Project

General

Profile

Actions
Copy link

Bug #421

closed

nslcd service has stopped working

Added by Pierre-Louis Bonicoli over 9 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Pierre-Louis Bonicoli
Category:
Service :: IS / AAA / PKI
Start date:
2014-12-26
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
Entity:
DuckCorp
Security:
No
Help Needed:

Description

Apache LDAP authentication didn't work and /var/log/syslog contained:

Dec 26 14:15:54 toushirou nslcd[17714]: [025182] <passwd="*"> request denied by validnames option
Dec 26 14:15:54 toushirou nslcd[17714]: [882a3f] <passwd="*"> request denied by validnames option
Dec 26 14:15:55 toushirou nslcd[17714]: [f69ceb] <passwd="*"> request denied by validnames option
Dec 26 14:15:55 toushirou nslcd[17714]: [2e9ade] <passwd="*"> request denied by validnames option

Slapd was working.
/etc/init.d/nslcd restart fixed the problem.

May be related to debian bug #753904.

Actions
Copy link
 #1

Updated by Pierre-Louis Bonicoli over 9 years ago

Encounter again.

Apache LDAP module mod_ldap could be the culprit.

LDAPLibraryDebug 7 has been added to /etc/apache2/mods-enabled/ldap.conf and apache has been restarted.

Actions
Copy link
 #2

Updated by Pierre-Louis Bonicoli over 9 years ago

It seems that mod_ldap is the culprit. LDAPConnectionPoolTTL 60 has been added to the configuration file (see https://issues.apache.org/bugzilla/show_bug.cgi?id=57203#c6).

first

[Sat Dec 27 16:25:21.258406 2014] [auth_basic:error] [pid 12151] [client 79.88.186.207:42973] AH01618: user gorou not found: /duck/gorou_verard/public/admin/bois/1572/bois_variantes/1804/bois_representation_images, referer: http://perso.duckcorp.org/duck/gorou_verard/public/admin/bois/1572/bois_variantes/1804/bois_representation_images/5873
[Sat Dec 27 16:25:24.708652 2014] [auth_basic:error] [pid 12151] [client 79.88.186.207:42973] AH01618: user gorou not found: /duck/gorou_verard/public/admin/bois/1572/bois_variantes/1804/bois_representation_images, referer: http://perso.duckcorp.org/duck/gorou_verard/public/admin/bois/1572/bois_variantes/1804/bois_representation_images/5873

** ld 0x7f74a184de70 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f74a184de70 request count 1 (abandoned 0)
** ld 0x7f74a184de70 Response Queue:
   Empty
  ld 0x7f74a184de70 response count 0
ldap_chkResponseList ld 0x7f74a184de70 msgid 1 all 0
ldap_chkResponseList returns ld 0x7f74a184de70 NULL
ldap_int_select
read1msg: ld 0x7f74a184de70 msgid 1 all 0
read1msg: ld 0x7f74a184de70 msgid 1 message type bind
read1msg: ld 0x7f74a184de70 0 new referrals
read1msg:  mark request completed, ld 0x7f74a184de70 msgid 1
request done: ld 0x7f74a184de70 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_search_ext
put_filter: "(&(objectClass=primaryAccount)(uid=damien))" 
put_filter: AND
put_filter_list "(objectClass=primaryAccount)(uid=damien)" 
put_filter: "(objectClass=primaryAccount)" 
put_filter: simple
put_simple_filter: "objectClass=primaryAccount" 
put_filter: "(uid=damien)" 
put_filter: simple
put_simple_filter: "uid=damien" 
ldap_build_search_req ATTRS: uid mail cn
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f74a184de70 msgid 2
wait4msg ld 0x7f74a184de70 msgid 2 (timeout 60000000 usec)
wait4msg continue ld 0x7f74a184de70 msgid 2 all 1
** ld 0x7f74a184de70 Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sat Dec 27 16:24:18 2014

** ld 0x7f74a184de70 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f74a184de70 request count 1 (abandoned 0)
** ld 0x7f74a184de70 Response Queue:
   Empty
  ld 0x7f74a184de70 response count 0
ldap_chkResponseList ld 0x7f74a184de70 msgid 3 all 0
ldap_chkResponseList returns ld 0x7f74a184de70 NULL
ldap_int_select
read1msg: ld 0x7f74a184de70 msgid 3 all 0
read1msg: ld 0x7f74a184de70 msgid 3 message type bind
read1msg: ld 0x7f74a184de70 0 new referrals
read1msg:  mark request completed, ld 0x7f74a184de70 msgid 3
request done: ld 0x7f74a184de70 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ldap_msgfree
ldap_get_values
ldap_get_values
ldap_get_values
ldap_msgfree
ldap_search_ext
put_filter: "(&(objectClass=baseAccount)(uid=gorou))" 
put_filter: AND
put_filter_list "(objectClass=baseAccount)(uid=gorou)" 
put_filter: "(objectClass=baseAccount)" 
put_filter: simple
put_simple_filter: "objectClass=baseAccount" 
put_filter: "(uid=gorou)" 
put_filter: simple
put_simple_filter: "uid=gorou" 
ldap_build_search_req ATTRS: uid
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f74a184de70 msgid 4
wait4msg ld 0x7f74a184de70 msgid 4 (timeout 60000000 usec)
wait4msg continue ld 0x7f74a184de70 msgid 4 all 1
** ld 0x7f74a184de70 Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sat Dec 27 16:25:21 2014

second

[Tue Dec 30 02:03:59.673857 2014] [auth_basic:error] [pid 2243] [client 79.88.186.207:57578] AH01618: user gorou not found: /duck/gorou_verard/public/admin/bois, referer: http://perso.duckcorp.org/duck/gorou_verard/public/admin/bois/1351
[Tue Dec 30 02:04:01.528648 2014] [auth_basic:error] [pid 2243] [client 79.88.186.207:57578] AH01618: user gorou not found: /duck/gorou_verard/public/admin/bois, referer: http://perso.duckcorp.org/duck/gorou_verard/public/admin/bois/1351

* ld 0x7f74a1b9ea20 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f74a1b9ea20 request count 1 (abandoned 0)
** ld 0x7f74a1b9ea20 Response Queue:
   Empty
  ld 0x7f74a1b9ea20 response count 0
ldap_chkResponseList ld 0x7f74a1b9ea20 msgid 1 all 0
ldap_chkResponseList returns ld 0x7f74a1b9ea20 NULL
ldap_int_select
read1msg: ld 0x7f74a1b9ea20 msgid 1 all 0
read1msg: ld 0x7f74a1b9ea20 msgid 1 message type bind
read1msg: ld 0x7f74a1b9ea20 0 new referrals
read1msg:  mark request completed, ld 0x7f74a1b9ea20 msgid 1
request done: ld 0x7f74a1b9ea20 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_search_ext
put_filter: "(&(objectClass=primaryAccount)(uid=damien))" 
put_filter: AND
put_filter_list "(objectClass=primaryAccount)(uid=damien)" 
put_filter: "(objectClass=primaryAccount)" 
put_filter: simple
put_simple_filter: "objectClass=primaryAccount" 
put_filter: "(uid=damien)" 
put_filter: simple
put_simple_filter: "uid=damien" 
ldap_build_search_req ATTRS: uid mail cn
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f74a1b9ea20 msgid 2
wait4msg ld 0x7f74a1b9ea20 msgid 2 (timeout 60000000 usec)
wait4msg continue ld 0x7f74a1b9ea20 msgid 2 all 1
** ld 0x7f74a1b9ea20 Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Dec 30 02:03:31 2014

** ld 0x7f74a1b9ea20 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f74a1b9ea20 request count 1 (abandoned 0)
** ld 0x7f74a1b9ea20 Response Queue:
   Empty
  ld 0x7f74a1b9ea20 response count 0
ldap_chkResponseList ld 0x7f74a1b9ea20 msgid 3 all 0
ldap_chkResponseList returns ld 0x7f74a1b9ea20 NULL
ldap_int_select
read1msg: ld 0x7f74a1b9ea20 msgid 3 all 0
read1msg: ld 0x7f74a1b9ea20 msgid 3 message type bind
read1msg: ld 0x7f74a1b9ea20 0 new referrals
read1msg:  mark request completed, ld 0x7f74a1b9ea20 msgid 3
request done: ld 0x7f74a1b9ea20 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ldap_msgfree
ldap_get_values
ldap_get_values
ldap_get_values
ldap_msgfree
ldap_search_ext
put_filter: "(&(objectClass=baseAccount)(uid=gorou))" 
put_filter: AND
put_filter_list "(objectClass=baseAccount)(uid=gorou)" 
put_filter: "(objectClass=baseAccount)" 
put_filter: simple
put_simple_filter: "objectClass=baseAccount" 
put_filter: "(uid=gorou)" 
put_filter: simple
put_simple_filter: "uid=gorou" 
ldap_build_search_req ATTRS: uid
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f74a10b37b0 msgid 4
wait4msg ld 0x7f74a10b37b0 msgid 4 (timeout 60000000 usec)
wait4msg continue ld 0x7f74a10b37b0 msgid 4 all 1
** ld 0x7f74a10b37b0 Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Dec 30 02:03:59 2014
Actions
Copy link
 #3

Updated by Pierre-Louis Bonicoli about 9 years ago

  • Status changed from New to Resolved
  • Assignee set to Pierre-Louis Bonicoli
  • % Done changed from 0 to 100
  • Confirmed changed from No to Yes
  • Security set to No

LDAPConnectionPoolTTL 60 in /etc/apache2/mods-enabled/ldap.conf is an effective workaround.

Actions:

  1. LDAPLibraryDebug 7 removed from /etc/apache2/mods-enabled/ldap.conf
  2. apache restarted
Actions
Copy link
 #4

Updated by Marc Dequènes about 4 years ago

  • Category set to Service :: IS / AAA / PKI
Actions
Copy link

Also available in: Atom PDF