Problem browsing LDAP with Outlook
by Chris Bryant
When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS.
When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well.
I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also.
Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration.
Thanks,
Chris
USA.NET
You Run Your Business. We'll Run Your Email.
This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.
2 years, 9 months
access log error : Resource temporarily unavailable
by ghiureai
Hi lIst.
we are getting the following in access files, would like to know wher
eto look for clues , what means "Resource temporarily unavailable ?
op=1 RESULT err=0 tag=101 nentries=5514 etime=14 notes=U
[31/Jul/2015:09:37:21 -0700] conn=143371 op=-1 fd=67 closed error 11
(Resource temporarily unavailable) - T1
[31/Jul/2015:09:37:21 -0700] conn=143369 op=-1 fd=65 closed error 11
(Resource temporarily unavailable) - T1
op=-1 fd=67 closed error 11 (Resource temporarily unavailable) - T1
[31/Jul/2015:09:37:21 -0700] conn=143369 op=-1 fd=65 closed error 11
(Resource temporarily unavailable) - T1
7 years, 10 months
PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.
by ozikat
Good day everyday,
I came across the problem to connect from 389PassSync Version
1.1.6-x86_64 running on Windows 2008 R2 _to_ 389-DS version 1.2.11.15
that running on Linux CentOS 6.6.
Below is the error seen on /var/logs/dirdrv/slapd-xxx/access
### Access Log Start ###
[26/Jul/2015:15:47:37 +0000] conn=4 fd=65 slot=65 SSL connection from
x.x.x.x to y.y.y.y
[26/Jul/2015:15:47:37 +0000] conn=4 op=-1 fd=65 closed - Peer reports
incompatible or unsupported protocol version.
[26/Jul/2015:15:47:45 +0000] conn=5 fd=65 slot=65 SSL connection from
x.x.x.x to y.y.y.y
[26/Jul/2015:15:47:45 +0000] conn=5 op=-1 fd=65 closed - Peer reports
incompatible or unsupported protocol version.
[26/Jul/2015:15:48:01 +0000] conn=6 fd=65 slot=65 SSL connection from
x.x.x.x to y.y.y.y
[26/Jul/2015:15:48:01 +0000] conn=6 op=-1 fd=65 closed - Peer reports
incompatible or unsupported protocol version.
[26/Jul/2015:15:49:15 +0000] conn=1 fd=64 slot=64 SSL connection from
x.x.x.x to y.y.y.y
[26/Jul/2015:15:49:15 +0000] conn=1 op=-1 fd=64 closed - Peer reports
incompatible or unsupported protocol version.
### Access Log End ###
I tried to connect using ldp.exe on Windows 2008 Server, it seems ok.
Just that PassSync unable to communicate via the SSL connections from
the server.
###### ldp.exe start #####
ld = ldap_open("curry.noodle.com", 636);
Established connection to curry.noodle.com.
Retrieving base DSA information...
Getting 1 entries:
Dn: (RootDSE)
dataversion: 020150726160257020150726160257;
defaultnamingcontext: dc=noodle,dc=com;
namingContexts (2): dc=noodle,dc=com; o=netscaperoot;
netscapemdsuffix: cn=ldap://dc=curry,dc=noodle,dc=com:389;
objectClass: top;
supportedControl (21): 2.16.840.1.113730.3.4.2; 2.16.840.1.113730.3.4.3;
2.16.840.1.113730.3.4.4; 2.16.840.1.113730.3.4.5; 1.2.840.113556.1.4.473
= ( SORT ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST );
2.16.840.1.113730.3.4.16; 2.16.840.1.113730.3.4.15;
2.16.840.1.113730.3.4.17; 2.16.840.1.113730.3.4.19;
1.3.6.1.4.1.42.2.27.8.5.1; 1.3.6.1.4.1.42.2.27.9.5.2;
1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.3.6.1.4.1.42.2.27.9.5.8;
1.3.6.1.4.1.4203.666.5.16; 2.16.840.1.113730.3.4.14;
2.16.840.1.113730.3.4.20; 1.3.6.1.4.1.1466.29539.12;
2.16.840.1.113730.3.4.12; 2.16.840.1.113730.3.4.18;
2.16.840.1.113730.3.4.13;
supportedExtension (14): 2.16.840.1.113730.3.5.7;
2.16.840.1.113730.3.5.8; 2.16.840.1.113730.3.5.3;
2.16.840.1.113730.3.5.12; 2.16.840.1.113730.3.5.5;
2.16.840.1.113730.3.5.6; 2.16.840.1.113730.3.5.9;
2.16.840.1.113730.3.5.4; 2.16.840.1.113730.3.6.5;
2.16.840.1.113730.3.6.6; 2.16.840.1.113730.3.6.7;
2.16.840.1.113730.3.6.8; 1.3.6.1.4.1.1466.20037 = ( START_TLS );
1.3.6.1.4.1.4203.1.11.1;
supportedLDAPVersion (2): 2; 3;
supportedSASLMechanisms (5): EXTERNAL; CRAM-MD5; DIGEST-MD5; ANONYMOUS;
GSSAPI;
vendorName: 389 Project;
vendorVersion: 389-Directory/1.2.11.15 B2014.314.1342;
-----------
res = ldap_simple_bind_s(ld, 'cn=spicy,cn=config', <unavailable>); // v.3
Authenticated as: 'cn=spicy,cn=config'.
-----------
###### ldp.exe end #####
Hopefully there are jedi in the rom can help ;)
--
Ozikat
7 years, 10 months
DNA pluging multiple entries for dnascope
by ghiureai
Hi Gurus,
we are trying to cfg the DNA pluging the, ldap host has two dc's :
dc =top1,dc=net and dc=top2,dc=net I have added the extra
layer/container with
ldapmodify add using :
dnascope: ou=ds,dc=top1,dc=net
Now I would like to extend this attribute to next dc =top2 but running
ldapmodify with new entry for dnascope fails, see bellow the last lines:
dnascope: ou=ds,dc=top2
dnanextvalue: 250000
adding new entry "cn=Numeric ID,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config"
ldap_add: Already exists (68)
Please advise how can you add mutiple dc's values
Thank you,
7 years, 10 months
How to use Host Based Attributes with Class of Service
by Paul Tobias
Hi guys,
In short: Can I use Class of Service[1] together with Host Based Attributes[2]? It doesn't work for me.
The directory server uses Host Based Attributes to give different loginshell on servers and desktops. The idea is that on a desktop machine a user can use /bin/bash as the shell. But on a server the users get /bin/bash4, which is a patched bash with audit logging. (And is not installed on desktops).
So a user entry looks like this:
dn: uid=paul.tobias,ou=People,dc=example,dc=com
loginShell: /bin/bash
loginShell;bash4: /bin/bash4
And then on a server there is this line in sssd.conf:
ldap_user_shell = loginShell;bash4
And everybody is happy.
The problem is I have to remember to add the `loginShell` and `loginShell;bash4` attributes to all new users, otherwise the user cannot log in and not everybody is happy.
To achieve this I've added Class of Service to have defaults for both of those loginshell attributes like this:
dn: cn=user defaults cos,ou=people,dc=example,dc=com
costemplatedn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com
cosattribute: loginshell
cosattribute: loginshell;bash4 override
And the matching template:
dn: cn=cos template,cn=user defaults cos,ou=people,dc=example,dc=com
loginshell: /bin/bash
loginshell;bash4: /bin/bash4
After this I deleted both `loginShell` and `loginShell;bash4` attributes from the user entries. And this works well for the `loginshell` attribute, ldapsearch returns `loginShell: /bin/bash`, even if the user doesn't have `loginShell` at all, this is exactly what I want. But it doesn't work for the `loginshell;bash4` attribute, ldapsearch doesn't return `loginShell;bash4`, even if I try to query it directly. Is this a limitation of the implementation or am I doing something wrong?
Have a nice day,
Paul
[1] http://directory.fedoraproject.org/docs/389ds/howto/howto-classofservice....
[2] http://www.port389.org/docs/389ds/howto/howto-hostbasedattributes.html
7 years, 10 months
DNA Plugin Causes 389-DS to Crash if Large Number of Candidates
by Fong, Trevor
Hi Guys,
We’re running 389-ds 1.2.11.29-1.el6 and are experimenting with the DNA plugin. When trying to set an existing account’s uidNumber to the magic regen number of 99999, we get the error message in the errors log:
Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
And then DS becomes unresponsive.
Looking at the debug error logs, it seems that the number of candidates defined by the combination of dnaScope and dnaFilter is too large (1389387 ids) for the sort function? Is there a fix? Or is there some error in our setup?
Thanks,
Trev
Our setup is thus:
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: nsContainer
objectClass: nsSlapdPlugin
objectClass: top
cn: Distributed Numeric Assignment Plugin
nsslapd-pluginDescription: Distributed Numeric Assignment plugin
nsslapd-pluginEnabled: on
nsslapd-pluginId: Distributed Numeric Assignment
nsslapd-pluginInitfunc: dna_init
nsslapd-pluginPath: libdna-plugin
nsslapd-pluginType: bepreoperation
nsslapd-pluginVendor: 389 Project
nsslapd-pluginVersion: 1.2.11.29
nsslapd-plugin-depends-on-type: database
dn: cn=UID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=co
nfig
objectClass: extensibleObject
objectClass: top
cn: UID numbers
dnaFilter: (&(employeeNumber=*)(objectclass=posixAccount))
dnaMagicRegen: 99999
dnaNextValue: 10000002
dnaScope: ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com
dnaType: uidNumber
Error log:
[16/Jul/2015:15:31:05 -0700] - add_pb
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907e68, handle=8
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907d30, handle=8
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:05 -0700] - get_pb
[16/Jul/2015:15:31:05 -0700] - --> pagedresults_in_use
[16/Jul/2015:15:31:05 -0700] - <-- pagedresults_in_use: 0
[16/Jul/2015:15:31:05 -0700] - do_modify
[16/Jul/2015:15:31:05 -0700] - do_modify: dn (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - => get_ldapmessage_controls
[16/Jul/2015:15:31:05 -0700] - <= get_ldapmessage_controls no controls
[16/Jul/2015:15:31:05 -0700] - modifications:
[16/Jul/2015:15:31:05 -0700] -
replace: uidNumber
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403
[16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search
[16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0
[16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids
[16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk)
[16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry
[16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0::
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot
[16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr
[16/Jul/2015:15:31:05 -0700] - Calling plugin '7-bit check' #0 type 405
[16/Jul/2015:15:31:05 -0700] NS7bitAttr - MODIFY begin
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 405
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Auto Membership Plugin' #3 type 405
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_pre_op
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_get_sdn
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_get_sdn
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_dn_is_config
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_dn_is_config
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 405
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Linked Attributes' #7 type 405
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_pre_op
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_get_dn
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_get_dn
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_dn_is_config
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_dn_is_config
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Managed Entries' #8 type 405
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_pre_op
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_get_sdn
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_get_sdn
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_dn_is_config
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_dn_is_config
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_isrepl
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_isrepl
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403
[16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search
[16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0
[16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids
[16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk)
[16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry
[16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0::
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 405
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'PAM Pass Through Auth' #10 type 405
[16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - => pam_passthru_preop
[16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - <= pam_passthru_preop
[16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 1
[16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Distributed Numeric Assignment Plugin' #0 type 451
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_pre_op
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn
[16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn
[16/Jul/2015:15:31:05 -0700] - => entry_apply_mods
[16/Jul/2015:15:31:05 -0700] - uidNumber: 99999
[16/Jul/2015:15:31:05 -0700] - replace: uidNumber
[16/Jul/2015:15:31:05 -0700] - -
[16/Jul/2015:15:31:05 -0700] - modifiersname: cn=directory manager
[16/Jul/2015:15:31:05 -0700] - replace: modifiersname
[16/Jul/2015:15:31:05 -0700] - -
[16/Jul/2015:15:31:05 -0700] - modifytimestamp: 20150716223105Z
[16/Jul/2015:15:31:05 -0700] - replace: modifytimestamp
[16/Jul/2015:15:31:05 -0700] - -
[16/Jul/2015:15:31:05 -0700] - <= entry_apply_mods 0
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_is_config
[16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_is_config
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn
[16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn
[16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.2)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.8.5.1)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.20)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.14)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.9.5.2)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.319)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => compute_limits: sizelimit=-1, timelimit=-1
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403
[16/Jul/2015:15:31:06 -0700] account-usability-plugin - --> auc_pre_search
[16/Jul/2015:15:31:06 -0700] account-usability-plugin - <-- auc_pre_op
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'ACL preoperation' #2 type 403
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'deref' #4 type 403
[16/Jul/2015:15:31:06 -0700] deref-plugin - --> deref_pre_search
[16/Jul/2015:15:31:06 -0700] deref-plugin - <-- deref_pre_op
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.473)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 1 (FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.9)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => find_entry_internal (dn=ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0
[16/Jul/2015:15:31:06 -0700] - => dn2entry_ext "ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:06 -0700] - <= dn2entry_ext 283fc90
[16/Jul/2015:15:31:06 -0700] - <= find_entry_internal_dn found (ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:06 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa1
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa0
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => presence_candidates
[16/Jul/2015:15:31:06 -0700] - => index_read( "employeeNumber" + "" )
[16/Jul/2015:15:31:06 -0700] - indextype: "pres" indexmask: 0x3
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075
[16/Jul/2015:15:31:06 -0700] - idl_new_fetch + returns allids
[16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates
[16/Jul/2015:15:31:06 -0700] - <= presence_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => ava_candidates
[16/Jul/2015:15:31:06 -0700] - objectClass=posixAccount
[16/Jul/2015:15:31:06 -0700] - => keys2idl type objectClass indextype eq
[16/Jul/2015:15:31:06 -0700] - => index_read( "objectClass" = "posixaccount" )
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075
[16/Jul/2015:15:31:06 -0700] - idl_new_fetch =posixaccount returns allids
[16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates
[16/Jul/2015:15:31:06 -0700] - ival[0] = "posixaccount" => 1389387 IDs
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => range_candidates attr=uidNumber
[16/Jul/2015:15:31:06 -0700] - index_range_read lookthrough_limit=-1
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x1000
[16/Jul/2015:15:31:06 -0700] - <= index_range_read(uidNumber,=) 1389387 candidates (allids)
[16/Jul/2015:15:31:06 -0700] - <= range_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => ava_candidates
[16/Jul/2015:15:31:06 -0700] - objectclass=referral
[16/Jul/2015:15:31:06 -0700] - => keys2idl type objectclass indextype eq
[16/Jul/2015:15:31:06 -0700] - => index_read( "objectclass" = "referral" )
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2
[16/Jul/2015:15:31:06 -0700] - <= index_read 0 candidates
[16/Jul/2015:15:31:06 -0700] - ival[0] = "referral" => 0 IDs
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 0
[16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => index_read( "ancestorid" = "709968" )
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=208
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=416
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=624
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=814
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1021
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1228
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1435
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1629
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1836
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2043
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2250
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2444
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2651
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2858
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3065
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3259
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3466
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3673
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3880
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4074
[16/Jul/2015:15:31:06 -0700] - idl_new_fetch =709968 returns allids
[16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates
[16/Jul/2015:15:31:06 -0700] - candidate list has 1389387 ids
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - Asked to sort ALLIDS candidate list, refusing
[16/Jul/2015:15:31:06 -0700] - => send_ldap_result 12::Sort Response Control
[16/Jul/2015:15:31:06 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:06 -0700] - mapping tree release backend : userRoot
[16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: failed to allocate a new ID!!
[16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: operation failure [1]
[16/Jul/2015:15:31:06 -0700] - => send_ldap_result 1::Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
[16/Jul/2015:15:31:06 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:06 -0700] dna-plugin - <-- dna_pre_op
7 years, 10 months
Re: [389-users] DNA Plugin Causes 389-DS to Crash if Large Number of Candidates
by Fong, Trevor
BTW, we were able to artificially make it work by changing the dnaFilter to the emplid of our test user:
dnaFilter: (&(employeeNumber=12345)(objectclass=posixAccount))
Trev
From: Trevor Fong <trevor.fong(a)ubc.ca<mailto:trevor.fong@ubc.ca>>
Date: Thursday, July 16, 2015 at 4:47 PM
To: "389-users(a)lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>" <389-users(a)lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>>
Subject: DNA Plugin Causes 389-DS to Crash if Large Number of Candidates
Hi Guys,
We’re running 389-ds 1.2.11.29-1.el6 and are experimenting with the DNA plugin. When trying to set an existing account’s uidNumber to the magic regen number of 99999, we get the error message in the errors log:
Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
And then DS becomes unresponsive.
Looking at the debug error logs, it seems that the number of candidates defined by the combination of dnaScope and dnaFilter is too large (1389387 ids) for the sort function? Is there a fix? Or is there some error in our setup?
Thanks,
Trev
Our setup is thus:
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: nsContainer
objectClass: nsSlapdPlugin
objectClass: top
cn: Distributed Numeric Assignment Plugin
nsslapd-pluginDescription: Distributed Numeric Assignment plugin
nsslapd-pluginEnabled: on
nsslapd-pluginId: Distributed Numeric Assignment
nsslapd-pluginInitfunc: dna_init
nsslapd-pluginPath: libdna-plugin
nsslapd-pluginType: bepreoperation
nsslapd-pluginVendor: 389 Project
nsslapd-pluginVersion: 1.2.11.29
nsslapd-plugin-depends-on-type: database
dn: cn=UID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=co
nfig
objectClass: extensibleObject
objectClass: top
cn: UID numbers
dnaFilter: (&(employeeNumber=*)(objectclass=posixAccount))
dnaMagicRegen: 99999
dnaNextValue: 10000002
dnaScope: ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com
dnaType: uidNumber
Error log:
[16/Jul/2015:15:31:05 -0700] - add_pb
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907e68, handle=8
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x2907d30, handle=8
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:05 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:05 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:05 -0700] - get_pb
[16/Jul/2015:15:31:05 -0700] - --> pagedresults_in_use
[16/Jul/2015:15:31:05 -0700] - <-- pagedresults_in_use: 0
[16/Jul/2015:15:31:05 -0700] - do_modify
[16/Jul/2015:15:31:05 -0700] - do_modify: dn (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - => get_ldapmessage_controls
[16/Jul/2015:15:31:05 -0700] - <= get_ldapmessage_controls no controls
[16/Jul/2015:15:31:05 -0700] - modifications:
[16/Jul/2015:15:31:05 -0700] -
replace: uidNumber
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403
[16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search
[16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0
[16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids
[16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk)
[16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry
[16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0::
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot
[16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr
[16/Jul/2015:15:31:05 -0700] - Calling plugin '7-bit check' #0 type 405
[16/Jul/2015:15:31:05 -0700] NS7bitAttr - MODIFY begin
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 405
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Auto Membership Plugin' #3 type 405
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_pre_op
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_get_sdn
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_get_sdn
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - --> automember_dn_is_config
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_dn_is_config
[16/Jul/2015:15:31:05 -0700] auto-membership-plugin - <-- automember_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 405
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Linked Attributes' #7 type 405
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_pre_op
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_get_dn
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_get_dn
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - --> linked_attrs_dn_is_config
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_dn_is_config
[16/Jul/2015:15:31:05 -0700] linkedattrs-plugin - <-- linked_attrs_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Managed Entries' #8 type 405
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_pre_op
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_get_sdn
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_get_sdn
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_dn_is_config
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_dn_is_config
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - --> mep_isrepl
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_isrepl
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NO CONTROLS)
[16/Jul/2015:15:31:05 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => compute_limits: sizelimit=-1, timelimit=-1
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - --> auc_pre_search
[16/Jul/2015:15:31:05 -0700] account-usability-plugin - <-- auc_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'ACL preoperation' #2 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 403
[16/Jul/2015:15:31:05 -0700] deref-plugin - --> deref_pre_search
[16/Jul/2015:15:31:05 -0700] deref-plugin - <-- deref_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403
[16/Jul/2015:15:31:05 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:05 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0
[16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:05 -0700] - candidate list has 1 ids
[16/Jul/2015:15:31:05 -0700] id2entry - => id2entry(1323368)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry 7f451805aca0, dn "uid=myacct,ou=people,ou=idm,dc=dev,dc=example,dc=com" (cache)
[16/Jul/2015:15:31:05 -0700] id2entry - <= id2entry( 1323368 ) 7f451805aca0 (disk)
[16/Jul/2015:15:31:05 -0700] - => send_ldap_search_entry (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Account Usability Plugin' #1 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'deref' #4 type 410
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 410
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_search_entry
[16/Jul/2015:15:31:05 -0700] - => send_ldap_result 0::
[16/Jul/2015:15:31:05 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:05 -0700] - mapping tree release backend : userRoot
[16/Jul/2015:15:31:05 -0700] managed-entries-plugin - <-- mep_pre_op
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 405
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'PAM Pass Through Auth' #10 type 405
[16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - => pam_passthru_preop
[16/Jul/2015:15:31:05 -0700] pam_passthru-plugin - <= pam_passthru_preop
[16/Jul/2015:15:31:05 -0700] - => find_entry_internal (dn=uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 1
[16/Jul/2015:15:31:05 -0700] - => dn2entry_ext "uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:05 -0700] - <= dn2entry_ext 7f451805aca0
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal_dn found (uid=myacct,ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:05 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:05 -0700] - Calling plugin 'Distributed Numeric Assignment Plugin' #0 type 451
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_pre_op
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn
[16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn
[16/Jul/2015:15:31:05 -0700] - => entry_apply_mods
[16/Jul/2015:15:31:05 -0700] - uidNumber: 99999
[16/Jul/2015:15:31:05 -0700] - replace: uidNumber
[16/Jul/2015:15:31:05 -0700] - -
[16/Jul/2015:15:31:05 -0700] - modifiersname: cn=directory manager
[16/Jul/2015:15:31:05 -0700] - replace: modifiersname
[16/Jul/2015:15:31:05 -0700] - -
[16/Jul/2015:15:31:05 -0700] - modifytimestamp: 20150716223105Z
[16/Jul/2015:15:31:05 -0700] - replace: modifytimestamp
[16/Jul/2015:15:31:05 -0700] - -
[16/Jul/2015:15:31:05 -0700] - <= entry_apply_mods 0
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_is_config
[16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_is_config
[16/Jul/2015:15:31:05 -0700] dna-plugin - --> dna_get_dn
[16/Jul/2015:15:31:05 -0700] dna-plugin - <-- dna_get_dn
[16/Jul/2015:15:31:05 -0700] - modify_update_last_modified_attr
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.2)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:05 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.8.5.1)
[16/Jul/2015:15:31:05 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.20)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:06 -0700] - --> pagedresults_is_timedout
[16/Jul/2015:15:31:06 -0700] - <-- pagedresults_is_timedout: -
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.14)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.9.5.2)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.319)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - mapping tree selected backend : userRoot
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=6
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=5
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => compute_limits: sizelimit=-1, timelimit=-1
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'Account Usability Plugin' #1 type 403
[16/Jul/2015:15:31:06 -0700] account-usability-plugin - --> auc_pre_search
[16/Jul/2015:15:31:06 -0700] account-usability-plugin - <-- auc_pre_op
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'ACL preoperation' #2 type 403
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'deref' #4 type 403
[16/Jul/2015:15:31:06 -0700] deref-plugin - --> deref_pre_search
[16/Jul/2015:15:31:06 -0700] deref-plugin - <-- deref_pre_op
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'Legacy replication preoperation plugin' #6 type 403
[16/Jul/2015:15:31:06 -0700] - Calling plugin 'Multimaster replication preoperation plugin' #9 type 403
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 1.2.840.113556.1.4.473)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 1 (FOUND)
[16/Jul/2015:15:31:06 -0700] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.9)
[16/Jul/2015:15:31:06 -0700] - <= slapi_control_present 0 (NOT FOUND)
[16/Jul/2015:15:31:06 -0700] - => find_entry_internal (dn=ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com) lock 0
[16/Jul/2015:15:31:06 -0700] - => dn2entry_ext "ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com"
[16/Jul/2015:15:31:06 -0700] - <= dn2entry_ext 283fc90
[16/Jul/2015:15:31:06 -0700] - <= find_entry_internal_dn found (ou=PEOPLE,ou=IDM,dc=dev,dc=example,dc=com)
[16/Jul/2015:15:31:06 -0700] - <= find_entry_internal
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa1
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => list_candidates 0xa0
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => presence_candidates
[16/Jul/2015:15:31:06 -0700] - => index_read( "employeeNumber" + "" )
[16/Jul/2015:15:31:06 -0700] - indextype: "pres" indexmask: 0x3
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075
[16/Jul/2015:15:31:06 -0700] - idl_new_fetch + returns allids
[16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates
[16/Jul/2015:15:31:06 -0700] - <= presence_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => ava_candidates
[16/Jul/2015:15:31:06 -0700] - objectClass=posixAccount
[16/Jul/2015:15:31:06 -0700] - => keys2idl type objectClass indextype eq
[16/Jul/2015:15:31:06 -0700] - => index_read( "objectClass" = "posixaccount" )
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=207
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=414
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=621
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=815
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1022
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1229
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1436
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1630
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1837
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2044
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2251
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2445
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2652
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2859
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3066
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3260
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3467
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3674
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3881
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4075
[16/Jul/2015:15:31:06 -0700] - idl_new_fetch =posixaccount returns allids
[16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates
[16/Jul/2015:15:31:06 -0700] - ival[0] = "posixaccount" => 1389387 IDs
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => range_candidates attr=uidNumber
[16/Jul/2015:15:31:06 -0700] - index_range_read lookthrough_limit=-1
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x1000
[16/Jul/2015:15:31:06 -0700] - <= index_range_read(uidNumber,=) 1389387 candidates (allids)
[16/Jul/2015:15:31:06 -0700] - <= range_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => filter_candidates
[16/Jul/2015:15:31:06 -0700] - => ava_candidates
[16/Jul/2015:15:31:06 -0700] - objectclass=referral
[16/Jul/2015:15:31:06 -0700] - => keys2idl type objectclass indextype eq
[16/Jul/2015:15:31:06 -0700] - => index_read( "objectclass" = "referral" )
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2
[16/Jul/2015:15:31:06 -0700] - <= index_read 0 candidates
[16/Jul/2015:15:31:06 -0700] - ival[0] = "referral" => 0 IDs
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 0
[16/Jul/2015:15:31:06 -0700] - <= list_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - <= filter_candidates 1389387
[16/Jul/2015:15:31:06 -0700] - => index_read( "ancestorid" = "709968" )
[16/Jul/2015:15:31:06 -0700] - indextype: "eq" indexmask: 0x2
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=208
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=416
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=624
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=814
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1021
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1228
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1435
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1629
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=1836
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2043
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2250
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2444
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2651
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=2858
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3065
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3259
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3466
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3673
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=3880
[16/Jul/2015:15:31:06 -0700] - bulk fetch buffer nids=4074
[16/Jul/2015:15:31:06 -0700] - idl_new_fetch =709968 returns allids
[16/Jul/2015:15:31:06 -0700] - <= index_read 1389387 candidates
[16/Jul/2015:15:31:06 -0700] - candidate list has 1389387 ids
[16/Jul/2015:15:31:06 -0700] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[16/Jul/2015:15:31:06 -0700] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[16/Jul/2015:15:31:06 -0700] - Asked to sort ALLIDS candidate list, refusing
[16/Jul/2015:15:31:06 -0700] - => send_ldap_result 12::Sort Response Control
[16/Jul/2015:15:31:06 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:06 -0700] - mapping tree release backend : userRoot
[16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: failed to allocate a new ID!!
[16/Jul/2015:15:31:06 -0700] dna-plugin - dna_pre_op: operation failure [1]
[16/Jul/2015:15:31:06 -0700] - => send_ldap_result 1::Allocation of a new value for range cn=uid numbers,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
[16/Jul/2015:15:31:06 -0700] - <= send_ldap_result
[16/Jul/2015:15:31:06 -0700] dna-plugin - <-- dna_pre_op
7 years, 10 months
389-ds access.log parsing - turning LDAP request type into an audit event
by Burn Alting
Has anyone authored code to parse a 389 Directory Server's access.log
file(s) with an aim of generating audit events based around the LDAP
request type. Basically, take the log sequence
[21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608 connection from
207.1.153.51 to 192.18.122.139
[21/Apr/2007:11:39:51 -0700] conn=11 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[21/Apr/2007:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97
nentries=0 etime=0
[21/Apr/2007:11:39:51 -0700] conn=11 op=1 SRCH
base="dc=example,dc=com" scope=2 filter="(uid=bjensen)"
[21/Apr/2007:11:39:51 -0700] conn=11 op=1 RESULT err=0 tag=101
nentries=1 etime=1000 notes=U
[21/Apr/2007:11:39:51 -0700] conn=11 op=2 UNBIND
[21/Apr/2007:11:39:51 -0700] conn=11 op=2 fd=608 closed - U1
And turn this into an audit event with
a date/time (21/Apr/2007:11:39:51 -0700), a client location
(207.1.153.51), server location (192.18.122.139), a user (cn=Directory
Manager), an event (SRCH) and event metadata of (query -
base="dc=example,dc=com" scope=2 filter="(uid=bjensen)", result set size
- 1, timetaken = 1000 sec, etc)
The logconv.pl script seems to do all sorts of analysis, but no event
representation.
Thanks in advance
7 years, 10 months
Netscape Portable Runtime error after adding temporary certs
by Troy Axthelm
I am running into an issue with adding temporary trusted certs to 389 directory server running on redhat 6.6.
I have been following this guide step by step to install self-signed certs: https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
After generating the certs using certutil, and adding them as trusted certs in 389, I check the enable ssl checkbox in the 389 directory console.
I continue to follow the next steps until I reset the dirsrv service. The dirsrv service will not restart. Error message (notice I changed the secure port to 1636 this time but get same results leaving it as 636):
[10/Jul/2015:08:35:23 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[10/Jul/2015:08:38:58 -0600] - The change of nsslapd-secureport will not take effect until the server is restarted
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - signaling operation threads
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - waiting for 27 threads to terminate
[10/Jul/2015:08:39:49 -0600] - slapd shutting down - closing down internal subsystems and plugins
[10/Jul/2015:08:39:49 -0600] - Waiting for 4 database threads to stop
[10/Jul/2015:08:39:49 -0600] - All database threads now stopped
[10/Jul/2015:08:39:49 -0600] - slapd stopped.
[10/Jul/2015:08:39:52 -0600] createprlistensockets - PR_Bind() on All Interfaces port 1636 failed: Netscape Portable Runtime error -5966 (Access Denied.)
Do any of you have any ideas of what is causing this issue or what I may be doing wrong? If you need more information please do not hesitate to ask.
-Troy
7 years, 11 months