Re: ldap/nscd: kein Einloggen möglich

21 Jul 2010


      Hallo,
hier ist jetzt der debug output vom ldap server mit -d384.
Was mir auffällt ist (TLS negotiation failure) und später TLS established
Aber sonst?
Im client kommt nachwievor
nss_ldap: could not search LDAP server - Server is unavailable
gkr-pam: error looking up user information for: [hier steht der 
Benutzername]
User not known to the underlying authentication module
Gruß, Ulrich

=================================================
Jul 21 15:09:57 ldap-server slapd[81273]: slapd starting

Jul 21 15:10:08 ldap-server slapd[81273]: conn=1007 fd=21 ACCEPT from 
IP=nnn.nnn.nnn.nnn:51789 (IP=0.0.0.0:389)
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1007 op=0 EXT 
oid=1.3.6.1.4.1.1466.20037
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1007 op=0 STARTTLS
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1007 op=0 RESULT oid= 
err=0 text=
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1007 fd=21 closed (TLS 
negotiation failure)
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1008 fd=21 ACCEPT from 
IP=nnn.nnn.nnn.nnn:51790 (IP=0.0.0.0:389)
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1008 op=0 EXT 
oid=1.3.6.1.4.1.1466.20037
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1008 op=0 STARTTLS
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1008 op=0 RESULT oid= 
err=0 text=
Jul 21 15:10:08 ldap-server slapd[81273]: conn=1008 fd=21 closed (TLS 
negotiation failure)


Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 fd=23 ACCEPT from 
IP=nnn.nnn.nnn.nnn:51791 (IP=0.0.0.0:389)
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=0 EXT 
oid=1.3.6.1.4.1.1466.20037
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=0 STARTTLS
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=0 RESULT oid= 
err=0 text=
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 fd=23 TLS 
established tls_ssf=256 ssf=256
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=1 BIND dn="" 
method=128
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=1 RESULT tag=97 
err=0 text=
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=2 SRCH 
base="ou=xxxxx,o=xxxxx" scope=2 deref=0 
filter="(&(objectClass=posixAccount)(uid=[Benutzername]))"
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=2 SRCH attr=host 
authorizedService shadowExpire shadowFlag shadowInactive 
shadowLastChange shadowMax shadowMin shadowWarning uidNumber
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: search 
access to "ou=xxxxx,o=xxxxx" "entry" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr entry
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"ou=xxxxx,o=xxxxx", attr "entry" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to all values by 
"", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: search 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: search 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: search 
access to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "objectClass" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr objectClass
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "objectClass" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: search 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: search 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: search 
access to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "uid" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr uid
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "uid" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: search 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: search 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "entry" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr entry
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "entry" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to all values by 
"", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: read 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: result not 
in cache (shadowLastChange)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "shadowLastChange" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr 
shadowLastChange
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "shadowLastChange" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: read 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: result not 
in cache (uidNumber)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "uidNumber" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr uidNumber
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "uidNumber" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: read 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: result not 
in cache (host)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "host" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr host
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "host" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: read 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: result not 
in cache (shadowMax)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "shadowMax" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr shadowMax
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "shadowMax" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: read 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: result not 
in cache (shadowWarning)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "shadowWarning" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [3] attr shadowWarning
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "shadowWarning" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: *
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] applying 
read(=rscxd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [1] mask: 
read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: read 
access granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: read access 
granted by read(=rscxd)
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=2 SEARCH RESULT 
tag=101 err=0 nentries=1 text=
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=3 BIND 
dn="uid=[Benutzername],ou=xxxxx,o=xxxxx" method=128
Jul 21 15:10:11 ldap-server slapd[81273]: slap_global_control: 
unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: result not 
in cache (userPassword)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: auth access 
to "uid=[Benutzername],ou=xxxxx,o=xxxxx" "userPassword" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [1] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => dn: [2] ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] matched
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_get: [2] attr userPassword
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: access to entry 
"uid=[Benutzername],ou=xxxxx,o=xxxxx", attr "userPassword" requested
Jul 21 15:10:11 ldap-server slapd[81273]: => acl_mask: to value by "", (=0)
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: 
uid=[Benutzername],ou=xxxxx,o=xxxxx
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: self
Jul 21 15:10:11 ldap-server slapd[81273]: <= check a_dn_pat: anonymous
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [3] applying 
auth(=xd) (stop)
Jul 21 15:10:11 ldap-server slapd[81273]: <= acl_mask: [3] mask: auth(=xd)
Jul 21 15:10:11 ldap-server slapd[81273]: => slap_access_allowed: auth 
access granted by auth(=xd)
Jul 21 15:10:11 ldap-server slapd[81273]: => access_allowed: auth access 
granted by auth(=xd)
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=3 BIND 
dn="uid=[Benutzername],ou=xxxxx,o=xxxxx" mech=SIMPLE ssf=0
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=3 RESULT tag=97 
err=0 text=
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=4 BIND anonymous 
mech=implicit ssf=0
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=4 BIND dn="" 
method=128
Jul 21 15:10:11 ldap-server slapd[81273]: conn=1011 op=4 RESULT tag=97 
err=0 text=


Jul 21 15:10:14 ldap-server slapd[81273]: conn=1004 op=18 SEARCH RESULT 
tag=101 err=0 nentries=0 text=
Jul 21 15:10:14 ldap-server slapd[81273]: conn=1011 op=5 UNBIND
Jul 21 15:10:14 ldap-server slapd[81273]: conn=1011 fd=23 closed


On 07/20/2010 10:01 PM, Dieter Kluenter wrote:
...
Am Tue, 20 Jul 2010 10:05:13 +0200
schrieb Ulrich Hiller<hiller@mpia-hd.mpg.de>:
...
Hallo,
ich habe opensuse 11.3 auf x86_64 installiert und prompt Probleme.
Soll heißen es ist eigentlich nur eins: ldap tut nicht.
Was bedeutet 'ldap tut nicht'?
...
Erst mal vorneweg: Bis einschließlich opensuse 11.2 (32- und 64-bit)
hat ldap einwandfrei funktioniert.
Was meinst du damit, pam_ldap und nss_ldap haben funktioniert, oder
OpenLDAP hat funktioniert.
[...]
Zu pam_ldap und nss_ldap kann ich wenig sagen, denn das sind LDAP
Clients. Versuche doch erst einmal OpenLDAP als Fehlerquelle
auszuschließen. Dazu startest du slapd  mit dem Parameter -d384 auf
der Konsole. Sieh dir die Debugging Ausgaben an und versuche, die
Fehlerquelle zu erkennen. Dann sehen wir weiter.
-Dieter
-- 
Um die Liste abzubestellen, schicken Sie eine Mail an:
    opensuse-de+unsubscribe@opensuse.org
Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken
Sie eine Mail an: opensuse-de+help@opensuse.org