'SSL certificate install'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    SSL certificate install
From:       Jean-Luc Chandezon <jlch () lan-explore ! fr>
Date:       2023-12-13 7:51:48
Message-ID: PA4PR05MB7808E67959D07D497BAB49F9FA8DA () PA4PR05MB7808 ! eurprd05 ! prod ! outlook ! com
[Download RAW message or body]

Hello dear community,

I'm trying to enable LDAPS. I don't understanrd what is cause error. Is anybody have \
an idea please? OpenLDAP is 2.5.13, on Debian 12.
Here is our certificate chain definition:

dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/LEXP_Infra_CA1.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/annuaire.lexp.fr.key
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/annuaire.lexp.fr.pem
-


Request is:
root@bea-chicago:/etc# ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/01-SSL.ldif

Result:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)


Here are slapd logs:

cago slapd[63531]: daemon: activity on 1 descriptor
2023-12-13T08:30:42.094605+01:00 bea-chicago slapd[63531]: daemon: activity on:
2023-12-13T08:30:42.094773+01:00 bea-chicago slapd[63531]:
2023-12-13T08:30:42.094922+01:00 bea-chicago slapd[63531]: \
slap_listener_activate(10): 2023-12-13T08:30:42.095070+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=8 active_threads=0 tvp=zero \
2023-12-13T08:30:42.095216+01:00 bea-chicago slapd[63531]: daemon: epoll: listen=9 \
active_threads=0 tvp=zero 2023-12-13T08:30:42.095352+01:00 bea-chicago slapd[63531]: \
daemon: epoll: listen=10 busy 2023-12-13T08:30:42.095489+01:00 bea-chicago \
slapd[63531]: >>> slap_listener(ldapi:///) 2023-12-13T08:30:42.095658+01:00 \
bea-chicago slapd[63531]: daemon: accept() = 12 2023-12-13T08:30:42.095790+01:00 \
bea-chicago slapd[63531]: daemon: listen=10, new connection on 12 \
2023-12-13T08:30:42.095927+01:00 bea-chicago slapd[63531]: daemon: activity on 1 \
descriptor 2023-12-13T08:30:42.096046+01:00 bea-chicago slapd[63531]: daemon: \
activity on: 2023-12-13T08:30:42.096165+01:00 bea-chicago slapd[63531]:
2023-12-13T08:30:42.096284+01:00 bea-chicago slapd[63531]: daemon: epoll: listen=8 \
active_threads=0 tvp=zero 2023-12-13T08:30:42.096424+01:00 bea-chicago slapd[63531]: \
daemon: epoll: listen=9 active_threads=0 tvp=zero 2023-12-13T08:30:42.096545+01:00 \
bea-chicago slapd[63531]: daemon: epoll: listen=10 active_threads=0 tvp=zero \
2023-12-13T08:30:42.096701+01:00 bea-chicago slapd[63531]: daemon: added 12r (active) \
listener=(nil) 2023-12-13T08:30:42.096832+01:00 bea-chicago slapd[63531]: daemon: \
activity on 1 descriptor 2023-12-13T08:30:42.096981+01:00 bea-chicago slapd[63531]: \
daemon: activity on: 2023-12-13T08:30:42.097099+01:00 bea-chicago slapd[63531]:  12r
2023-12-13T08:30:42.097227+01:00 bea-chicago slapd[63531]:
2023-12-13T08:30:42.097335+01:00 bea-chicago slapd[63531]: daemon: read active on 12
2023-12-13T08:30:42.097503+01:00 bea-chicago slapd[63531]: conn=1001 fd=12 ACCEPT \
from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) \
2023-12-13T08:30:42.097727+01:00 bea-chicago slapd[63531]: daemon: epoll: listen=8 \
active_threads=0 tvp=zero 2023-12-13T08:30:42.097845+01:00 bea-chicago slapd[63531]: \
daemon: epoll: listen=9 active_threads=0 tvp=zero 2023-12-13T08:30:42.098084+01:00 \
bea-chicago slapd[63531]: daemon: epoll: listen=10 active_threads=0 tvp=zero \
2023-12-13T08:30:42.098282+01:00 bea-chicago slapd[63531]: daemon: activity on 1 \
descriptor 2023-12-13T08:30:42.098501+01:00 bea-chicago slapd[63531]: daemon: \
activity on: 2023-12-13T08:30:42.098688+01:00 bea-chicago slapd[63531]:
2023-12-13T08:30:42.098848+01:00 bea-chicago slapd[63531]: daemon: epoll: listen=8 \
active_threads=0 tvp=zero 2023-12-13T08:30:42.099006+01:00 bea-chicago slapd[63531]: \
daemon: epoll: listen=9 active_threads=0 tvp=zero 2023-12-13T08:30:42.099205+01:00 \
bea-chicago slapd[63531]: daemon: epoll: listen=10 active_threads=0 tvp=zero \
2023-12-13T08:30:42.099396+01:00 bea-chicago slapd[63531]: connection_get(12) \
2023-12-13T08:30:42.099620+01:00 bea-chicago slapd[63531]: connection_get(12): got \
connid=1001 2023-12-13T08:30:42.099824+01:00 bea-chicago slapd[63531]: \
connection_read(12): checking for input on id=1001 2023-12-13T08:30:42.100038+01:00 \
bea-chicago slapd[63531]: op tag 0x60, time 1702452642 \
2023-12-13T08:30:42.100268+01:00 bea-chicago slapd[63531]: conn=1001 op=0 do_bind \
2023-12-13T08:30:42.100499+01:00 bea-chicago slapd[63531]: daemon: activity on 1 \
descriptor 2023-12-13T08:30:42.100687+01:00 bea-chicago slapd[63531]: daemon: \
activity on: 2023-12-13T08:30:42.100882+01:00 bea-chicago slapd[63531]:
2023-12-13T08:30:42.101076+01:00 bea-chicago slapd[63531]: daemon: epoll: listen=8 \
active_threads=0 tvp=zero 2023-12-13T08:30:42.101292+01:00 bea-chicago slapd[63531]: \
daemon: epoll: listen=9 active_threads=0 tvp=zero 2023-12-13T08:30:42.101503+01:00 \
bea-chicago slapd[63531]: daemon: epoll: listen=10 active_threads=0 tvp=zero \
2023-12-13T08:30:42.101781+01:00 bea-chicago slapd[63531]: >>> dnPrettyNormal: <> \
2023-12-13T08:30:42.102002+01:00 bea-chicago slapd[63531]: <<< dnPrettyNormal: <>, <> \
2023-12-13T08:30:42.102205+01:00 bea-chicago slapd[63531]: conn=1001 op=0 BIND dn="" \
method=163 2023-12-13T08:30:42.102431+01:00 bea-chicago slapd[63531]: do_bind: dn () \
SASL mech EXTERNAL 2023-12-13T08:30:42.102525+01:00 bea-chicago slapd[63531]: ==> \
sasl_bind: dn="" mech=EXTERNAL datalen=0 2023-12-13T08:30:42.102620+01:00 bea-chicago \
slapd[63531]: SASL Canonicalize [conn=1001]: \
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
2023-12-13T08:30:42.102709+01:00 bea-chicago slapd[63531]: slap_sasl_getdn: conn 1001 \
id=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth [len=55] \
2023-12-13T08:30:42.102817+01:00 bea-chicago slapd[63531]: ==>slap_sasl2dn: \
converting SASL name gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN \
2023-12-13T08:30:42.102908+01:00 bea-chicago slapd[63531]: <==slap_sasl2dn: Converted \
SASL name to <nothing> 2023-12-13T08:30:42.103004+01:00 bea-chicago slapd[63531]: \
SASL Canonicalize [conn=1001]: \
slapAuthcDN="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
2023-12-13T08:30:42.103121+01:00 bea-chicago slapd[63531]: SASL proxy authorize \
[conn=1001]: authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
2023-12-13T08:30:42.103220+01:00 bea-chicago slapd[63531]: conn=1001 op=0 BIND \
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
2023-12-13T08:30:42.103322+01:00 bea-chicago slapd[63531]: SASL Authorize \
[conn=1001]:  proxy authorization allowed authzDN="" 2023-12-13T08:30:42.103421+01:00 \
bea-chicago slapd[63531]: send_ldap_sasl: err=0 len=-1 \
2023-12-13T08:30:42.103527+01:00 bea-chicago slapd[63531]: conn=1001 op=0 BIND \
dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 \
ssf=71 2023-12-13T08:30:42.103619+01:00 bea-chicago slapd[63531]: do_bind: \
SASL/EXTERNAL bind: dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
bind_ssf=0 2023-12-13T08:30:42.103713+01:00 bea-chicago slapd[63531]: \
send_ldap_response: msgid=1 tag=97 err=0 2023-12-13T08:30:42.103804+01:00 bea-chicago \
slapd[63531]: conn=1001 op=0 RESULT tag=97 err=0 qtime=0.000061 etime=0.000517 text= \
2023-12-13T08:30:42.103913+01:00 bea-chicago slapd[63531]: <== slap_sasl_bind: rc=0 \
2023-12-13T08:30:42.104010+01:00 bea-chicago slapd[63531]: daemon: activity on 1 \
descriptor 2023-12-13T08:30:42.104102+01:00 bea-chicago slapd[63531]: daemon: \
activity on: 2023-12-13T08:30:42.104185+01:00 bea-chicago slapd[63531]:  12r
2023-12-13T08:30:42.104268+01:00 bea-chicago slapd[63531]:
2023-12-13T08:30:42.104352+01:00 bea-chicago slapd[63531]: daemon: read active on 12
2023-12-13T08:30:42.104435+01:00 bea-chicago slapd[63531]: daemon: epoll: listen=8 \
active_threads=0 tvp=zero 2023-12-13T08:30:42.104518+01:00 bea-chicago slapd[63531]: \
daemon: epoll: listen=9 active_threads=0 tvp=zero 2023-12-13T08:30:42.104600+01:00 \
bea-chicago slapd[63531]: daemon: epoll: listen=10 active_threads=0 tvp=zero \
2023-12-13T08:30:42.104683+01:00 bea-chicago slapd[63531]: connection_get(12) \
2023-12-13T08:30:42.104766+01:00 bea-chicago slapd[63531]: connection_get(12): got \
connid=1001 2023-12-13T08:30:42.104851+01:00 bea-chicago slapd[63531]: \
connection_read(12): checking for input on id=1001 2023-12-13T08:30:42.104941+01:00 \
bea-chicago slapd[63531]: op tag 0x66, time 1702452642 \
2023-12-13T08:30:42.105037+01:00 bea-chicago slapd[63531]: conn=1001 op=1 do_modify \
2023-12-13T08:30:42.105129+01:00 bea-chicago slapd[63531]: conn=1001 op=1 do_modify: \
dn (cn=config) 2023-12-13T08:30:42.105223+01:00 bea-chicago slapd[63531]: >>> \
dnPrettyNormal: <cn=config> 2023-12-13T08:30:42.105316+01:00 bea-chicago \
slapd[63531]: daemon: activity on 1 descriptor 2023-12-13T08:30:42.105401+01:00 \
bea-chicago slapd[63531]: daemon: activity on: 2023-12-13T08:30:42.105486+01:00 \
bea-chicago slapd[63531]: 2023-12-13T08:30:42.105587+01:00 bea-chicago slapd[63531]: \
<<< dnPrettyNormal: <cn=config>, <cn=config> 2023-12-13T08:30:42.105675+01:00 \
bea-chicago slapd[63531]: conn=1001 op=1 modifications: \
2023-12-13T08:30:42.105770+01:00 bea-chicago slapd[63531]: #011add: \
olcTLSCACertificateFile 2023-12-13T08:30:42.105862+01:00 bea-chicago slapd[63531]: \
#011#011one value, length 33 2023-12-13T08:30:42.105951+01:00 bea-chicago \
slapd[63531]: #011add: olcTLSCertificateKeyFile 2023-12-13T08:30:42.106034+01:00 \
bea-chicago slapd[63531]: #011#011one value, length 37 \
2023-12-13T08:30:42.106124+01:00 bea-chicago slapd[63531]: #011add: \
olcTLSCertificateFile 2023-12-13T08:30:42.106219+01:00 bea-chicago slapd[63531]: \
daemon: epoll: listen=8 active_threads=0 tvp=zero 2023-12-13T08:30:42.106303+01:00 \
bea-chicago slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero \
2023-12-13T08:30:42.106387+01:00 bea-chicago slapd[63531]: daemon: epoll: listen=10 \
active_threads=0 tvp=zero 2023-12-13T08:30:42.106469+01:00 bea-chicago slapd[63531]: \
#011#011one value, length 35 2023-12-13T08:30:42.106557+01:00 bea-chicago \
slapd[63531]: conn=1001 op=1 MOD dn="cn=config" 2023-12-13T08:30:42.106644+01:00 \
bea-chicago slapd[63531]: conn=1001 op=1 MOD attr=olcTLSCACertificateFile \
olcTLSCertificateKeyFile olcTLSCertificateFile 2023-12-13T08:30:42.106737+01:00 \
bea-chicago slapd[63531]: => access_allowed: result not in cache \
(olcTLSCACertificateFile) 2023-12-13T08:30:42.106823+01:00 bea-chicago slapd[63531]: \
=> access_allowed: add access to "cn=config" "olcTLSCACertificateFile" requested \
2023-12-13T08:30:42.106918+01:00 bea-chicago slapd[63531]: => acl_get: [1] attr \
olcTLSCACertificateFile 2023-12-13T08:30:42.107007+01:00 bea-chicago slapd[63531]: => \
acl_mask: access to entry "cn=config", attr "olcTLSCACertificateFile" requested \
2023-12-13T08:30:42.107095+01:00 bea-chicago slapd[63531]: => acl_mask: to value by \
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) \
2023-12-13T08:30:42.107182+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: \
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \
2023-12-13T08:30:42.107283+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] applying \
manage(=mwrscxd) (stop) 2023-12-13T08:30:42.107374+01:00 bea-chicago slapd[63531]: <= \
acl_mask: [1] mask: manage(=mwrscxd) 2023-12-13T08:30:42.107457+01:00 bea-chicago \
slapd[63531]: => slap_access_allowed: add access granted by manage(=mwrscxd) \
2023-12-13T08:30:42.107543+01:00 bea-chicago slapd[63531]: => access_allowed: add \
access granted by manage(=mwrscxd) 2023-12-13T08:30:42.107636+01:00 bea-chicago \
slapd[63531]: => access_allowed: result not in cache (olcTLSCertificateKeyFile) \
2023-12-13T08:30:42.107724+01:00 bea-chicago slapd[63531]: => access_allowed: add \
access to "cn=config" "olcTLSCertificateKeyFile" requested \
2023-12-13T08:30:42.107812+01:00 bea-chicago slapd[63531]: => acl_get: [1] attr \
olcTLSCertificateKeyFile 2023-12-13T08:30:42.107898+01:00 bea-chicago slapd[63531]: \
=> acl_mask: access to entry "cn=config", attr "olcTLSCertificateKeyFile" requested \
2023-12-13T08:30:42.107992+01:00 bea-chicago slapd[63531]: => acl_mask: to value by \
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) \
2023-12-13T08:30:42.108074+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: \
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \
2023-12-13T08:30:42.108157+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] applying \
manage(=mwrscxd) (stop) 2023-12-13T08:30:42.108240+01:00 bea-chicago slapd[63531]: <= \
acl_mask: [1] mask: manage(=mwrscxd) 2023-12-13T08:30:42.108323+01:00 bea-chicago \
slapd[63531]: => slap_access_allowed: add access granted by manage(=mwrscxd) \
2023-12-13T08:30:42.108398+01:00 bea-chicago slapd[63531]: => access_allowed: add \
access granted by manage(=mwrscxd) 2023-12-13T08:30:42.108494+01:00 bea-chicago \
slapd[63531]: => access_allowed: result not in cache (olcTLSCertificateFile) \
2023-12-13T08:30:42.108589+01:00 bea-chicago slapd[63531]: => access_allowed: add \
access to "cn=config" "olcTLSCertificateFile" requested \
2023-12-13T08:30:42.108678+01:00 bea-chicago slapd[63531]: => acl_get: [1] attr \
olcTLSCertificateFile 2023-12-13T08:30:42.108762+01:00 bea-chicago slapd[63531]: => \
acl_mask: access to entry "cn=config", attr "olcTLSCertificateFile" requested \
2023-12-13T08:30:42.108852+01:00 bea-chicago slapd[63531]: => acl_mask: to value by \
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) \
2023-12-13T08:30:42.108936+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: \
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \
2023-12-13T08:30:42.109014+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] applying \
manage(=mwrscxd) (stop) 2023-12-13T08:30:42.109090+01:00 bea-chicago slapd[63531]: <= \
acl_mask: [1] mask: manage(=mwrscxd) 2023-12-13T08:30:42.109172+01:00 bea-chicago \
slapd[63531]: => slap_access_allowed: add access granted by manage(=mwrscxd) \
2023-12-13T08:30:42.109253+01:00 bea-chicago slapd[63531]: => access_allowed: add \
access granted by manage(=mwrscxd) 2023-12-13T08:30:42.109337+01:00 bea-chicago \
slapd[63531]: slap_get_csn: conn=1001 op=1 generated new \
csn=20231213073042.095886Z#000000#000#000000 manage=1 \
2023-12-13T08:30:42.109424+01:00 bea-chicago slapd[63531]: slap_queue_csn: queueing \
0x7f57dc000ce0 20231213073042.095886Z#000000#000#000000 \
2023-12-13T08:30:42.109535+01:00 bea-chicago slapd[63531]: oc_check_required entry \
(cn=config), objectClass "olcGlobal" 2023-12-13T08:30:42.109647+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type "objectClass" 2023-12-13T08:30:42.109739+01:00 \
bea-chicago slapd[63531]: oc_check_allowed type "cn" 2023-12-13T08:30:42.109829+01:00 \
bea-chicago slapd[63531]: oc_check_allowed type "olcArgsFile" \
2023-12-13T08:30:42.109917+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
"olcLogLevel" 2023-12-13T08:30:42.110080+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type "olcPidFile" 2023-12-13T08:30:42.110173+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type "olcToolThreads" 2023-12-13T08:30:42.110266+01:00 \
bea-chicago slapd[63531]: oc_check_allowed type "structuralObjectClass" \
2023-12-13T08:30:42.110367+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
"entryUUID" 2023-12-13T08:30:42.110464+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type "creatorsName" 2023-12-13T08:30:42.110541+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type "createTimestamp" \
2023-12-13T08:30:42.110617+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
"olcTLSCACertificateFile" 2023-12-13T08:30:42.110707+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type "olcTLSCertificateKeyFile" 2023-12-13T08:30:42.110793+01:00 \
bea-chicago slapd[63531]: oc_check_allowed type "olcTLSCertificateFile" \
2023-12-13T08:30:42.110875+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
"entryCSN" 2023-12-13T08:30:42.110972+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type "modifiersName" 2023-12-13T08:30:42.111058+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type "modifyTimestamp" \
2023-12-13T08:30:42.111144+01:00 bea-chicago slapd[63531]: send_ldap_result: \
conn=1001 op=1 p=3 2023-12-13T08:30:42.111233+01:00 bea-chicago slapd[63531]: \
send_ldap_result: err=80 matched="" text="" 2023-12-13T08:30:42.111321+01:00 \
bea-chicago slapd[63531]: send_ldap_response: msgid=2 tag=103 err=80 \
2023-12-13T08:30:42.111407+01:00 bea-chicago slapd[63531]: conn=1001 op=1 RESULT \
tag=103 err=80 qtime=0.000070 etime=0.002380 text= 2023-12-13T08:30:42.111498+01:00 \
bea-chicago slapd[63531]: slap_graduate_commit_csn: removing 0x7f57dc000ce0 \
20231213073042.095886Z#000000#000#000000 2023-12-13T08:30:42.111590+01:00 bea-chicago \
slapd[63531]: daemon: activity on 1 descriptor

Best regards,

Jean-Luc


[Attachment #3 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-ligatures:standardcontextual;
	mso-fareast-language:EN-US;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hello dear community,<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal"><span lang="EN-US">I&#8217;m trying to enable LDAPS. I \
don&#8217;t understanrd what is cause error. Is anybody have an idea \
please?<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US">OpenLDAP is \
2.5.13, on Debian 12.<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">Here is our certificate chain definition:<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">dn: cn=config<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">add: \
olcTLSCACertificateFile<o:p></o:p></span></p> <p \
class="MsoNormal">olcTLSCACertificateFile: \
/etc/ssl/certs/LEXP_Infra_CA1.pem<o:p></o:p></p> <p class="MsoNormal"><span \
lang="EN-US">-<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US">add: \
olcTLSCertificateKeyFile<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">olcTLSCertificateKeyFile: \
/etc/ssl/private/annuaire.lexp.fr.key<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">-<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">add: olcTLSCertificateFile<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">olcTLSCertificateFile: \
/etc/ssl/certs/annuaire.lexp.fr.pem<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">-<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">Request is:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">root@bea-chicago:/etc# ldapmodify -Y EXTERNAL -H ldapi:/// -f \
/tmp/01-SSL.ldif<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">Result:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">SASL/EXTERNAL authentication started<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">SASL username: \
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">SASL SSF: 0<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">modifying entry \
&quot;cn=config&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">ldap_modify: Other (e.g., implementation specific) error \
(80)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">Here are slapd logs:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">cago slapd[63531]: daemon: activity on 1 \
descriptor<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.094605+01:00 bea-chicago slapd[63531]: daemon: \
activity on:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.094773+01:00 bea-chicago slapd[63531]: \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.094922+01:00 bea-chicago slapd[63531]: \
slap_listener_activate(10): <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.095070+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.095216+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.095352+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=10 busy<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.095489+01:00 bea-chicago \
slapd[63531]: &gt;&gt;&gt; slap_listener(ldapi:///)<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.095658+01:00 bea-chicago \
slapd[63531]: daemon: accept() = 12<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.095790+01:00 bea-chicago slapd[63531]: daemon: \
listen=10, new connection on 12<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.095927+01:00 bea-chicago slapd[63531]: daemon: \
activity on 1 descriptor<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.096046+01:00 bea-chicago slapd[63531]: daemon: \
activity on:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.096165+01:00 bea-chicago slapd[63531]: \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.096284+01:00 bea-chicago slapd[63531]: daemon: \
epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.096424+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.096545+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=10 active_threads=0 \
tvp=zero<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.096701+01:00 bea-chicago slapd[63531]: daemon: added \
12r (active) listener=(nil)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.096832+01:00 bea-chicago slapd[63531]: daemon: \
activity on 1 descriptor<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.096981+01:00 bea-chicago slapd[63531]: daemon: \
activity on:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.097099+01:00 bea-chicago slapd[63531]:&nbsp; \
12r<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.097227+01:00 bea-chicago slapd[63531]: \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.097335+01:00 bea-chicago slapd[63531]: daemon: read \
active on 12<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.097503+01:00 bea-chicago slapd[63531]: conn=1001 \
fd=12 ACCEPT from PATH=/var/run/slapd/ldapi \
(PATH=/var/run/slapd/ldapi)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.097727+01:00 bea-chicago slapd[63531]: daemon: \
epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.097845+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.098084+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=10 active_threads=0 \
tvp=zero<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.098282+01:00 bea-chicago slapd[63531]: daemon: \
activity on 1 descriptor<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.098501+01:00 bea-chicago slapd[63531]: daemon: \
activity on:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.098688+01:00 bea-chicago slapd[63531]: \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.098848+01:00 bea-chicago slapd[63531]: daemon: \
epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.099006+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.099205+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=10 active_threads=0 \
tvp=zero<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.099396+01:00 bea-chicago slapd[63531]: \
connection_get(12)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.099620+01:00 bea-chicago slapd[63531]: \
connection_get(12): got connid=1001<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.099824+01:00 bea-chicago slapd[63531]: \
connection_read(12): checking for input on id=1001<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.100038+01:00 bea-chicago \
slapd[63531]: op tag 0x60, time 1702452642<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.100268+01:00 bea-chicago \
slapd[63531]: conn=1001 op=0 do_bind<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.100499+01:00 bea-chicago slapd[63531]: daemon: \
activity on 1 descriptor<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.100687+01:00 bea-chicago slapd[63531]: daemon: \
activity on:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.100882+01:00 bea-chicago slapd[63531]: \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.101076+01:00 bea-chicago slapd[63531]: daemon: \
epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.101292+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.101503+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=10 active_threads=0 \
tvp=zero<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.101781+01:00 bea-chicago slapd[63531]: &gt;&gt;&gt; \
dnPrettyNormal: &lt;&gt;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.102002+01:00 bea-chicago slapd[63531]: &lt;&lt;&lt; \
dnPrettyNormal: &lt;&gt;, &lt;&gt;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.102205+01:00 bea-chicago slapd[63531]: conn=1001 \
op=0 BIND dn=&quot;&quot; method=163<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.102431+01:00 bea-chicago slapd[63531]: do_bind: dn \
() SASL mech EXTERNAL<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.102525+01:00 bea-chicago slapd[63531]: ==&gt; \
sasl_bind: dn=&quot;&quot; mech=EXTERNAL datalen=0<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.102620+01:00 bea-chicago \
slapd[63531]: SASL Canonicalize [conn=1001]: \
authcid=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot;<o:p></o:p></span></p>
 <p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.102709+01:00 bea-chicago \
slapd[63531]: slap_sasl_getdn: conn 1001 \
id=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \
[len=55]<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.102817+01:00 bea-chicago slapd[63531]: \
==&gt;slap_sasl2dn: converting SASL name \
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.102908+01:00 bea-chicago \
slapd[63531]: &lt;==slap_sasl2dn: Converted SASL name to \
&lt;nothing&gt;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.103004+01:00 bea-chicago slapd[63531]: SASL \
Canonicalize [conn=1001]: \
slapAuthcDN=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot;<o:p></o:p></span></p>
 <p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.103121+01:00 bea-chicago \
slapd[63531]: SASL proxy authorize [conn=1001]: \
authcid=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot; \
authzid=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot;<o:p></o:p></span></p>
 <p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.103220+01:00 bea-chicago \
slapd[63531]: conn=1001 op=0 BIND \
authcid=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot; \
authzid=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot;<o:p></o:p></span></p>
 <p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.103322+01:00 bea-chicago \
slapd[63531]: SASL Authorize [conn=1001]:&nbsp; proxy authorization allowed \
authzDN=&quot;&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.103421+01:00 bea-chicago slapd[63531]: \
send_ldap_sasl: err=0 len=-1<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.103527+01:00 bea-chicago slapd[63531]: conn=1001 \
op=0 BIND dn=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot; \
mech=EXTERNAL bind_ssf=0 ssf=71<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.103619+01:00 bea-chicago slapd[63531]: do_bind: \
SASL/EXTERNAL bind: dn=&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot; \
bind_ssf=0<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.103713+01:00 bea-chicago slapd[63531]: \
send_ldap_response: msgid=1 tag=97 err=0<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.103804+01:00 bea-chicago \
slapd[63531]: conn=1001 op=0 RESULT tag=97 err=0 qtime=0.000061 etime=0.000517 \
text=<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.103913+01:00 bea-chicago slapd[63531]: &lt;== \
slap_sasl_bind: rc=0<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104010+01:00 bea-chicago slapd[63531]: daemon: \
activity on 1 descriptor<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104102+01:00 bea-chicago slapd[63531]: daemon: \
activity on:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104185+01:00 bea-chicago slapd[63531]:&nbsp; \
12r<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104268+01:00 bea-chicago slapd[63531]: \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104352+01:00 bea-chicago slapd[63531]: daemon: read \
active on 12<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104435+01:00 bea-chicago slapd[63531]: daemon: \
epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.104518+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.104600+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=10 active_threads=0 \
tvp=zero<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104683+01:00 bea-chicago slapd[63531]: \
connection_get(12)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104766+01:00 bea-chicago slapd[63531]: \
connection_get(12): got connid=1001<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.104851+01:00 bea-chicago slapd[63531]: \
connection_read(12): checking for input on id=1001<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.104941+01:00 bea-chicago \
slapd[63531]: op tag 0x66, time 1702452642<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105037+01:00 bea-chicago \
slapd[63531]: conn=1001 op=1 do_modify<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105129+01:00 bea-chicago \
slapd[63531]: conn=1001 op=1 do_modify: dn (cn=config)<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105223+01:00 bea-chicago \
slapd[63531]: &gt;&gt;&gt; dnPrettyNormal: &lt;cn=config&gt;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105316+01:00 bea-chicago \
slapd[63531]: daemon: activity on 1 descriptor<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105401+01:00 bea-chicago \
slapd[63531]: daemon: activity on:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.105486+01:00 bea-chicago slapd[63531]: \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.105587+01:00 bea-chicago slapd[63531]: &lt;&lt;&lt; \
dnPrettyNormal: &lt;cn=config&gt;, &lt;cn=config&gt;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105675+01:00 bea-chicago \
slapd[63531]: conn=1001 op=1 modifications:<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105770+01:00 bea-chicago \
slapd[63531]: #011add: olcTLSCACertificateFile<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105862+01:00 bea-chicago \
slapd[63531]: #011#011one value, length 33<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.105951+01:00 bea-chicago \
slapd[63531]: #011add: olcTLSCertificateKeyFile<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.106034+01:00 bea-chicago \
slapd[63531]: #011#011one value, length 37<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.106124+01:00 bea-chicago \
slapd[63531]: #011add: olcTLSCertificateFile<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.106219+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.106303+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.106387+01:00 bea-chicago \
slapd[63531]: daemon: epoll: listen=10 active_threads=0 \
tvp=zero<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.106469+01:00 bea-chicago slapd[63531]: #011#011one \
value, length 35<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.106557+01:00 bea-chicago slapd[63531]: conn=1001 \
op=1 MOD dn=&quot;cn=config&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.106644+01:00 bea-chicago slapd[63531]: conn=1001 \
op=1 MOD attr=olcTLSCACertificateFile olcTLSCertificateKeyFile \
olcTLSCertificateFile<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.106737+01:00 bea-chicago slapd[63531]: =&gt; \
access_allowed: result not in cache (olcTLSCACertificateFile)<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.106918+01:00 bea-chicago \
slapd[63531]: =&gt; acl_get: [1] attr olcTLSCACertificateFile<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107007+01:00 bea-chicago \
slapd[63531]: =&gt; acl_mask: access to entry &quot;cn=config&quot;, attr \
&quot;olcTLSCACertificateFile&quot; requested<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107095+01:00 bea-chicago \
slapd[63531]: =&gt; acl_mask: to value by \
&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot;, (=0) \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.107182+01:00 bea-chicago slapd[63531]: &lt;= check \
a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<o:p></o:p></span></p>
 <p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107283+01:00 bea-chicago \
slapd[63531]: &lt;= acl_mask: [1] applying manage(=mwrscxd) \
(stop)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.107374+01:00 bea-chicago slapd[63531]: &lt;= \
acl_mask: [1] mask: manage(=mwrscxd)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.107457+01:00 bea-chicago slapd[63531]: =&gt; \
slap_access_allowed: add access granted by manage(=mwrscxd)<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107543+01:00 bea-chicago \
slapd[63531]: =&gt; access_allowed: add access granted by \
manage(=mwrscxd)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.107636+01:00 bea-chicago slapd[63531]: =&gt; \
access_allowed: result not in cache (olcTLSCertificateKeyFile)<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107724+01:00 bea-chicago \
slapd[63531]: =&gt; access_allowed: add access to &quot;cn=config&quot; \
&quot;olcTLSCertificateKeyFile&quot; requested<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107812+01:00 bea-chicago \
slapd[63531]: =&gt; acl_get: [1] attr olcTLSCertificateKeyFile<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107898+01:00 bea-chicago \
slapd[63531]: =&gt; acl_mask: access to entry &quot;cn=config&quot;, attr \
&quot;olcTLSCertificateKeyFile&quot; requested<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.107992+01:00 bea-chicago \
slapd[63531]: =&gt; acl_mask: to value by \
&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot;, (=0) \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.108074+01:00 bea-chicago slapd[63531]: &lt;= check \
a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<o:p></o:p></span></p>
 <p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.108157+01:00 bea-chicago \
slapd[63531]: &lt;= acl_mask: [1] applying manage(=mwrscxd) \
(stop)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.108240+01:00 bea-chicago slapd[63531]: &lt;= \
acl_mask: [1] mask: manage(=mwrscxd)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.108323+01:00 bea-chicago slapd[63531]: =&gt; \
slap_access_allowed: add access granted by manage(=mwrscxd)<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.108398+01:00 bea-chicago \
slapd[63531]: =&gt; access_allowed: add access granted by \
manage(=mwrscxd)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.108494+01:00 bea-chicago slapd[63531]: =&gt; \
access_allowed: result not in cache (olcTLSCertificateFile)<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.108589+01:00 bea-chicago \
slapd[63531]: =&gt; access_allowed: add access to &quot;cn=config&quot; \
&quot;olcTLSCertificateFile&quot; requested<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.108678+01:00 bea-chicago \
slapd[63531]: =&gt; acl_get: [1] attr olcTLSCertificateFile<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.108762+01:00 bea-chicago \
slapd[63531]: =&gt; acl_mask: access to entry &quot;cn=config&quot;, attr \
&quot;olcTLSCertificateFile&quot; requested<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.108852+01:00 bea-chicago \
slapd[63531]: =&gt; acl_mask: to value by \
&quot;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&quot;, (=0) \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.108936+01:00 bea-chicago slapd[63531]: &lt;= check \
a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<o:p></o:p></span></p>
 <p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.109014+01:00 bea-chicago \
slapd[63531]: &lt;= acl_mask: [1] applying manage(=mwrscxd) \
(stop)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.109090+01:00 bea-chicago slapd[63531]: &lt;= \
acl_mask: [1] mask: manage(=mwrscxd)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.109172+01:00 bea-chicago slapd[63531]: =&gt; \
slap_access_allowed: add access granted by manage(=mwrscxd)<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.109253+01:00 bea-chicago \
slapd[63531]: =&gt; access_allowed: add access granted by \
manage(=mwrscxd)<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.109337+01:00 bea-chicago slapd[63531]: slap_get_csn: \
conn=1001 op=1 generated new csn=20231213073042.095886Z#000000#000#000000 \
manage=1<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.109424+01:00 bea-chicago slapd[63531]: \
slap_queue_csn: queueing 0x7f57dc000ce0 \
20231213073042.095886Z#000000#000#000000<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.109535+01:00 bea-chicago \
slapd[63531]: oc_check_required entry (cn=config), objectClass \
&quot;olcGlobal&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.109647+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type &quot;objectClass&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.109739+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;cn&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.109829+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;olcArgsFile&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.109917+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;olcLogLevel&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110080+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;olcPidFile&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110173+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;olcToolThreads&quot;<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110266+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type \
&quot;structuralObjectClass&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.110367+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type &quot;entryUUID&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110464+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;creatorsName&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110541+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;createTimestamp&quot;<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110617+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type \
&quot;olcTLSCACertificateFile&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.110707+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type &quot;olcTLSCertificateKeyFile&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110793+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type \
&quot;olcTLSCertificateFile&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.110875+01:00 bea-chicago slapd[63531]: \
oc_check_allowed type &quot;entryCSN&quot;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.110972+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;modifiersName&quot;<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.111058+01:00 bea-chicago \
slapd[63531]: oc_check_allowed type &quot;modifyTimestamp&quot;<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.111144+01:00 bea-chicago \
slapd[63531]: send_ldap_result: conn=1001 op=1 p=3<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.111233+01:00 bea-chicago \
slapd[63531]: send_ldap_result: err=80 matched=&quot;&quot; \
text=&quot;&quot;<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.111321+01:00 bea-chicago slapd[63531]: \
send_ldap_response: msgid=2 tag=103 err=80<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.111407+01:00 bea-chicago \
slapd[63531]: conn=1001 op=1 RESULT tag=103 err=80 qtime=0.000070 etime=0.002380 \
text=<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">2023-12-13T08:30:42.111498+01:00 bea-chicago slapd[63531]: \
slap_graduate_commit_csn: removing 0x7f57dc000ce0 \
20231213073042.095886Z#000000#000#000000<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">2023-12-13T08:30:42.111590+01:00 bea-chicago \
slapd[63531]: daemon: activity on 1 descriptor<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">Best regards,<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p>&nbsp;</o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">Jean-Luc<o:p></o:p></span></p> </div>
</body>
</html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic