| |
| |
| |
|
<mh_le> where does ldap keep it's access logs?
<Gagatan> mh_le: is uses syslog, defaults to LOCAL4.DEBUG..
<mh_le> okay.. now I'm off to #linuxhelp to ask where syslog keeps it's logs..
<mh_le> :) thanks
<mh_le> I've looked in /var/log/messages but access attempts for ldap arn't logged there
<Gagatan> have you set a proper loglevel in slapd.conf ?
<og> mh_le: syslog puts logs into different files according to /etc/syslog.conf
<mh_le> Gagatan: I set it 1024 and nothing of intrest is there
<mh_le> og: yeah, I checked, it does not mention ldap
<og> mh_le: No, that's where it should mention local4, like Gagatan told you.
<Gagatan> mh_le: I don't remember what 1024 will give you.. I use 256 or 267 mostly
<og> mh_le: If there's no entry for that, and no global entry that catches everything it will not write log info from slapd at all.
<og> mh_le: Regardless of the loglevel in slapd.conf.
<mh_le> alright
<mh_le> #
<mh_le> # All messages except iptables and the facilities news and mail:
<mh_le> #
<mh_le> destination messages { file("/var/log/messages"); };
<mh_le> log { source(src); filter(f_messages); destination(messages); };
<mh_le> I'm looking in /var/log/messages and there no mention of access attempts
<og> Hm, that's a different syslog than the one I use :-)
<Gagatan> aol
<Gagatan> mh_le: you can also try running slapd by hand "slapd -d 256 <other options>"
<mh_le> okay this might be usefull but I have no idea oh how to fix it
<Gagatan> go ask syslogng-people then..
<Gagatan> if you run slapd from the commandline.. using -d option, you get debug/log-info directly in your terminal
<mh_le> no, I ment what I got out of slapd -d 256
<Gagatan> oh
<Gagatan> how to fix what exactly?
<Gagatan> what is your problem btw? :)
<mh_le> I'm installing OpenXchange, and when I try to add a user with adduser_ox I get a bad DN error... the output of the log shows I actually get three... going to see if anyone on the OpenXchange mailing list can help me..
<mh_le> #open-Xchange dosen't seem to be active..
<reiffert> http://irc-galleria.net/view.php?nick=apox&image_id=18941802
<SimonRaven> mh_le: go to #flood, i have it set up for syslog-ng
<SimonRaven> better yet, i'll stick it in a paste bin
<SimonRaven> mh_le: http://channels.debian.net/paste/950
<SimonRaven> @slapd syslog-ng is <reply>an example of a configuration snippet for syslog-ng is viewble at http://channels.debian.net/paste/950
<dokbot> okay, SimonRaven
<mh_le> SimonRaven: thanks.. it does not seem to work though.. I'm using syslog-ng is that matters
<mh_le> oh that was for -ng
<SimonRaven> i am too, and yes it does work. you need to enable slapd for logging
<mh_le> I did.. loglevel 1024 but there isn't any logs in /var/log
<SimonRaven> does slapd have -l local4 as command line option set?
<mh_le> SimonRaven: let me check..
<mh_le> BASE_CONFIG_DN?
<SimonRaven> slapd --help
<MrS***yPants> who do I run ldapwhoami so it doesn't use sasl ?
<SimonRaven> -x
<SimonRaven> man ldapwhoami
<MrS***yPants> I mean, with supplying uid=blah etc
<MrS***yPants> ldapwhoami -x -D cn=Manager,dc=dabserver,dc=local -W
<MrS***yPants> ldap_bind: Invalid credentials (49)
<SimonRaven> jsut means bad bind dn or p***wd
<MrS***yPants> but it isnt
<SimonRaven> server doesn't think so
<MrS***yPants> I did it
<MrS***yPants> the slapd didn't eat the encrypted p***word in slapd.conf
<MrS***yPants> plaintext it works =p
<mattman72> Hello all.
<mattman72> I have setup 2 LDAP servers and have 4 machines attempting to authenticate to the 2 ldap servers (one master, one slave). Everything works ok until I try to use p***wd to change a p***word, It just fails no matter what I do. Any suggestions?
<og> What error messages do you get in your logs?
<mattman72> Oct 22 16:13:27 bpas01 slapd[25394]: conn=0 fd=11 ACCEPT from IP=208.187.108.10:55891 (IP=0.0.0.0:636)
<mattman72> Oct 22 16:13:27 bpas01 slapd[25394]: conn=0 fd=11 closed
<og> You should rather see what your auth or security logs say.
<mattman72> this is a fresh gentoo install with syslog-ng, doesnt look like I have an auth or security lg
<mattman72> I got that out of /var/log/messages
<og> I can't help you debug your distribution, but a failed authentication attempt by p***wd should show up in your security logs.
<mattman72> one sec, lemme dig for it
<mattman72> ok here is what happens followed by what shows up in /var/log/messages
<mattman72> p***wd
<mattman72> Enter login(LDAP) p***word:
<mattman72> New UNIX p***word:
<mattman72> Retype new UNIX p***word:
<mattman72> LDAP p***word information update failed: Unknown error
<mattman72> p***wd: Permission denied
<mattman72> Oct 22 16:28:15 bpas01 slapd[25759]: conn=1 fd=11 ACCEPT from IP=208.187.108.10:38384 (IP=0.0.0.0:636)
<mattman72> Oct 22 16:28:15 bpas01 slapd[25759]: conn=1 fd=11 closed
<mattman72> Oct 22 16:28:15 bpas01 p***wd[25767]: pam_ldap: ldap_extended_operation_s Referral
<mattman72> Any help is appreciated
<mattman72> I have no acl's implimented in slapd.conf.
<Gagatan> mattman72: are you trying to write to a slave?
<mattman72> nope
<mattman72> I am performing this operation on the master as root
<og> mattman72: Is that the whole pam_ldap line, or did you cut it early?
<mattman72> that is the entire log entry.
<Aaron> guess he didnt want an answer
<Aaron> mh_le - have you had any success?
<wido> any luma users still alive and brave enough for a new test release? :)
<bhearsum> is thre any way to have an email address field for something in the account objectCl*** ? because it seems to me i have to have to entries for each user..one for the account cl***, and one for the person cl***
<SimonRaven> bhearsum: be careful with the account OC, it can be too restrictive. conflicts with inetorgperson, for instance
<bhearsum> SimonRaven, i can't have inetorgperson and account for the same entry
<SimonRaven> i said that, just differently. you get A+ on the exam
<bhearsum> wahooooo
<SimonRaven> hehe
<wido> moin #ldap :)
<nemisus> moin wido
<Gagatan> moin
<SimonRaven> hi
<mh_le> Aaron: nah :/
<Nap> hi
<mh_le> hey
<SimonRaven> hyc: i found a bug in some code. i was making a diff between 2.3.7 and CVS HEAD from about an hour or 2 ago, and in libraries/libldap/init.c it goes:
<SimonRaven> -#define MAX_LDAP_ATTR_LEN sizeof("TLS_CACERTDIR")
<SimonRaven> +#define MAX_LDAP_ATTR_LEN sizeof("TLS_CIPHER_SUITE")
<SimonRaven> i think it should be just the addition, don't think? ;)
<SimonRaven> s/don't$/you/
<hyc> SimonRaven - what are you asking?
<SimonRaven> it's ok, i filed an ITS. seemed to me that maybe that line shouldn't be removed
<hyc> ?
<hyc> MAX_LDAP_ATTR_LEN is the length of the longest attribute.
<hyc> there can only be one "longest"
<asyd> wth the max_ldap_attrn_len is related to sizeof("tls_cipher_suite") ?
<SimonRaven> oh, i see. so you attributed it to CIPHER_SUITE instead of CACERTDIR?
<hyc> yes
<SimonRaven> gotcha
<SimonRaven> thanks
<hyc> asyd: not an attribute, ldap.conf keywords.
<asyd> ahh
<asyd> ouf
<SimonRaven> sorry about my confusion
<mh_le> hi SimonRaven
<SimonRaven> hi
<mh_le> I got my ldap issues worked out
<mh_le> it they were caused by an embr***ing oversight
Return to ldap
or
Go to some related
logs:
Edmund Goodhue
unixboard
|
|