[Techtalk] macs and openldap

Maria McKinley maria at shadlen.org
Tue Sep 25 08:14:20 UTC 2007 

Maria McKinley wrote:
> Maria McKinley wrote:
> 
>>Maria McKinley wrote:
>>
>>
>>>Hello,
>>>
>>>Well, I'm not getting any response from the openldap mailing list, so I 
>>>thought I'd see if any of you have any ideas:
>>>
>>>I have upgraded my ldap server (debian, openldap 2.3.35-2), and I can
>>>get everything to authenticate properly except the macs. I get these
>>>errors in the log:
>>>
>>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 fd=34 ACCEPT from
>>>IP=10.208.108.77:49255 (IP=0.0.0.0:389)
>>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=0 BIND dn="" method=163
>>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=0 RESULT tag=97 err=14 
>>>text=
>>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=1 BIND dn="" method=163
>>>Sep 24 01:27:29 billie slapd[6261]: SASL [conn=3249] Error: unable to
>>>open Berkeley db /etc/sasldb2: No such file or directory
>>>Sep 24 01:27:29 billie last message repeated 2 times
>>>Sep 24 01:27:29 billie slapd[6261]: SASL [conn=3249] Failure: no
>>>secret in database
>>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=1 RESULT tag=97
>>>err=49 text=SASL(-13): user not found: no secret in database
>>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=2 UNBIND
>>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 fd=34 closed
>>>
>>>These machines use to be able to authenticate, so I think it must be
>>>something that changed in the process of upgrading. Ssh, mail, and all
>>>other services are working fine. I didn't have /etc/sasldb2 before,
>>>not sure why it wants it now. Any ideas?
>>>
>>>thanks,
>>>maria
>>>
>>
>>

I've decided that the /etc/sasldb2 might be a red herring. Trying to 
authenticate from another mac yeilds a failure without the database issue:

Sep 25 01:07:58 billie slapd[9026]: conn=2054 fd=16 ACCEPT from 
IP=10.208.108.34:49186 (IP=0.0.0.0:389)
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=0 BIND dn="" method=128
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=0 RESULT tag=97 err=0 text=
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=1 SRCH 
base="dc=shadlen,dc=org" scope=2 deref=0 
filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=maria)))"
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=1 SRCH 
attr=homeDirectory gidNumber cn uid uidNumber loginShell
Sep 25 01:07:58 billie slapd[9026]: <= bdb_equality_candidates: (uid) 
index_param failed (18)
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=2 SRCH 
base="dc=shadlen,dc=org" scope=2 deref=0 
filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=maria)))"
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=2 SRCH attr=uid
Sep 25 01:07:58 billie slapd[9026]: <= bdb_equality_candidates: (uid) 
index_param failed (18)
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=3 SRCH 
base="dc=shadlen,dc=org" scope=2 deref=0 
filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(uid=maria))"
Sep 25 01:07:58 billie slapd[9026]: <= bdb_equality_candidates: (uid) 
index_param failed (18)
Sep 25 01:07:58 billie slapd[9026]: conn=2054 op=3 SEARCH RESULT tag=101 
err=0 nentries=1 text=

In fact, it looks just like other entries, where the authentication was 
successful. I think the problem is with the macs. Somehow it screwed up 
their configurations to upgrade openldap on the server. Unfortunately, I 
have no idea what to do with this...

Thank you all for listening to me talk to myself. ;-)
~maria

More information about the Techtalk mailing list