|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Sergey 2:5020/400 04 Apr 2003 18:09:17
To : Alexander Lunyov
Subject : Re: Hе получается заюзать ACI в OpenLDAP
--------------------------------------------------------------------------------
On Fri, 04 Apr 2003 09:05:00 +0300, Alexander Lunyov wrote:
Привет.
> Hу и теперь мы наверное перейдем к конфигам, логам и конкретным
> ошибкам...
ASP Linux 7.3
openldap-2.0.27
gq-0.7-beta2
slapd.conf:
access ro * by aci
core.schema:
objectclass ( 1.3.6.1.4.1.10755.1.2.1.6
NAME 'OpenLDAPacl'
DESC 'OpenLDAP access control information'
SUP top STRUCTURAL
MUST ( objectclass )
MAY ( OpenLDAPaci ) )
ldif:
dn: cn=User1,ou=Admins,o=Melorama,c=UA
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: openLDAPacl
sn: User1
cn: User1
userPassword: secret
OpenLDAPaci: 1#subtree#grant;r,w,s,c;[all]#access-id#ou=o=Melorama,c=UA
OpenLDAPaci: 2#entry#grant;r,w,s,c;[all]#access-id#ou=Test,o=Melorama,c=UA
В результате добавления, мы имеем пользователя User1 в соответствующей
ветке с абсолютно пустым атрибутом OpenLDAPaci.
Пробуем записать в этот атрибут из gq, на что получаем:
Inappropriate matching
Aditional error: modify: add values failed
А теперь большое сорри за длинный отладочный текст:
daemon: conn=0 fd=9 connection from IP=127.0.0.1:32858 (IP=0.0.0.0:389)
accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 2a *
ldap_read: want=42, got=42
0000: 02 01 01 60 25 02 01 03 04 18 63 6e 3d 41 64 6d ...`%.....cn=Adm
0010: 69 6e 2c 6f 3d 4d 65 6c 6f 72 61 6d 61 2c 63 3d in,o=Melorama,c=
0020: 55 41 80 06 73 65 63 72 65 74 UA..secret
ber_get_next: tag 0x30 len 42 contents:
ber_dump: buf=0x080e7f08 ptr=0x080e7f08 end=0x080e7f32 len=42
0000: 02 01 01 60 25 02 01 03 04 18 63 6e 3d 41 64 6d ...`%.....cn=Adm
0010: 69 6e 2c 6f 3d 4d 65 6c 6f 72 61 6d 61 2c 63 3d in,o=Melorama,c=
0020: 55 41 80 06 73 65 63 72 65 74 UA..secret
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080e7f08 ptr=0x080e7f0b end=0x080e7f32 len=39
0000: 60 25 02 01 03 04 18 63 6e 3d 41 64 6d 69 6e 2c `%.....cn=Admin,
0010: 6f 3d 4d 65 6c 6f 72 61 6d 61 2c 63 3d 55 41 80 o=Melorama,c=UA.
0020: 06 73 65 63 72 65 74 .secret
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080e7f08 ptr=0x080e7f2a end=0x080e7f32 len=8
0000: 80 06 73 65 63 72 65 74 ..secret
do_bind: version=3 dn="cn=Admin,o=Melorama,c=UA" method=128
conn=0 op=0 BIND dn="CN=ADMIN,O=MELORAMA,C=UA" method=128
==> ldbm_back_bind: dn: cn=Admin,o=Melorama,c=UA
dn2entry_r: dn: "CN=ADMIN,O=MELORAMA,C=UA"
=> dn2id( "CN=ADMIN,O=MELORAMA,C=UA" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
<= ldbm_cache_open (opened 0)
<= dn2id 2
=> id2entry_r( 2 )
=> ldbm_cache_open( "id2entry.dbb", 73, 600 )
ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
<= ldbm_cache_open (opened 1)
=> str2entry
<= str2entry(cn=Admin,o=Melorama,c=UA) -> -1 (0x80e8b98)
<= id2entry_r( 2 ) 0x80e8b98 (disk)
====> cache_return_entry_r( 2 ): created (0)
do_bind: v3 bind: "cn=Admin,o=Melorama,c=UA" to "cn=Admin,o=Melorama,c=UA"
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: 0::
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 9
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
conn=0 op=0 RESULT tag=97 err=0 text=
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 7d }
ldap_read: want=125, got=125
0000: 02 01 02 66 78 04 22 63 6e 3d 55 73 65 72 31 2c ...fx."cn=User1,
0010: 6f 75 3d 41 64 6d 69 6e 73 2c 6f 3d 4d 65 6c 6f ou=Admins,o=Melo
0020: 72 61 6d 61 2c 63 3d 55 41 30 52 30 50 0a 01 00 rama,c=UA0R0P...
0030: 30 4b 04 0b 4f 70 65 6e 4c 44 41 50 61 63 69 31 0K..OpenLDAPaci1
0040: 3c 04 3a 31 23 73 75 62 74 72 65 65 23 67 72 61 <.:1#subtree#gra
0050: 6e 74 3b 72 2c 77 2c 73 2c 63 3b 5b 61 6c 6c 5d nt;r,w,s,c;[all]
0060: 23 61 63 63 65 73 73 2d 69 64 23 6f 75 3d 6f 3d #access-id#ou=o=
0070: 4d 65 6c 6f 72 61 6d 61 2c 63 3d 55 41 Melorama,c=UA
ber_get_next: tag 0x30 len 125 contents:
ber_dump: buf=0x080e8ac8 ptr=0x080e8ac8 end=0x080e8b45 len=125
0000: 02 01 02 66 78 04 22 63 6e 3d 55 73 65 72 31 2c ...fx."cn=User1,
0010: 6f 75 3d 41 64 6d 69 6e 73 2c 6f 3d 4d 65 6c 6f ou=Admins,o=Melo
0020: 72 61 6d 61 2c 63 3d 55 41 30 52 30 50 0a 01 00 rama,c=UA0R0P...
0030: 30 4b 04 0b 4f 70 65 6e 4c 44 41 50 61 63 69 31 0K..OpenLDAPaci1
0040: 3c 04 3a 31 23 73 75 62 74 72 65 65 23 67 72 61 <.:1#subtree#gra
0050: 6e 74 3b 72 2c 77 2c 73 2c 63 3b 5b 61 6c 6c 5d nt;r,w,s,c;[all]
0060: 23 61 63 63 65 73 73 2d 69 64 23 6f 75 3d 6f 3d #access-id#ou=o=
0070: 4d 65 6c 6f 72 61 6d 61 2c 63 3d 55 41 Melorama,c=UA
do_modify
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
ber_scanf fmt ({a) ber:
ber_dump: buf=0x080e8ac8 ptr=0x080e8acb end=0x080e8b45 len=122
0000: 66 78 04 22 63 6e 3d 55 73 65 72 31 2c 6f 75 3d fx."cn=User1,ou=
0010: 41 64 6d 69 6e 73 2c 6f 3d 4d 65 6c 6f 72 61 6d Admins,o=Meloram
0020: 61 2c 63 3d 55 41 30 52 30 50 0a 01 00 30 4b 04 a,c=UA0R0P...0K.
0030: 0b 4f 70 65 6e 4c 44 41 50 61 63 69 31 3c 04 3a .OpenLDAPaci1<.:
0040: 31 23 73 75 62 74 72 65 65 23 67 72 61 6e 74 3b 1#subtree#grant;
0050: 72 2c 77 2c 73 2c 63 3b 5b 61 6c 6c 5d 23 61 63 r,w,s,c;[all]#ac
0060: 63 65 73 73 2d 69 64 23 6f 75 3d 6f 3d 4d 65 6c cess-id#ou=o=Mel
0070: 6f 72 61 6d 61 2c 63 3d 55 41 orama,c=UA
do_modify: dn (cn=User1,ou=Admins,o=Melorama,c=UA)
ber_scanf fmt ({i{a[V]}}) ber:
ber_dump: buf=0x080e8ac8 ptr=0x080e8af3 end=0x080e8b45 len=82
0000: 30 50 0a 01 00 30 4b 04 0b 4f 70 65 6e 4c 44 41 0P...0K..OpenLDA
0010: 50 61 63 69 31 3c 04 3a 31 23 73 75 62 74 72 65 Paci1<.:1#subtre
0020: 65 23 67 72 61 6e 74 3b 72 2c 77 2c 73 2c 63 3b e#grant;r,w,s,c;
0030: 5b 61 6c 6c 5d 23 61 63 63 65 73 73 2d 69 64 23 [all]#access-id#
0040: 6f 75 3d 6f 3d 4d 65 6c 6f 72 61 6d 61 2c 63 3d ou=o=Melorama,c=
0050: 55 41 UA
modifications:
add: OpenLDAPaci
conn=0 op=1 MOD dn="cn=User1,ou=Admins,o=Melorama,c=UA"
dn2entry_r: dn: "CN=USER1,OU=ADMINS,O=MELORAMA,C=UA"
=> dn2id( "CN=USER1,OU=ADMINS,O=MELORAMA,C=UA" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 23
=> id2entry_r( 23 )
=> ldbm_cache_open( "id2entry.dbb", 73, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(cn=User1,ou=Admins,o=Melorama,c=UA) -> -1 (0x80e91c0)
<= id2entry_r( 23 ) 0x80e91c0 (disk)
====> cache_return_entry_r( 23 ): created (0)
ldbm_back_modify:
dn2entry_w: dn: "CN=USER1,OU=ADMINS,O=MELORAMA,C=UA"
=> dn2id( "CN=USER1,OU=ADMINS,O=MELORAMA,C=UA" )
====> cache_find_entry_dn2id("CN=USER1,OU=ADMINS,O=MELORAMA,C=UA"): 23 (1 tries)
<= dn2id 23 (in cache)
=> id2entry_w( 23 )
====> cache_find_entry_id( 23 ) "cn=User1,ou=Admins,o=Melorama,c=UA" (found) (1
tries)
<= id2entry_w( 23 ) 0x80e91c0 (cache)
ldbm_modify_internal: CN=USER1,OU=ADMINS,O=MELORAMA,C=UA
<= acl_access_allowed: granted to database root
ldbm_modify_internal: add
ldbm_modify_internal: 18 modify: add values failed
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: 18::modify: add values failed
send_ldap_response: msgid=2 tag=103 err=18
ber_flush: 39 bytes to sd 9
0000: 30 25 02 01 02 67 20 0a 01 12 04 00 04 19 6d 6f 0%...g .......mo
0010: 64 69 66 79 3a 20 61 64 64 20 76 61 6c 75 65 73 dify: add values
0020: 20 66 61 69 6c 65 64 failed
ldap_write: want=39, written=39
0000: 30 25 02 01 02 67 20 0a 01 12 04 00 04 19 6d 6f 0%...g .......mo
0010: 64 69 66 79 3a 20 61 64 64 20 76 61 6c 75 65 73 dify: add values
0020: 20 66 61 69 6c 65 64 failed
conn=0 op=1 RESULT tag=103 err=18 text=modify: add values failed
====> cache_return_entry_w( 23 ): returned (0)
Сергей.
--- ifmail v.2.15dev5
* Origin: melorama (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
