix/smtpd[6286]: warning: 178.115.240.17.wireless.dyn.drei.com[178.115.240.17]: SASL plain authentication failed: authentication failure
Jul 16 13:49:38 alpha postfix/smtpd[6286]: disconnect from 178.115.240.17.wireless.dyn.drei.com[178.115.240.17]


ich find hier den fehler einfach nicht. bin genau wie in der postfix doku vorgegangen

Roger Wilco
16.07.10, 19:44
die smptd.conf

pwcheck_method: auxprop
auxporb_plugin: ldapdb
auxporb != auxprop.

Die restlichen Dateien solltest du lieber auch nochmal auf Syntax-/Schreibfehler prüfen.

TheDarkRose
16.07.10, 22:14
ne, auxprop ist schon korrekt. Hab jetzt mal auf saslauthd umgestellt mit pam


pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

komischerweiße bietet der Server trotzdem noch alle Methoden an, laut log


Jul 16 20:03:56 alpha postfix/smtpd[9549]: < xxx.wireless.dyn.drei.com[178.115.240.17]: EHLO [192.168.1.100]
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-alpha.abimus.com
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-PIPELINING
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-SIZE 10240000
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-VRFY
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-ETRN
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-STARTTLS
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-AUTH CRAM-MD5 LOGIN NTLM PLAIN DIGEST-MD5
Jul 16 20:03:56 alpha postfix/smtpd[9549]: match_list_match: xxx.wireless.dyn.drei.com: no match
Jul 16 20:03:56 alpha postfix/smtpd[9549]: match_list_match: xxx: no match
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-AUTH=CRAM-MD5 LOGIN NTLM PLAIN DIGEST-MD5
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-ENHANCEDSTATUSCODES
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250-8BITMIME
Jul 16 20:03:56 alpha postfix/smtpd[9549]: > xxx.wireless.dyn.drei.com[178.115.240.17]: 250 DSN
Jul 16 20:03:56 alpha postfix/smtpd[9549]: < xxx.wireless.dyn.drei.com[178.115.240.17]: AUTH PLAIN secret



komischerweiße funktioniert aber ein

testsaslauthd -u user -p secret -s smtp
0: OK "Success."


Edit: hier die /etc/default/saslauthd

START=yes

DESC="SASL Authentication Daemon"

NAME="saslauthd"

MECHANISMS="pam"

MECH_OPTIONS=""

THREADS=5

OPTIONS="-c -m /var/run/saslauthd"

Roger Wilco
17.07.10, 17:42
ne, auxprop ist schon korrekt.
auxporb aber mit Sicherheit nicht…

Vielleicht möchtest du dir ja auch mal saslfinger (http://postfix.state-of-mind.de/patrick.koetter/saslfinger/) ansehen.

TheDarkRose
19.07.10, 06:11
Ja jetzt sehe ich es auch. Erklärt aber nicht warum saslauthd allein mit pam nicht funktioniert?? selbst am Rechner kann ich mich über SSH mit dem Userdaten aus dem LDAP anmelden. D.h. PAM selbst müsste funktionieren (siehe testsaslauthd)

Roger Wilco
19.07.10, 10:28
Hast du PAM denn entsprechend konfiguriert? Bedenke, dass es pro Service eine eigene Datei in /etc/pam.d/ gibt.

TheDarkRose
19.07.10, 10:44
*Geistesblitz* Ok danke, das muss ich mir dann am Nachmittag anschauen. Stand in meinem Buch nämlich nicht. Aber PAM wollte ich jetzt nur zum ausprobieren hernehmen, da ich ja DIGEST-MD5 als Mechanismus hernehmen will und das geht nur über auxprop. Aber diesmal hoffentlich ohne diesen blöden Tippfehler. Ich hoffe der Proxyuser im LDAP ist so richtig konfiguriert??

TheDarkRose
19.07.10, 16:11
Hier nun der Output von saslfinger:

root@alpha:~/saslfinger-1.0.3# ./saslfinger -s
saslfinger - postfix Cyrus sasl configuration Mon Jul 19 14:01:20 UTC 2010
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.7.0
System: Ubuntu 10.04 LTS \n \l

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb751b000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 836
drwxr-xr-x 2 root root 4096 Jul 16 18:58 .
drwxr-xr-x 30 root root 4096 Jul 17 10:43 ..
-rw-r--r-- 1 root root 15972 Mar 31 07:09 libanonymous.a
-rw-r--r-- 1 root root 990 Mar 31 07:09 libanonymous.la
-rw-r--r-- 1 root root 13668 Mar 31 07:09 libanonymous.so
-rw-r--r-- 1 root root 13668 Mar 31 07:09 libanonymous.so.2
-rw-r--r-- 1 root root 13668 Mar 31 07:09 libanonymous.so.2.0.23
-rw-r--r-- 1 root root 18966 Mar 31 07:09 libcrammd5.a
-rw-r--r-- 1 root root 976 Mar 31 07:09 libcrammd5.la
-rw-r--r-- 1 root root 17764 Mar 31 07:09 libcrammd5.so
-rw-r--r-- 1 root root 17764 Mar 31 07:09 libcrammd5.so.2
-rw-r--r-- 1 root root 17764 Mar 31 07:09 libcrammd5.so.2.0.23
-rw-r--r-- 1 root root 54506 Mar 31 07:09 libdigestmd5.a
-rw-r--r-- 1 root root 999 Mar 31 07:09 libdigestmd5.la
-rw-r--r-- 1 root root 46712 Mar 31 07:09 libdigestmd5.so
-rw-r--r-- 1 root root 46712 Mar 31 07:09 libdigestmd5.so.2
-rw-r--r-- 1 root root 46712 Mar 31 07:09 libdigestmd5.so.2.0.23
-rw-r--r-- 1 root root 16196 Mar 31 07:09 libldapdb.a
-rw-r--r-- 1 root root 983 Mar 31 07:09 libldapdb.la
-rw-r--r-- 1 root root 17648 Mar 31 07:09 libldapdb.so
-rw-r--r-- 1 root root 17648 Mar 31 07:09 libldapdb.so.2
-rw-r--r-- 1 root root 17648 Mar 31 07:09 libldapdb.so.2.0.23
-rw-r--r-- 1 root root 16158 Mar 31 07:09 liblogin.a
-rw-r--r-- 1 root root 970 Mar 31 07:09 liblogin.la
-rw-r--r-- 1 root root 13664 Mar 31 07:09 liblogin.so
-rw-r--r-- 1 root root 13664 Mar 31 07:09 liblogin.so.2
-rw-r--r-- 1 root root 13664 Mar 31 07:09 liblogin.so.2.0.23
-rw-r--r-- 1 root root 34956 Mar 31 07:09 libntlm.a
-rw-r--r-- 1 root root 964 Mar 31 07:09 libntlm.la
-rw-r--r-- 1 root root 30048 Mar 31 07:09 libntlm.so
-rw-r--r-- 1 root root 30048 Mar 31 07:09 libntlm.so.2
-rw-r--r-- 1 root root 30048 Mar 31 07:09 libntlm.so.2.0.23
-rw-r--r-- 1 root root 16266 Mar 31 07:09 libplain.a
-rw-r--r-- 1 root root 970 Mar 31 07:09 libplain.la
-rw-r--r-- 1 root root 17760 Mar 31 07:09 libplain.so
-rw-r--r-- 1 root root 17760 Mar 31 07:09 libplain.so.2
-rw-r--r-- 1 root root 17760 Mar 31 07:09 libplain.so.2.0.23
-rw-r--r-- 1 root root 24092 Mar 31 07:09 libsasldb.a
-rw-r--r-- 1 root root 1001 Mar 31 07:09 libsasldb.la
-rw-r--r-- 1 root root 21736 Mar 31 07:09 libsasldb.so
-rw-r--r-- 1 root root 21736 Mar 31 07:09 libsasldb.so.2
-rw-r--r-- 1 root root 21736 Mar 31 07:09 libsasldb.so.2.0.23
-r--r----- 1 postfix sasl 185 Jul 19 13:51 smtpd.conf

-- listing of /etc/sasl2 --
total 8
drwxr-xr-x 2 root root 4096 Jul 16 18:58 .
drwxr-xr-x 64 root root 4096 Jul 17 10:43 ..




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: auxprop
auxprop_plugin: ldapdb
mech_list: PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5
ldapdb_uri: ldap://127.0.0.1
ldapdb_id: --- replaced ---
ldapdb_pw: --- replaced ---
ldapdb_mech: DIGEST-MD5


-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH CRAM-MD5 LOGIN NTLM PLAIN DIGEST-MD5
250-AUTH=CRAM-MD5 LOGIN NTLM PLAIN DIGEST-MD5

-- end of saslfinger output --


Hier das log:

Jul 19 13:55:32 alpha postfix/smtpd[15396]: connect from xxx.wireless.dyn.drei.com[xxx]
Jul 19 13:55:33 alpha postfix/smtpd[15396]: warning: SASL authentication failure: no secret in database
Jul 19 13:55:33 alpha postfix/smtpd[15396]: warning: xxx.wireless.dyn.drei.com[xxx]: SASL CRAM-MD5 authentication failed: authentication failure
Jul 19 13:55:33 alpha postfix/smtpd[15396]: warning: SASL authentication failure: no secret in database
Jul 19 13:55:33 alpha postfix/smtpd[15396]: warning: xxx.wireless.dyn.drei.com[xxx]: SASL NTLM authentication failed: authentication failure
Jul 19 13:55:37 alpha postfix/smtpd[15396]: warning: SASL authentication failure: no secret in database
Jul 19 13:55:37 alpha postfix/smtpd[15396]: warning: xxx.wireless.dyn.drei.com[xxx]: SASL CRAM-MD5 authentication failed: authentication failure
Jul 19 13:55:38 alpha postfix/smtpd[15396]: warning: SASL authentication failure: no secret in database
Jul 19 13:55:38 alpha postfix/smtpd[15396]: warning: xxx.wireless.dyn.drei.com[xxx]: SASL NTLM authentication failed: authentication failure
Jul 19 13:55:40 alpha postfix/smtpd[15396]: disconnect from xxx.wireless.dyn.drei.com[xxx]


Proxy autorization funktioniert (getestet mit ldapwhoami), Passwörter sind auch als Klartext hinterlegt

Ich blick einfach nicht mehr durch.. was mach ich noch falsch?

Roger Wilco
19.07.10, 20:35
Was sagt dein slapd dazu? Du kannst die Abfragen ja mal mitloggen lassen. Außerdem ist auf Seiten von slapd noch ein wenig Konfiguration nötig, wenn du das Verzeichnis mit Cyrus SASL auxprop abfragen willst, siehe auch http://www.linux-magazin.de/Heft-Abo/Ausgaben/2005/01/In-der-Vermittlerrolle.

TheDarkRose
19.07.10, 21:06
Also die Einstellungen im slapd sind getroffen, siehe zweiten post mit all den angaben. Aber ich kapiere die ausgabe des logs nicht wirklich. kann mir da jemand intepretieren helfen?


Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]: 15r
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: daemon: read active on 15
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: connection_get(15)
Jul 19 18:59:21 alpha slapd[164]: connection_get(15): got connid=1000
Jul 19 18:59:21 alpha slapd[164]: connection_read(15): checking for input on id=1000
Jul 19 18:59:21 alpha slapd[164]: op tag 0x63, time 1279565961
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=75 do_search
Jul 19 18:59:21 alpha slapd[164]: >>> dnPrettyNormal: <o=Abimus>
Jul 19 18:59:21 alpha slapd[164]: <<< dnPrettyNormal: <o=Abimus>, <o=abimus>
Jul 19 18:59:21 alpha slapd[164]: SRCH "o=Abimus" 2 0
Jul 19 18:59:21 alpha slapd[164]: 0 0 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: begin get_filter_list
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: end get_filter_list
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: filter: (&(objectClass=posixAccount)(uid=postfix))
Jul 19 18:59:21 alpha slapd[164]: attrs:
Jul 19 18:59:21 alpha slapd[164]: uid
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=75 SRCH base="o=Abimus" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=postfix))"
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=75 SRCH attr=uid
Jul 19 18:59:21 alpha slapd[164]: ==> limits_get: conn=1000 op=75 self="[anonymous]" this="o=abimus"
Jul 19 18:59:21 alpha slapd[164]: => hdb_search
Jul 19 18:59:21 alpha slapd[164]: bdb_dn2entry("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "o=Abimus" "entry" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr entry
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "o=Abimus", attr "entry" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to all values by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35539
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: search_candidates: base="o=abimus" (0x00000001) scope=2
Jul 19 18:59:21 alpha slapd[164]: => hdb_dn2idl("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: OR
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa1
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [b49d1940]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read: failed (-30988)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [5941c014]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read 2 candidates
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=2, first=8, last=12
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=8 last=12
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (uid)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [b83a7e64]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read: failed (-30988)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=0 first=8 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=8 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=0 first=1 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=1 last=0
Jul 19 18:59:21 alpha slapd[164]: bdb_search_candidates: id=0 first=1 last=0
Jul 19 18:59:21 alpha slapd[164]: hdb_search: no candidates
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: conn=1000 op=75 p=3
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: err=0 matched="" text=""
Jul 19 18:59:21 alpha slapd[164]: send_ldap_response: msgid=76 tag=101 err=0
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=75 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]: 15r
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: daemon: read active on 15
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: connection_get(15)
Jul 19 18:59:21 alpha slapd[164]: connection_get(15): got connid=1000
Jul 19 18:59:21 alpha slapd[164]: connection_read(15): checking for input on id=1000
Jul 19 18:59:21 alpha slapd[164]: op tag 0x63, time 1279565961
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=76 do_search
Jul 19 18:59:21 alpha slapd[164]: >>> dnPrettyNormal: <o=Abimus>
Jul 19 18:59:21 alpha slapd[164]: <<< dnPrettyNormal: <o=Abimus>, <o=abimus>
Jul 19 18:59:21 alpha slapd[164]: SRCH "o=Abimus" 2 0
Jul 19 18:59:21 alpha slapd[164]: 0 0 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: begin get_filter_list
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: end get_filter_list
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: filter: (&(objectClass=posixGroup)(memberUid=postfix))
Jul 19 18:59:21 alpha slapd[164]: attrs:
Jul 19 18:59:21 alpha slapd[164]: cn
Jul 19 18:59:21 alpha slapd[164]: userPassword
Jul 19 18:59:21 alpha slapd[164]: memberUid
Jul 19 18:59:21 alpha slapd[164]: gidNumber
Jul 19 18:59:21 alpha slapd[164]: uniqueMember
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=76 SRCH base="o=Abimus" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=postfix))"
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=76 SRCH attr=cn userPassword memberUid gidNumber uniqueMember
Jul 19 18:59:21 alpha slapd[164]: ==> limits_get: conn=1000 op=76 self="[anonymous]" this="o=abimus"
Jul 19 18:59:21 alpha slapd[164]: => hdb_search
Jul 19 18:59:21 alpha slapd[164]: bdb_dn2entry("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "o=Abimus" "entry" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr entry
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "o=Abimus", attr "entry" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to all values by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35539
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: search_candidates: base="o=abimus" (0x00000001) scope=2
Jul 19 18:59:21 alpha slapd[164]: => hdb_dn2idl("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: OR
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa1
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [b49d1940]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read: failed (-30988)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [fd83b1e1]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read 2 candidates
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=2, first=7, last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (memberUid)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: (memberUid) not indexed
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=-1 first=1 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: bdb_search_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => test_filter_and
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=patspo,ou=Groups,o=Abimus" "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr objectClass
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=patspo,ou=Groups,o=Abimus", attr "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35539
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 6
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=patspo,ou=Groups,o=Abimus" "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr memberUid
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=patspo,ou=Groups,o=Abimus", attr "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35539
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter_and 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: hdb_search: 7 does not match filter
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => test_filter_and
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=proxyuser,ou=Groups,o=Abimus" "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr objectClass
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=proxyuser,ou=Groups,o=Abimus", attr "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35539
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 6
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=proxyuser,ou=Groups,o=Abimus" "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr memberUid
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=proxyuser,ou=Groups,o=Abimus", attr "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35539
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter_and 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: hdb_search: 13 does not match filter
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: conn=1000 op=76 p=3
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: err=0 matched="" text=""
Jul 19 18:59:21 alpha slapd[164]: send_ldap_response: msgid=77 tag=101 err=0
Jul 19 18:59:21 alpha slapd[164]: conn=1000 op=76 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]: 18r
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: daemon: read active on 18
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: connection_get(18)
Jul 19 18:59:21 alpha slapd[164]: connection_get(18): got connid=1001
Jul 19 18:59:21 alpha slapd[164]: connection_read(18): checking for input on id=1001
Jul 19 18:59:21 alpha slapd[164]: op tag 0x63, time 1279565961
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=75 do_search
Jul 19 18:59:21 alpha slapd[164]: >>> dnPrettyNormal: <o=Abimus>
Jul 19 18:59:21 alpha slapd[164]: <<< dnPrettyNormal: <o=Abimus>, <o=abimus>
Jul 19 18:59:21 alpha slapd[164]: SRCH "o=Abimus" 2 0
Jul 19 18:59:21 alpha slapd[164]: 0 0 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: begin get_filter_list
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: end get_filter_list
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: filter: (&(objectClass=posixAccount)(uid=postfix))
Jul 19 18:59:21 alpha slapd[164]: attrs:
Jul 19 18:59:21 alpha slapd[164]: uid
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=75 SRCH base="o=Abimus" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=postfix))"
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=75 SRCH attr=uid
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: ==> limits_get: conn=1001 op=75 self="[anonymous]" this="o=abimus"
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]: => hdb_search
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: bdb_dn2entry("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "o=Abimus" "entry" requested
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr entry
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "o=Abimus", attr "entry" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to all values by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35540
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: search_candidates: base="o=abimus" (0x00000001) scope=2
Jul 19 18:59:21 alpha slapd[164]: => hdb_dn2idl("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: OR
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa1
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [b49d1940]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read: failed (-30988)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [5941c014]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read 2 candidates
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=2, first=8, last=12
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=8 last=12
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (uid)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [b83a7e64]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read: failed (-30988)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=0 first=8 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=8 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=0 first=1 last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=1 last=0
Jul 19 18:59:21 alpha slapd[164]: bdb_search_candidates: id=0 first=1 last=0
Jul 19 18:59:21 alpha slapd[164]: hdb_search: no candidates
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: conn=1001 op=75 p=3
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: err=0 matched="" text=""
Jul 19 18:59:21 alpha slapd[164]: send_ldap_response: msgid=76 tag=101 err=0
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=75 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]: 18r
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: daemon: read active on 18
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: connection_get(18)
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: connection_get(18): got connid=1001
Jul 19 18:59:21 alpha slapd[164]: connection_read(18): checking for input on id=1001
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: op tag 0x63, time 1279565961
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=76 do_search
Jul 19 18:59:21 alpha slapd[164]: >>> dnPrettyNormal: <o=Abimus>
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on 1 descriptor
Jul 19 18:59:21 alpha slapd[164]: <<< dnPrettyNormal: <o=Abimus>, <o=abimus>
Jul 19 18:59:21 alpha slapd[164]: daemon: activity on:
Jul 19 18:59:21 alpha slapd[164]: SRCH "o=Abimus" 2 0
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: 0 0 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: begin get_filter_list
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: begin get_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: end get_filter_list
Jul 19 18:59:21 alpha slapd[164]: end get_filter 0
Jul 19 18:59:21 alpha slapd[164]: filter: (&(objectClass=posixGroup)(memberUid=postfix))
Jul 19 18:59:21 alpha slapd[164]: attrs:
Jul 19 18:59:21 alpha slapd[164]: cn
Jul 19 18:59:21 alpha slapd[164]: userPassword
Jul 19 18:59:21 alpha slapd[164]: memberUid
Jul 19 18:59:21 alpha slapd[164]: gidNumber
Jul 19 18:59:21 alpha slapd[164]: uniqueMember
Jul 19 18:59:21 alpha slapd[164]:
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=76 SRCH base="o=Abimus" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=postfix))"
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=76 SRCH attr=cn userPassword memberUid gidNumber uniqueMember
Jul 19 18:59:21 alpha slapd[164]: ==> limits_get: conn=1001 op=76 self="[anonymous]" this="o=abimus"
Jul 19 18:59:21 alpha slapd[164]: => hdb_search
Jul 19 18:59:21 alpha slapd[164]: bdb_dn2entry("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "o=Abimus" "entry" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr entry
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "o=Abimus", attr "entry" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to all values by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35540
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: search_candidates: base="o=abimus" (0x00000001) scope=2
Jul 19 18:59:21 alpha slapd[164]: => hdb_dn2idl("o=abimus")
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: OR
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa1
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [b49d1940]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read: failed (-30988)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=0 first=0 last=0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => bdb_list_candidates 0xa0
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (objectClass)
Jul 19 18:59:21 alpha slapd[164]: => key_read
Jul 19 18:59:21 alpha slapd[164]: bdb_idl_fetch_key: [fd83b1e1]
Jul 19 18:59:21 alpha slapd[164]: <= bdb_index_read 2 candidates
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: id=2, first=7, last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: => bdb_filter_candidates
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => bdb_equality_candidates (memberUid)
Jul 19 18:59:21 alpha slapd[164]: <= bdb_equality_candidates: (memberUid) not indexed
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=-1 first=1 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_list_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: <= bdb_filter_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: bdb_search_candidates: id=2 first=7 last=13
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => test_filter_and
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=patspo,ou=Groups,o=Abimus" "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr objectClass
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=patspo,ou=Groups,o=Abimus", attr "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35540
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 6
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=patspo,ou=Groups,o=Abimus" "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr memberUid
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=patspo,ou=Groups,o=Abimus", attr "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35540
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter_and 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: hdb_search: 7 does not match filter
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: AND
Jul 19 18:59:21 alpha slapd[164]: => test_filter_and
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=proxyuser,ou=Groups,o=Abimus" "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr objectClass
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=proxyuser,ou=Groups,o=Abimus", attr "objectClass" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35540
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 6
Jul 19 18:59:21 alpha slapd[164]: => test_filter
Jul 19 18:59:21 alpha slapd[164]: EQUALITY
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=proxyuser,ou=Groups,o=Abimus" "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => dn: [3]
Jul 19 18:59:21 alpha slapd[164]: => acl_get: [4] attr memberUid
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: access to entry "cn=proxyuser,ou=Groups,o=Abimus", attr "memberUid" requested
Jul 19 18:59:21 alpha slapd[164]: => acl_mask: to value by "", (=0)
Jul 19 18:59:21 alpha slapd[164]: <= check a_peername_path: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: pattern: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => acl_string_expand: expanded: 127\.0\.0\.1
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: string: IP=127.0.0.1:35540
Jul 19 18:59:21 alpha slapd[164]: => regex_matches: rc: 0 matches
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jul 19 18:59:21 alpha slapd[164]: <= acl_mask: [1] mask: read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access granted by read(=rscxd)
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter_and 5
Jul 19 18:59:21 alpha slapd[164]: <= test_filter 5
Jul 19 18:59:21 alpha slapd[164]: hdb_search: 13 does not match filter
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: conn=1001 op=76 p=3
Jul 19 18:59:21 alpha slapd[164]: send_ldap_result: err=0 matched="" text=""
Jul 19 18:59:21 alpha slapd[164]: send_ldap_response: msgid=77 tag=101 err=0
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=76 SEARCH RESULT tag=101 err=0 nentries=0 text=

Roger Wilco
20.07.10, 09:54
Jul 19 18:59:21 alpha slapd[164]: => access_allowed: search access to "cn=proxyuser,ou=Groups,o=Abimus" "memberUid" requested
[...]
Jul 19 18:59:21 alpha slapd[164]: => slap_access_allowed: search access granted by read(=rscxd)
[...]
Jul 19 18:59:21 alpha slapd[164]: conn=1001 op=76 SEARCH RESULT tag=101 err=0 nentries=0 text=

Dein Proxy-Benutzer darf sich erfolgreich am LDAP-Server anmelden und eine Suche starten, erhaelt aber keine Ergebnisse (nentries=0). Du solltest die Suchkriterien in deiner slapd-Konfiguration nochmal ueberpruefen.

TheDarkRose
20.07.10, 10:31
Das ist ja das komische. Der proxyuser ist in ou=Roles. in ou=Groups gibts zwar auch noch ne posixGroup cn=proxyuser, aber warum wird die hergenommen? Die olcAuthzRegexp verweist ja auch auf den proxyuser in ou=Roles.

TheDarkRose
21.07.10, 20:18
Das was in der local_recipient_maps steht, beeinflusst nicht die SASL-Authentifizierung, odeR?

Roger Wilco
21.07.10, 20:52
Ich wüsste nicht, wie es das sollte.

TheDarkRose
22.07.10, 06:52
War nur so ein blöder Gedanke ;)

Naja, bin gerade dabei auf einem Testserver Schritt für Schritt Postfix und danach Cyrus IMAP mit lokalen Accounts zu erstellen und immer durchtesten. Danach werde ich Schritt für Schritt die hash-Listen auf ldap-Listen umstellen. Wenn dann alles funktioniert, werde ich es ins Produktivsystem übernehmen.