389-users July 2015

389-users@lists.fedoraproject.org

19 participants
20 discussions

Problem browsing LDAP with Outlook
by Chris Bryant 26 Aug '20

26 Aug '20

When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS. When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well. I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also. Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration. Thanks, Chris USA.NET You Run Your Business. We'll Run Your Email. This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.

3 2

access log error : Resource temporarily unavailable
by ghiureai 31 Jul '15

31 Jul '15

Hi lIst. we are getting the following in access files, would like to know wher eto look for clues , what means "Resource temporarily unavailable ? op=1 RESULT err=0 tag=101 nentries=5514 etime=14 notes=U [31/Jul/2015:09:37:21 -0700] conn=143371 op=-1 fd=67 closed error 11 (Resource temporarily unavailable) - T1 [31/Jul/2015:09:37:21 -0700] conn=143369 op=-1 fd=65 closed error 11 (Resource temporarily unavailable) - T1 op=-1 fd=67 closed error 11 (Resource temporarily unavailable) - T1 [31/Jul/2015:09:37:21 -0700] conn=143369 op=-1 fd=65 closed error 11 (Resource temporarily unavailable) - T1

3 2

PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.
by ozikat 30 Jul '15

30 Jul '15

Good day everyday, I came across the problem to connect from 389PassSync Version 1.1.6-x86_64 running on Windows 2008 R2 _to_ 389-DS version 1.2.11.15 that running on Linux CentOS 6.6. Below is the error seen on /var/logs/dirdrv/slapd-xxx/access ### Access Log Start ### [26/Jul/2015:15:47:37 +0000] conn=4 fd=65 slot=65 SSL connection from x.x.x.x to y.y.y.y [26/Jul/2015:15:47:37 +0000] conn=4 op=-1 fd=65 closed - Peer reports incompatible or unsupported protocol version. [26/Jul/2015:15:47:45 +0000] conn=5 fd=65 slot=65 SSL connection from x.x.x.x to y.y.y.y [26/Jul/2015:15:47:45 +0000] conn=5 op=-1 fd=65 closed - Peer reports incompatible or unsupported protocol version. [26/Jul/2015:15:48:01 +0000] conn=6 fd=65 slot=65 SSL connection from x.x.x.x to y.y.y.y [26/Jul/2015:15:48:01 +0000] conn=6 op=-1 fd=65 closed - Peer reports incompatible or unsupported protocol version. [26/Jul/2015:15:49:15 +0000] conn=1 fd=64 slot=64 SSL connection from x.x.x.x to y.y.y.y [26/Jul/2015:15:49:15 +0000] conn=1 op=-1 fd=64 closed - Peer reports incompatible or unsupported protocol version. ### Access Log End ### I tried to connect using ldp.exe on Windows 2008 Server, it seems ok. Just that PassSync unable to communicate via the SSL connections from the server. ###### ldp.exe start ##### ld = ldap_open("curry.noodle.com", 636); Established connection to curry.noodle.com. Retrieving base DSA information... Getting 1 entries: Dn: (RootDSE) dataversion: 020150726160257020150726160257; defaultnamingcontext: dc=noodle,dc=com; namingContexts (2): dc=noodle,dc=com; o=netscaperoot; netscapemdsuffix: cn=ldap://dc=curry,dc=noodle,dc=com:389; objectClass: top; supportedControl (21): 2.16.840.1.113730.3.4.2; 2.16.840.1.113730.3.4.3; 2.16.840.1.113730.3.4.4; 2.16.840.1.113730.3.4.5; 1.2.840.113556.1.4.473 = ( SORT ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST ); 2.16.840.1.113730.3.4.16; 2.16.840.1.113730.3.4.15; 2.16.840.1.113730.3.4.17; 2.16.840.1.113730.3.4.19; 1.3.6.1.4.1.42.2.27.8.5.1; 1.3.6.1.4.1.42.2.27.9.5.2; 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.3.6.1.4.1.42.2.27.9.5.8; 1.3.6.1.4.1.4203.666.5.16; 2.16.840.1.113730.3.4.14; 2.16.840.1.113730.3.4.20; 1.3.6.1.4.1.1466.29539.12; 2.16.840.1.113730.3.4.12; 2.16.840.1.113730.3.4.18; 2.16.840.1.113730.3.4.13; supportedExtension (14): 2.16.840.1.113730.3.5.7; 2.16.840.1.113730.3.5.8; 2.16.840.1.113730.3.5.3; 2.16.840.1.113730.3.5.12; 2.16.840.1.113730.3.5.5; 2.16.840.1.113730.3.5.6; 2.16.840.1.113730.3.5.9; 2.16.840.1.113730.3.5.4; 2.16.840.1.113730.3.6.5; 2.16.840.1.113730.3.6.6; 2.16.840.1.113730.3.6.7; 2.16.840.1.113730.3.6.8; 1.3.6.1.4.1.1466.20037 = ( START_TLS ); 1.3.6.1.4.1.4203.1.11.1; supportedLDAPVersion (2): 2; 3; supportedSASLMechanisms (5): EXTERNAL; CRAM-MD5; DIGEST-MD5; ANONYMOUS; GSSAPI; vendorName: 389 Project; vendorVersion: 389-Directory/1.2.11.15 B2014.314.1342; ----------- res = ldap_simple_bind_s(ld, 'cn=spicy,cn=config', <unavailable>); // v.3 Authenticated as: 'cn=spicy,cn=config'. ----------- ###### ldp.exe end ##### Hopefully there are jedi in the rom can help ;) -- Ozikat

3 6

389-amdin GUI/console :Performance counters->Connection Status display
by ghiureai 29 Jul '15

29 Jul '15

Hi List I would like to know how can I confiige my console to see the stats for "Connection Status "windows there 4-5 columns :TIme Opened,Started but can't see any fields entries in my 389-admin GUI for thist particular counters ? Thank you Isabella

1 0

DNA pluging multiple entries for dnascope
by ghiureai 24 Jul '15

24 Jul '15

Hi Gurus, we are trying to cfg the DNA pluging the, ldap host has two dc's : dc =top1,dc=net and dc=top2,dc=net I have added the extra layer/container with ldapmodify add using : dnascope: ou=ds,dc=top1,dc=net Now I would like to extend this attribute to next dc =top2 but running ldapmodify with new entry for dnascope fails, see bellow the last lines: dnascope: ou=ds,dc=top2 dnanextvalue: 250000 adding new entry "cn=Numeric ID,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" ldap_add: Already exists (68) Please advise how can you add mutiple dc's values Thank you,

1 0

How to use Host Based Attributes with Class of Service
by Paul Tobias 22 Jul '15

22 Jul '15

Hi guys, In short: Can I use Class of Service[1] together with Host Based Attributes[2]? It doesn't work for me. The directory server uses Host Based Attributes to give different loginshell on servers and desktops. The idea is that on a desktop machine a user can use /bin/bash as the shell. But on a server the users get /bin/bash4, which is a patched bash with audit logging. (And is not installed on desktops). So a user entry looks like this: dn: uid=paul.tobias,ou=People,dc=example,dc=com loginShell: /bin/bash loginShell;bash4: /bin/bash4 And then on a server there is this line in sssd.conf: ldap_user_shell = loginShell;bash4 And everybody is happy. The problem is I have to remember to add the `loginShell` and `loginShell;bash4` attributes to all new users, otherwise the user cannot log in and not everybody is happy. To achieve this I've added Class of Service to have defaults for both of those loginshell attributes like this: dn: cn=user defaults cos,ou=people,dc=example,dc=com costemplatedn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com cosattribute: loginshell cosattribute: loginshell;bash4 override And the matching template: dn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com loginshell: /bin/bash loginshell;bash4: /bin/bash4 After this I deleted both `loginShell` and `loginShell;bash4` attributes from the user entries. And this works well for the `loginshell` attribute, ldapsearch returns `loginShell: /bin/bash`, even if the user doesn't have `loginShell` at all, this is exactly what I want. But it doesn't work for the `loginshell;bash4` attribute, ldapsearch doesn't return `loginShell;bash4`, even if I try to query it directly. Is this a limitation of the implementation or am I doing something wrong? Have a nice day, Paul [1] http://directory.fedoraproject.org/docs/389ds/howto/howto-classofservice.ht… [2] http://www.port389.org/docs/389ds/howto/howto-hostbasedattributes.html

2 3

DNA Plugin Causes 389-DS to Crash if Large Number of Candidates
by Fong, Trevor 17 Jul '15

17 Jul '15

Hi Guys, We’re running 389-ds 1.2.11.29-1.el6 and are experimenting with the DNA plugin. When trying to set an existing account’s uidNumber to the magic regen number of 99999, we get the error message in the errors log: Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. And then DS becomes unresponsive. Looking at the debug error logs, it seems that the number of candidates defined by the combination of dnaScope and dnaFilter is too large (1389387 ids) for the sort function? Is there a fix? Or is there some error in our setup? Thanks, Trev Our setup is thus: dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: extensibleObject objectClass: nsContainer objectClass: nsSlapdPlugin objectClass: top cn: Distributed Numeric Assignment Plugin nsslapd-pluginDescription: Distributed Numeric Assignment plugin nsslapd-pluginEnabled: on nsslapd-pluginId: Distributed Numeric Assignment nsslapd-pluginInitfunc: dna_init nsslapd-pluginPath: libdna-plugin nsslapd-pluginType: bepreoperation nsslapd-pluginVendor: 389 Project nsslapd-pluginVersion: 1.2.11.29 nsslapd-plugin-depends-on-type: database dn: cn=UID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=co nfig objectClass: extensibleObject objectClass: top cn: UID numbers dnaFilter: (&(employeeNumber=*)(objectclass=posixAccount)) dnaMagicRegen: 99999 dnaNextValue: 10000002 dnaScope: ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com dnaType: uidNumber Error log: [16/Jul/2015:15:31:05 -0700] - add_pb [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907e68, handle=8 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907d30, handle=8 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:05 -0700] - get_pb [16/Jul/2015:15:31:05 -0700] - --> pagedresults_in_use [16/Jul/2015:15:31:05 -0700] - <-- pagedresults_in_use: 0 [16/Jul/2015:15:31:05 -0700] - do_modify [16/Jul/2015:15:31:05 -0700] - do_modify: dn (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - => get_ldapmessage_controls [16/Jul/2015:15:31:05 -0700] - <= get_ldapmessage_controls no controls [16/Jul/2015:15:31:05 -0700] - modifications: [16/Jul/2015:15:31:05 -0700] - replace: uidNumber [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403 [16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search [16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403 [16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search [16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403 [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0 [16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0 [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal [16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids [16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk) [16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410 [16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry [16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0:: [16/Jul/2015:15:31:05 -0700] - <= send_ldap_result [16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot [16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr [16/Jul/2015:15:31:05 -0700] - Calling plugin '7-bit check' #0 type 405 [16/Jul/2015:15:31:05 -0700] NS7bitAttr - MODIFY begin [16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 405 [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Auto Membership Plugin' #3 type 405 [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_pre_op [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_get_sdn [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_get_sdn [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_dn_is_config [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_dn_is_config [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 405 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Linked Attributes' #7 type 405 [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_pre_op [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_get_dn [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_get_dn [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_dn_is_config [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_dn_is_config [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Managed Entries' #8 type 405 [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_pre_op [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_get_sdn [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_get_sdn [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_dn_is_config [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_dn_is_config [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_isrepl [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_isrepl [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403 [16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search [16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403 [16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search [16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403 [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0 [16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0 [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal [16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids [16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk) [16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410 [16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry [16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0:: [16/Jul/2015:15:31:05 -0700] - <= send_ldap_result [16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 405 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'PAM Pass Through Auth' #10 type 405 [16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - => pam_passthru_preop [16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - <= pam_passthru_preop [16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 1 [16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0 [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Distributed Numeric Assignment Plugin' #0 type 451 [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_pre_op [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn [16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn [16/Jul/2015:15:31:05 -0700] - => entry_apply_mods [16/Jul/2015:15:31:05 -0700] - uidNumber: 99999 [16/Jul/2015:15:31:05 -0700] - replace: uidNumber [16/Jul/2015:15:31:05 -0700] - - [16/Jul/2015:15:31:05 -0700] - modifiersname: cn=directory manager [16/Jul/2015:15:31:05 -0700] - replace: modifiersname [16/Jul/2015:15:31:05 -0700] - - [16/Jul/2015:15:31:05 -0700] - modifytimestamp: 20150716223105Z [16/Jul/2015:15:31:05 -0700] - replace: modifytimestamp [16/Jul/2015:15:31:05 -0700] - - [16/Jul/2015:15:31:05 -0700] - <= entry_apply_mods 0 [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_is_config [16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_is_config [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn [16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn [16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.2) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.8.5.1) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.20) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.14) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.9.5.2) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.319) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => compute_limits: sizelimit=-1, timelimit=-1 [16/Jul/2015:15:31:06 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403 [16/Jul/2015:15:31:06 -0700] account-usability-plugin - --> auc_pre_search [16/Jul/2015:15:31:06 -0700] account-usability-plugin - <-- auc_pre_op [16/Jul/2015:15:31:06 -0700] - Calling plugin 'ACL preoperation' #2 type 403 [16/Jul/2015:15:31:06 -0700] - Calling plugin 'deref' #4 type 403 [16/Jul/2015:15:31:06 -0700] deref-plugin - --> deref_pre_search [16/Jul/2015:15:31:06 -0700] deref-plugin - <-- deref_pre_op [16/Jul/2015:15:31:06 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403 [16/Jul/2015:15:31:06 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403 [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.473) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 1 (FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.9) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => find_entry_internal (dn=ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0 [16/Jul/2015:15:31:06 -0700] - => dn2entry_ext "ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:06 -0700] - <= dn2entry_ext 283fc90 [16/Jul/2015:15:31:06 -0700] - <= find_entry_internal_dn found (ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:06 -0700] - <= find_entry_internal [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa1 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa0 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => presence_candidates [16/Jul/2015:15:31:06 -0700] - => index_read( "employeeNumber" + "" ) [16/Jul/2015:15:31:06 -0700] - indextype: "pres" indexmask: 0x3 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075 [16/Jul/2015:15:31:06 -0700] - idl_new_fetch + returns allids [16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates [16/Jul/2015:15:31:06 -0700] - <= presence_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => ava_candidates [16/Jul/2015:15:31:06 -0700] - objectClass=posixAccount [16/Jul/2015:15:31:06 -0700] - => keys2idl type objectClass indextype eq [16/Jul/2015:15:31:06 -0700] - => index_read( "objectClass" = "posixaccount" ) [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075 [16/Jul/2015:15:31:06 -0700] - idl_new_fetch =posixaccount returns allids [16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates [16/Jul/2015:15:31:06 -0700] - ival[0] = "posixaccount" => 1389387 IDs [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => range_candidates attr=uidNumber [16/Jul/2015:15:31:06 -0700] - index_range_read lookthrough_limit=-1 [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x1000 [16/Jul/2015:15:31:06 -0700] - <= index_range_read(uidNumber,=) 1389387 candidates (allids) [16/Jul/2015:15:31:06 -0700] - <= range_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => ava_candidates [16/Jul/2015:15:31:06 -0700] - objectclass=referral [16/Jul/2015:15:31:06 -0700] - => keys2idl type objectclass indextype eq [16/Jul/2015:15:31:06 -0700] - => index_read( "objectclass" = "referral" ) [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2 [16/Jul/2015:15:31:06 -0700] - <= index_read 0 candidates [16/Jul/2015:15:31:06 -0700] - ival[0] = "referral" => 0 IDs [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 0 [16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => index_read( "ancestorid" = "709968" ) [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=208 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=416 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=624 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=814 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1021 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1228 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1435 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1629 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1836 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2043 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2250 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2444 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2651 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2858 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3065 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3259 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3466 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3673 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3880 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4074 [16/Jul/2015:15:31:06 -0700] - idl_new_fetch =709968 returns allids [16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates [16/Jul/2015:15:31:06 -0700] - candidate list has 1389387 ids [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - Asked to sort ALLIDS candidate list, refusing [16/Jul/2015:15:31:06 -0700] - => send_ldap_result 12::Sort Response Control [16/Jul/2015:15:31:06 -0700] - <= send_ldap_result [16/Jul/2015:15:31:06 -0700] - mapping tree release backend : userRoot [16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: failed to allocate a new ID!! [16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: operation failure [1] [16/Jul/2015:15:31:06 -0700] - => send_ldap_result 1::Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. [16/Jul/2015:15:31:06 -0700] - <= send_ldap_result [16/Jul/2015:15:31:06 -0700] dna-plugin - <-- dna_pre_op

2 2

Re: [389-users] DNA Plugin Causes 389-DS to Crash if Large Number of Candidates
by Fong, Trevor 16 Jul '15

16 Jul '15

BTW, we were able to artificially make it work by changing the dnaFilter to the emplid of our test user: dnaFilter: (&(employeeNumber=12345)(objectclass=posixAccount)) Trev From: Trevor Fong <trevor.fong(a)ubc.ca<mailto:trevor.fong@ubc.ca>> Date: Thursday, July 16, 2015 at 4:47 PM To: "389-users(a)lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>" <389-users(a)lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>> Subject: DNA Plugin Causes 389-DS to Crash if Large Number of Candidates Hi Guys, We’re running 389-ds 1.2.11.29-1.el6 and are experimenting with the DNA plugin. When trying to set an existing account’s uidNumber to the magic regen number of 99999, we get the error message in the errors log: Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. And then DS becomes unresponsive. Looking at the debug error logs, it seems that the number of candidates defined by the combination of dnaScope and dnaFilter is too large (1389387 ids) for the sort function? Is there a fix? Or is there some error in our setup? Thanks, Trev Our setup is thus: dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: extensibleObject objectClass: nsContainer objectClass: nsSlapdPlugin objectClass: top cn: Distributed Numeric Assignment Plugin nsslapd-pluginDescription: Distributed Numeric Assignment plugin nsslapd-pluginEnabled: on nsslapd-pluginId: Distributed Numeric Assignment nsslapd-pluginInitfunc: dna_init nsslapd-pluginPath: libdna-plugin nsslapd-pluginType: bepreoperation nsslapd-pluginVendor: 389 Project nsslapd-pluginVersion: 1.2.11.29 nsslapd-plugin-depends-on-type: database dn: cn=UID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=co nfig objectClass: extensibleObject objectClass: top cn: UID numbers dnaFilter: (&(employeeNumber=*)(objectclass=posixAccount)) dnaMagicRegen: 99999 dnaNextValue: 10000002 dnaScope: ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com dnaType: uidNumber Error log: [16/Jul/2015:15:31:05 -0700] - add_pb [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907e68, handle=8 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907d30, handle=8 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:05 -0700] - get_pb [16/Jul/2015:15:31:05 -0700] - --> pagedresults_in_use [16/Jul/2015:15:31:05 -0700] - <-- pagedresults_in_use: 0 [16/Jul/2015:15:31:05 -0700] - do_modify [16/Jul/2015:15:31:05 -0700] - do_modify: dn (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - => get_ldapmessage_controls [16/Jul/2015:15:31:05 -0700] - <= get_ldapmessage_controls no controls [16/Jul/2015:15:31:05 -0700] - modifications: [16/Jul/2015:15:31:05 -0700] - replace: uidNumber [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403 [16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search [16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403 [16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search [16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403 [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0 [16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0 [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal [16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids [16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk) [16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410 [16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry [16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0:: [16/Jul/2015:15:31:05 -0700] - <= send_ldap_result [16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot [16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr [16/Jul/2015:15:31:05 -0700] - Calling plugin '7-bit check' #0 type 405 [16/Jul/2015:15:31:05 -0700] NS7bitAttr - MODIFY begin [16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 405 [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Auto Membership Plugin' #3 type 405 [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_pre_op [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_get_sdn [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_get_sdn [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_dn_is_config [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_dn_is_config [16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 405 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Linked Attributes' #7 type 405 [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_pre_op [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_get_dn [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_get_dn [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_dn_is_config [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_dn_is_config [16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Managed Entries' #8 type 405 [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_pre_op [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_get_sdn [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_get_sdn [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_dn_is_config [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_dn_is_config [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_isrepl [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_isrepl [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS) [16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403 [16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search [16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403 [16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search [16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403 [16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0 [16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0 [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal [16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids [16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache) [16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk) [16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410 [16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry [16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0:: [16/Jul/2015:15:31:05 -0700] - <= send_ldap_result [16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot [16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_pre_op [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 405 [16/Jul/2015:15:31:05 -0700] - Calling plugin 'PAM Pass Through Auth' #10 type 405 [16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - => pam_passthru_preop [16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - <= pam_passthru_preop [16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 1 [16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0 [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:05 -0700] - <= find_entry_internal [16/Jul/2015:15:31:05 -0700] - Calling plugin 'Distributed Numeric Assignment Plugin' #0 type 451 [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_pre_op [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn [16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn [16/Jul/2015:15:31:05 -0700] - => entry_apply_mods [16/Jul/2015:15:31:05 -0700] - uidNumber: 99999 [16/Jul/2015:15:31:05 -0700] - replace: uidNumber [16/Jul/2015:15:31:05 -0700] - - [16/Jul/2015:15:31:05 -0700] - modifiersname: cn=directory manager [16/Jul/2015:15:31:05 -0700] - replace: modifiersname [16/Jul/2015:15:31:05 -0700] - - [16/Jul/2015:15:31:05 -0700] - modifytimestamp: 20150716223105Z [16/Jul/2015:15:31:05 -0700] - replace: modifytimestamp [16/Jul/2015:15:31:05 -0700] - - [16/Jul/2015:15:31:05 -0700] - <= entry_apply_mods 0 [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_is_config [16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_is_config [16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn [16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn [16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.2) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.8.5.1) [16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.20) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout [16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: - [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.14) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.9.5.2) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.319) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - mapping tree selected backend : userRoot [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => compute_limits: sizelimit=-1, timelimit=-1 [16/Jul/2015:15:31:06 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403 [16/Jul/2015:15:31:06 -0700] account-usability-plugin - --> auc_pre_search [16/Jul/2015:15:31:06 -0700] account-usability-plugin - <-- auc_pre_op [16/Jul/2015:15:31:06 -0700] - Calling plugin 'ACL preoperation' #2 type 403 [16/Jul/2015:15:31:06 -0700] - Calling plugin 'deref' #4 type 403 [16/Jul/2015:15:31:06 -0700] deref-plugin - --> deref_pre_search [16/Jul/2015:15:31:06 -0700] deref-plugin - <-- deref_pre_op [16/Jul/2015:15:31:06 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403 [16/Jul/2015:15:31:06 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403 [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.473) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 1 (FOUND) [16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.9) [16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND) [16/Jul/2015:15:31:06 -0700] - => find_entry_internal (dn=ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0 [16/Jul/2015:15:31:06 -0700] - => dn2entry_ext "ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com" [16/Jul/2015:15:31:06 -0700] - <= dn2entry_ext 283fc90 [16/Jul/2015:15:31:06 -0700] - <= find_entry_internal_dn found (ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) [16/Jul/2015:15:31:06 -0700] - <= find_entry_internal [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa1 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa0 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => presence_candidates [16/Jul/2015:15:31:06 -0700] - => index_read( "employeeNumber" + "" ) [16/Jul/2015:15:31:06 -0700] - indextype: "pres" indexmask: 0x3 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075 [16/Jul/2015:15:31:06 -0700] - idl_new_fetch + returns allids [16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates [16/Jul/2015:15:31:06 -0700] - <= presence_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => ava_candidates [16/Jul/2015:15:31:06 -0700] - objectClass=posixAccount [16/Jul/2015:15:31:06 -0700] - => keys2idl type objectClass indextype eq [16/Jul/2015:15:31:06 -0700] - => index_read( "objectClass" = "posixaccount" ) [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075 [16/Jul/2015:15:31:06 -0700] - idl_new_fetch =posixaccount returns allids [16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates [16/Jul/2015:15:31:06 -0700] - ival[0] = "posixaccount" => 1389387 IDs [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => range_candidates attr=uidNumber [16/Jul/2015:15:31:06 -0700] - index_range_read lookthrough_limit=-1 [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x1000 [16/Jul/2015:15:31:06 -0700] - <= index_range_read(uidNumber,=) 1389387 candidates (allids) [16/Jul/2015:15:31:06 -0700] - <= range_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => filter_candidates [16/Jul/2015:15:31:06 -0700] - => ava_candidates [16/Jul/2015:15:31:06 -0700] - objectclass=referral [16/Jul/2015:15:31:06 -0700] - => keys2idl type objectclass indextype eq [16/Jul/2015:15:31:06 -0700] - => index_read( "objectclass" = "referral" ) [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2 [16/Jul/2015:15:31:06 -0700] - <= index_read 0 candidates [16/Jul/2015:15:31:06 -0700] - ival[0] = "referral" => 0 IDs [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 0 [16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387 [16/Jul/2015:15:31:06 -0700] - => index_read( "ancestorid" = "709968" ) [16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=208 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=416 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=624 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=814 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1021 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1228 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1435 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1629 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1836 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2043 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2250 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2444 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2651 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2858 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3065 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3259 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3466 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3673 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3880 [16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4074 [16/Jul/2015:15:31:06 -0700] - idl_new_fetch =709968 returns allids [16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates [16/Jul/2015:15:31:06 -0700] - candidate list has 1389387 ids [16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0 [16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [16/Jul/2015:15:31:06 -0700] - Asked to sort ALLIDS candidate list, refusing [16/Jul/2015:15:31:06 -0700] - => send_ldap_result 12::Sort Response Control [16/Jul/2015:15:31:06 -0700] - <= send_ldap_result [16/Jul/2015:15:31:06 -0700] - mapping tree release backend : userRoot [16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: failed to allocate a new ID!! [16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: operation failure [1] [16/Jul/2015:15:31:06 -0700] - => send_ldap_result 1::Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. [16/Jul/2015:15:31:06 -0700] - <= send_ldap_result [16/Jul/2015:15:31:06 -0700] dna-plugin - <-- dna_pre_op

2 1

389-ds access.log parsing - turning LDAP request type into an audit event
by Burn Alting 13 Jul '15

13 Jul '15

Has anyone authored code to parse a 389 Directory Server's access.log file(s) with an aim of generating audit events based around the LDAP request type. Basically, take the log sequence [21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608 connection from 207.1.153.51 to 192.18.122.139 [21/Apr/2007:11:39:51 -0700] conn=11 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [21/Apr/2007:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97 nentries=0 etime=0 [21/Apr/2007:11:39:51 -0700] conn=11 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=bjensen)" [21/Apr/2007:11:39:51 -0700] conn=11 op=1 RESULT err=0 tag=101 nentries=1 etime=1000 notes=U [21/Apr/2007:11:39:51 -0700] conn=11 op=2 UNBIND [21/Apr/2007:11:39:51 -0700] conn=11 op=2 fd=608 closed - U1 And turn this into an audit event with a date/time (21/Apr/2007:11:39:51 -0700), a client location (207.1.153.51), server location (192.18.122.139), a user (cn=Directory Manager), an event (SRCH) and event metadata of (query - base="dc=example,dc=com" scope=2 filter="(uid=bjensen)", result set size - 1, timetaken = 1000 sec, etc) The logconv.pl script seems to do all sorts of analysis, but no event representation. Thanks in advance

3 6

Netscape Portable Runtime error after adding temporary certs
by Troy Axthelm 10 Jul '15

10 Jul '15

I am running into an issue with adding temporary trusted certs to 389 directory server running on redhat 6.6. I have been following this guide step by step to install self-signed certs: https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.… After generating the certs using certutil, and adding them as trusted certs in 389, I check the enable ssl checkbox in the 389 directory console. I continue to follow the next steps until I reset the dirsrv service. The dirsrv service will not restart. Error message (notice I changed the secure port to 1636 this time but get same results leaving it as 636): [10/Jul/2015:08:35:23 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests [10/Jul/2015:08:38:58 -0600] - The change of nsslapd-secureport will not take effect until the server is restarted [10/Jul/2015:08:39:49 -0600] - slapd shutting down - signaling operation threads [10/Jul/2015:08:39:49 -0600] - slapd shutting down - waiting for 27 threads to terminate [10/Jul/2015:08:39:49 -0600] - slapd shutting down - closing down internal subsystems and plugins [10/Jul/2015:08:39:49 -0600] - Waiting for 4 database threads to stop [10/Jul/2015:08:39:49 -0600] - All database threads now stopped [10/Jul/2015:08:39:49 -0600] - slapd stopped. [10/Jul/2015:08:39:52 -0600] createprlistensockets - PR_Bind() on All Interfaces port 1636 failed: Netscape Portable Runtime error -5966 (Access Denied.) Do any of you have any ideas of what is causing this issue or what I may be doing wrong? If you need more information please do not hesitate to ask. -Troy

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users July 2015