# ldap server running but nss_ldap failed to bind

## hoacker

Hi, there. This the second attempt to get LDAP to work on my little home server and again no success after hours and days reading howtos, editing config files, reading logs and searching the net for a solution.

I've followed the gentoo ldap howto and the server is running. I can successfully connect to the server through phpldapadmin and ldapsearch returns the ldap entries. 

When slapd is starting I get the following messages:

```
Dec 31 16:20:17 steward slapd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server

Dec 31 16:20:17 steward slapd: nss_ldap: could not search LDAP server - Server is unavailable

```

Getent does not return the ldap users:

```
# getent passwd | grep 0:0

root:x:0:0:root:/root:/bin/bash
```

I suppose that just few lines of the config needs to be changed, but I don't get it. Maybe someone can help me?

Here's the server config files:

/etc/openldap/slapd.conf:

```
include         /etc/openldap/schema/core.schema                                   

include         /etc/openldap/schema/cosine.schema                                 

include         /etc/openldap/schema/inetorgperson.schema                          

include         /etc/openldap/schema/nis.schema                                    

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

modulepath      /usr/lib64/openldap/openldap

moduleload      back_hdb.so                 

access to dn.base="" by * read                           

access to dn.base="cn=Subschema" by * read               

access to *                                              

  by self write                                          

  by users read                                          

  by anonymous auth                                      

database        hdb

suffix          "dc=b15,dc=lan"

checkpoint      32      30

rootdn          "cn=Manager,dc=b15,dc=lan"

rootpw  {SSHA}**********

directory       /var/lib/openldap-data

index   objectClass     eq
```

/etc/openldap/ldap.conf:

```
BASE            dc=b15,dc=lan

URI             ldap://127.0.0.1:389

TLS_REQCERT     allow

```

/etc/ldap.conf:

```
suffix          "dc=b15,dc=lan"

bind_policy soft

uri ldap://127.0.0.1

pam_password exop

ldap_version 3

pam_filter objectclass=posixAccount

pam_login_attribute uid

pam_member_attribute memberuid

nss_base_passwd ou=People,dc=b15,dc=lan

nss_base_shadow ou=People,dc=b15,dc=lan

nss_base_group  ou=Group,dc=b15,dc=lan

nss_base_hosts  ou=Hosts,dc=b15,dc=lan

scope one
```

/etc/nsswitch.conf (selection):

```
passwd:      db files ldap

group:       db files ldap

shadow:      db files ldap

```

----------

## your_WooDness

Hi there,

I am not really a specialist in LDAP, but is the IP address correct? It's the localhost address 127.0.0.1. Shouldn't this rather be the outter IP address or hostname.domain?

I think you also have to add some entries in /etc/pam.d/login to get the user credentials when logging in as a LDAP user.

edit: when you are editing the /etc/pam.d/login, always keep the console and the editor your are editing the file with open. Just save the login file and try if the LDAP users can login. You can make that nobody! can login anymore when doing something wrong here. Happened to me once...   :Very Happy: 

WooD

----------

## charlieclark

Hi,

Has anyone found a fix for this, I am having the same problem:

server ~ # cat /etc/conf.d/slapd 

# conf.d file for openldap

#

# To enable both the standard unciphered server and the ssl encrypted

# one uncomment this line or set any other server starting options

# you may desire.

#

# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"

# Uncomment the below to use the new slapd configuration for openldap 2.3

OPTS="-f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -d 255"

server ~ # cat /etc/ldap.conf

suffix          "dc=example,dc=com"

#rootbinddn uid=root,ou=People,dc=example,dc=com

uri	ldap://

pam_password exop

ldap_version 3

pam_filter objectclass=posixAccount

pam_login_attribute uid

pam_member_attribute memberuid

nss_base_passwd ou=People,dc=example,dc=com

nss_base_shadow ou=People,dc=example,dc=com

nss_base_group  ou=Group,dc=example,dc=com

nss_base_hosts  ou=Hosts,dc=example,dc=com

scope one

server ~ # cat /etc/openldap/slapd.conf

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include		/etc/openldap/schema/core.schema

include		/etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/duaconf.schema

include		/etc/openldap/schema/inetorgperson.schema

include		/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral	ldap://root.openldap.org

pidfile		/var/run/openldap/slapd.pid

argsfile	/var/run/openldap/slapd.args

# Load dynamic backend modules:

modulepath	/usr/lib64/openldap/openldap

# moduleload	back_sock.so

# moduleload	back_shell.so

# moduleload	back_relay.so

# moduleload	back_passwd.so

# moduleload	back_null.so

# moduleload	back_monitor.so

# moduleload	back_meta.so

# moduleload	back_ldap.so

# moduleload	back_dnssrv.so

# Sample security restrictions

#	Require integrity protection (prevent hijacking)

#	Require 112-bit (3DES or better) encryption for updates

#	Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

#	Root DSE: allow anyone to read it

#	Subschema (sub)entry DSE: allow anyone to read it

#	Other DSEs:

#		Allow self write access

#		Allow authenticated users read access

#		Allow anonymous users to authenticate

#	Directives needed to implement policy:

access to dn.base="" by * read

access to dn.base="cn=Subschema" by * read

access to *

	by self write

	by users read

	by anonymous auth

#

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn.  (e.g., "access to * by * read")

#

# rootdn can always read and write EVERYTHING!

#######################################################################

# BDB database definitions

#######################################################################

database	hdb

suffix		"dc=example,dc=com"

#         <kbyte> <min>

checkpoint	32	30 

rootdn		"cn=Manager,dc=example,dc=com"

# Cleartext passwords, especially for the rootdn, should

# be avoid.  See slappasswd( :Cool:  and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw		{SSHA}XXXXXXXXXXXX

# The database directory MUST exist prior to running slapd AND 

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory	/var/lib/openldap-data

# Indices to maintain

index	objectClass	eq

server ~ # cat /etc/openldap/ldap.conf 

#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

BASE		dc=example,dc=com

URI		ldap://ldap ldap://ldap:666 ldaps://ldap

TLS_REQCERT	allow

#SIZELIMIT	12

#TIMELIMIT	15

#DEREF		never

server ~ # /etc/init.d/slapd restart

 * Starting ldap-server ...

@(#) $OpenLDAP: slapd 2.4.24 (Apr 26 2011 13:08:01) $

	@server:/var/tmp/portage/net-nds/openldap-2.4.24/work/openldap-2.4.24/servers/slapd

ldap_pvt_gethostbyname_a: host=server, r=0

daemon_init: ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock

daemon_init: listen on ldaps://

daemon_init: listen on ldap://

daemon_init: listen on ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock

daemon_init: 3 listeners to open...

ldap_url_parse_ext(ldaps://)

daemon: listener initialized ldaps://

ldap_url_parse_ext(ldap://)

daemon: listener initialized ldap://

ldap_url_parse_ext(ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock)

daemon: listener initialized ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock

daemon_init: 5 listeners opened

ldap_create

ldap_url_parse_ext(ldap://)

ldap_create

ldap_url_parse_ext(ldap://)

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_err2string

ldap_create

ldap_url_parse_ext(ldap://)

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_create

ldap_url_parse_ext(ldap://)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_int_poll: fd: 12 tm: 30

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_pvt_connect: -1

ldap_close_socket: 12

ldap_err2string

ldap_unbind

ldap_err2string

ldap_create

slapd init: initiated server.

bdb_back_initialize: initialize BDB backend

bdb_back_initialize: Berkeley DB 4.8.30: (2011-04-24)

hdb_back_initialize: initialize HDB backend

hdb_back_initialize: Berkeley DB 4.8.30: (2011-04-24)

backend_startup_one: starting "cn=config"

reading config file /etc/openldap/slapd.conf

line 5 (include		/etc/openldap/schema/core.schema)

reading config file /etc/openldap/schema/core.schema

line 78 (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ))

line 87 (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name ))

line 93 (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ))

line 100 (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two-letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SINGLE-VALUE ))

line 108 (attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP name ))

line 112 (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name ))

line 118 (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))

line 122 (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name ))

line 126 (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object belongs to' SUP name ))

line 130 (attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ))

line 142 (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ))

line 148 (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))

line 154 (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))

line 160 (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ))

line 166 (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ))

line 172 (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))

line 178 (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ))

line 182 (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ))

line 186 (attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ))

line 190 (attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ))

line 196 (attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ))

line 202 (attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ))

line 207 (attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))

line 213 (attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ))

line 218 (attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE ))

line 224 (attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE ))

line 229 (attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ))

line 233 (attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName ))

line 237 (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName ))

line 241 (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ))

line 259 (attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ))

line 266 (attributetype ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ))

line 271 (attributetype ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))

line 276 (attributetype ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))

line 281 (attributetype ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ))

line 291 (attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) for which the entity is known by' SUP name ))

line 295 (attributetype ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some or all of names, but not the surname(s).' SUP name ))

line 299 (attributetype ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qualifier indicating a generation' SUP name ))

line 304 (attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ))

line 311 (attributetype ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ))

line 315 (attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ))

line 320 (attributetype ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ))

line 330 (attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ))

line 336 (attributetype ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ))

line 341 (attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ))

line 346 (attributetype ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))

line 350 (attributetype ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP name ))

line 354 (attributetype ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ))

line 374 (objectclass ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) ))

line 379 (objectclass ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ))

line 390 (objectclass ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 	x121Address $ registeredAddress $ destinationIndicator $ 	preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 	telephoneNumber $ internationaliSDNNumber $  	facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 	postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ))

line 401 (objectclass ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 	x121Address $ registeredAddress $ destinationIndicator $ 	preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 	telephoneNumber $ internationaliSDNNumber $ 	facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 	postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ))

line 407 (objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ))

line 416 (objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ 	preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 	telephoneNumber $ internationaliSDNNumber $  	facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 	postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ))

line 427 (objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ 	preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 	telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ 	seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ 	postOfficeBox $ postalCode $ postalAddress $ 	physicalDeliveryOfficeName $ ou $ st $ l $ description ) ))

line 433 (objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ))

line 444 (objectclass ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ 	destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 	teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ 	facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ 	postOfficeBox $ postalCode $ postalAddress $ 	physicalDeliveryOfficeName $ st $ l ) ))

line 450 (objectclass ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) ))

line 457 (objectclass ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ))

line 462 (objectclass ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation ))

line 468 (objectclass ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ))

line 473 (objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a strong authentication user' SUP top AUXILIARY MUST userCertificate ))

line 479 (objectclass ( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ 	cACertificate ) MAY crossCertificatePair ))

line 485 (objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ))

line 490 (objectclass ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms ) ))

line 494 (objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certificationAuthority AUXILIARY MAY ( deltaRevocationList ) ))

line 500 (objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ 	deltaRevocationList ) ))

line 510 (objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 	x121Address $ registeredAddress $ destinationIndicator $ 	preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 	telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ 	street $ postOfficeBox $ postalCode $ postalAddress $ 	physicalDeliveryOfficeName $ st $ l $ description ) ))

line 518 (objectclass ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP top AUXILIARY MAY userCertificate ))

line 524 (objectclass ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList $ 	cACertificate $ crossCertificatePair ) ))

line 529 (objectclass ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top AUXILIARY MAY deltaRevocationList ))

line 542 (objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY ( labeledURI ) ))

line 559 (attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox'    EQUALITY caseIgnoreIA5Match    SUBSTR caseIgnoreIA5SubstringsMatch    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ))

line 564 (objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword ))

line 572 (attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ))

line 577 (objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain component object' SUP top AUXILIARY MUST dc ))

line 582 (objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' SUP top AUXILIARY MUST uid ))

line 601 (attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 609 (attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ))

line 6 (include		/etc/openldap/schema/cosine.schema)

reading config file /etc/openldap/schema/cosine.schema

line 130 (attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 168 (attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: general information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ))

line 187 (attributetype ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 205 (attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 227 (attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ))

line 248 (attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC1274: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 264 (attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 279 (attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1274: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ))

line 296 (attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 312 (attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 329 (attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DESC 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 344 (attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ))

line 361 (attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 380 (attributetype ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ))

line 395 (attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ))

line 411 (attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ))

line 480 (attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 486 (attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 501 (attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 516 (attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 531 (attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 546 (attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 581 (attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ))

line 599 (attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))

line 616 (attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 635 (attributetype ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ))

line 653 (attributetype ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ))

line 671 (attributetype ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))

line 691 (attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 713 (attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 734 (attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ))

line 764 (attributetype ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ))

line 781 (attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))

line 796 (attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RFC1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ))

line 811 (attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ))

line 827 (attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ))

line 843 (attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ))

line 865 (attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ))

line 884 (attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ))

line 900 (attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ))

line 916 (attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))

line 1084 (objectclass ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ 	favouriteDrink $ roomNumber $ userClass $ 	homeTelephoneNumber $ homePostalAddress $ secretary $ 	personalTitle $ preferredDeliveryMethod $ businessCategory $ 	janetMailbox $ otherMailbox $ mobileTelephoneNumber $ 	pagerTelephoneNumber $ organizationalStatus $ 	mailPreferenceOption $ personalSignature ) ))

line 1110 (objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST userid MAY ( description $ seeAlso $ localityName $ 	organizationName $ organizationalUnitName $ host ) ))

line 1142 (objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ localityName $ 	organizationName $ organizationalUnitName $ 	documentTitle $ documentVersion $ documentAuthor $ 	documentLocation $ documentPublisher ) ))

line 1165 (objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) ))

line 1191 (objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ 	localityName $ organizationName $ organizationalUnitName ) ))

line 1222 (objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL MUST domainComponent MAY ( associatedName $ organizationName $ description $ 	businessCategory $ seeAlso $ searchGuide $ userPassword $ 	localityName $ stateOrProvinceName $ streetAddress $ 	physicalDeliveryOfficeName $ postalAddress $ postalCode $ 	postOfficeBox $ streetAddress $ 	facsimileTelephoneNumber $ internationalISDNNumber $ 	telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ 	preferredDeliveryMethod $ destinationIndicator $ 	registeredAddress $ x121Address ) ))

line 1252 (objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ 	physicalDeliveryOfficeName $ postalAddress $ postalCode $ 	postOfficeBox $ streetAddress $ 	facsimileTelephoneNumber $ internationalISDNNumber $ 	telephoneNumber $ teletexTerminalIdentifier $ 	telexNumber $ preferredDeliveryMethod $ destinationIndicator $ 	registeredAddress $ x121Address ) ))

line 1275 (objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ 	SOARecord $ CNAMERecord ) ))

line 1293 (objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associatedDomain ))

line 1311 (objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country STRUCTURAL MUST friendlyCountryName ))

line 1345 (objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ))

line 1361 (objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STRUCTURAL MAY dSAQuality ))

line 1382 (objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) ))

line 7 (include         /etc/openldap/schema/duaconf.schema)

reading config file /etc/openldap/schema/duaconf.schema

line 103 (objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1)

line 147 (attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'            DESC 'Default LDAP server host address used by a DUA'            EQUALITY caseIgnoreMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15            SINGLE-VALUE ))

line 153 (attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'            DESC 'Default LDAP base DN used by a DUA'            EQUALITY distinguishedNameMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.12            SINGLE-VALUE ))

line 160 (attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'            DESC 'Preferred LDAP server host addresses to be used by a            DUA'            EQUALITY caseIgnoreMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15            SINGLE-VALUE ))

line 167 (attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'            DESC 'Maximum time in seconds a DUA should allow for a            search to complete'            EQUALITY integerMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27            SINGLE-VALUE ))

line 174 (attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'            DESC 'Maximum time in seconds a DUA should allow for the            bind operation to complete'            EQUALITY integerMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27            SINGLE-VALUE ))

line 181 (attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'            DESC 'Tells DUA if it should follow referrals            returned by a DSA search result'            EQUALITY booleanMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.7            SINGLE-VALUE ))

line 187 (attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'            DESC 'Tells DUA if it should dereference aliases'            EQUALITY booleanMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.7            SINGLE-VALUE ))

line 194 (attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'            DESC 'A keystring which identifies the type of            authentication method used to contact the DSA'            EQUALITY caseIgnoreMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15            SINGLE-VALUE ))

line 201 (attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'            DESC 'Time to live, in seconds, before a client DUA            should re-read this configuration profile'            EQUALITY integerMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27            SINGLE-VALUE ))

line 206 (attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'            DESC 'LDAP search descriptor list used by a DUA'            EQUALITY caseExactMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))

line 211 (attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'            DESC 'Attribute mappings used by a DUA'            EQUALITY caseIgnoreIA5Match            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 218 (attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'            DESC 'Identifies type of credentials a DUA should            use when binding to the LDAP server'            EQUALITY caseIgnoreIA5Match            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26            SINGLE-VALUE ))

line 223 (attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'            DESC 'Objectclass mappings used by a DUA'            EQUALITY caseIgnoreIA5Match            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 229 (attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'            DESC 'Default search scope used by a DUA'            EQUALITY caseIgnoreIA5Match            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26            SINGLE-VALUE ))

line 236 (attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'            DESC 'Identifies type of credentials a DUA            should use when binding to the LDAP server for a            specific service'            EQUALITY caseIgnoreIA5Match            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 241 (attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'            DESC 'Authentication method used by a service of the DUA'            EQUALITY caseIgnoreMatch            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))

line 261 (objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'          SUP top STRUCTURAL          DESC 'Abstraction of a base configuration for a DUA'          MUST ( cn )          MAY ( defaultServerList $ preferredServerList $                defaultSearchBase $ defaultSearchScope $                searchTimeLimit $ bindTimeLimit $                credentialLevel $ authenticationMethod $                followReferrals $ dereferenceAliases $                serviceSearchDescriptor $ serviceCredentialLevel $                serviceAuthenticationMethod $ objectclassMap $                attributeMap $ profileTTL ) ))

line 8 (include		/etc/openldap/schema/inetorgperson.schema)

reading config file /etc/openldap/schema/inetorgperson.schema

line 36 (attributetype ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2798: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))

line 46 (attributetype ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2798: identifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))

line 59 (attributetype ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ))

line 70 (attributetype ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RFC2798: numerically identifies an employee within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ))

line 81 (attributetype ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))

line 92 (attributetype ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ))

line 107 (attributetype ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ))

line 123 (attributetype ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ))

line 135 (attributetype ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ))

line 155 (objectclass	( 2.16.840.1.113730.3.2.2    NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person'    SUP organizationalPerson    STRUCTURAL MAY ( 	audio $ businessCategory $ carLicense $ departmentNumber $ 	displayName $ employeeNumber $ employeeType $ givenName $ 	homePhone $ homePostalAddress $ initials $ jpegPhoto $ 	labeledURI $ mail $ manager $ mobile $ o $ pager $ 	photo $ roomNumber $ secretary $ uid $ userCertificate $ 	x500uniqueIdentifier $ preferredLanguage $ 	userSMIMECertificate $ userPKCS12 ) ))

line 9 (include		/etc/openldap/schema/nis.schema)

reading config file /etc/openldap/schema/nis.schema

line 53 (attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ))

line 58 (attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ))

line 63 (attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ))

line 67 (attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 71 (attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 75 (attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 79 (attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 83 (attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 87 (attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 91 (attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 96 (attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 101 (attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 105 (attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup triple' SYNTAX 1.3.6.1.1.1.0.0 ))

line 109 (attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 112 (attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ))

line 116 (attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 120 (attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ))

line 125 (attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ))

line 130 (attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ))

line 135 (attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ))

line 140 (attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ))

line 144 (attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd parameter' SYNTAX 1.3.6.1.1.1.0.1 ))

line 149 (attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))

line 152 (attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ))

line 157 (attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE ))

line 165 (objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ))

line 173 (objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword $ shadowLastChange $ shadowMin $       shadowMax $ shadowWarning $ shadowInactive $       shadowExpire $ shadowFlag $ description ) ))

line 179 (objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ description ) ))

line 185 (objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY ( description ) ))

line 191 (objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description ) MAY description ))

line 197 (objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an ONC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) MAY description ))

line 203 (objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a host, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ description $ manager ) ))

line 209 (objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of an IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmaskNumber $ l $ description $ manager ) ))

line 215 (objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ))

line 221 (objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstraction of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ))

line 227 (objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY description ))

line 232 (objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device with a MAC address' SUP top AUXILIARY MAY macAddress ))

line 237 (objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ))

line 17 (pidfile		/var/run/openldap/slapd.pid)

line 18 (argsfile	/var/run/openldap/slapd.args)

line 21 (modulepath	/usr/lib64/openldap/openldap)

line 46 (access to dn.base="" by * read)

>>> dnNormalize: <>

<<< dnNormalize: <>

Backend ACL: access to dn.base=""

	by * read

line 47 (access to dn.base="cn=Subschema" by * read)

>>> dnNormalize: <cn=Subschema>

=> ldap_bv2dn(cn=Subschema,0)

<= ldap_bv2dn(cn=Subschema)=0 

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=subschema)=0 

<<< dnNormalize: <cn=subschema>

Backend ACL: access to dn.base="cn=subschema"

	by * read

line 51 (access to * by self write by users read by anonymous auth)

Backend ACL: access to *

	by self write

	by users read

	by anonymous auth

line 63 (database	hdb)

hdb_db_init: Initializing HDB database

line 64 (suffix		"dc=example,dc=com")

>>> dnPrettyNormal: <dc=example,dc=com>

=> ldap_bv2dn(dc=example,dc=com,0)

<= ldap_bv2dn(dc=example,dc=com)=0 

=> ldap_dn2bv(272)

<= ldap_dn2bv(dc=example,dc=com)=0 

=> ldap_dn2bv(272)

<= ldap_dn2bv(dc=example,dc=com)=0 

<<< dnPrettyNormal: <dc=example,dc=com>, <dc=example,dc=com>

line 66 (checkpoint	32	30 )

line 67 (rootdn		"cn=Manager,dc=example,dc=com")

>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>

=> ldap_bv2dn(cn=Manager,dc=example,dc=com,0)

<= ldap_bv2dn(cn=Manager,dc=example,dc=com)=0 

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=Manager,dc=example,dc=com)=0 

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=manager,dc=example,dc=com)=0 

<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com>

line 71 (rootpw ***)

line 75 (directory	/var/lib/openldap-data)

line 77 (index	objectClass	eq)

index objectClass 0x0004

>>> dnNormalize: <cn=Subschema>

=> ldap_bv2dn(cn=Subschema,0)

<= ldap_bv2dn(cn=Subschema)=0 

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=subschema)=0 

<<< dnNormalize: <cn=subschema>

matching_rule_use_init

    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ mailPreferenceOption $ searchTimeLimit $ bindTimeLimit $ profileTTL $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )

    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ mailPreferenceOption $ searchTimeLimit $ bindTimeLimit $ profileTTL $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )

    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ attributeMap $ credentialLevel $ objectclassMap $ defaultSearchScope $ serviceCredentialLevel $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )

    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ attributeMap $ credentialLevel $ objectclassMap $ defaultSearchScope $ serviceCredentialLevel $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )

    2.5.13.39 (certificateListMatch):     2.5.13.38 (certificateListExactMatch): matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) )

    2.5.13.35 (certificateMatch):     2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )

    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )

    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ mailPreferenceOption $ searchTimeLimit $ bindTimeLimit $ profileTTL $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )

    2.5.13.28 (generalizedTimeOrderingMatch): matchingRuleUse: ( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )

    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )

    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )

    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )

    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )

    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) )

    2.5.13.18 (octetStringOrderingMatch): matchingRuleUse: ( 2.5.13.18 NAME 'octetStringOrderingMatch' APPLIES ( userPassword $ olcDbCryptKey ) )

    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )

    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )

    2.5.13.15 (integerOrderingMatch): matchingRuleUse: ( 2.5.13.15 NAME 'integerOrderingMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ mailPreferenceOption $ searchTimeLimit $ bindTimeLimit $ profileTTL $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )

    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ mailPreferenceOption $ searchTimeLimit $ bindTimeLimit $ profileTTL $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )

    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcSpNoPresent $ olcSpReloadHint $ followReferrals $ dereferenceAliases ) )

    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) )

    2.5.13.9 (numericStringOrderingMatch): matchingRuleUse: ( 2.5.13.9 NAME 'numericStringOrderingMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )

    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )

    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )

    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ defaultServerList $ preferredServerList $ authenticationMethod $ serviceSearchDescriptor $ serviceAuthenticationMethod $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName ) )

    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat

----------

## charlieclark

Here's the rest of what I posted:

 $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ defaultServerList $ preferredServerList $ authenticationMethod $ serviceSearchDescriptor $ serviceAuthenticationMethod $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName ) )

    2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )

    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ defaultServerList $ preferredServerList $ authenticationMethod $ serviceSearchDescriptor $ serviceAuthenticationMethod $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName ) )

    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ defaultServerList $ preferredServerList $ authenticationMethod $ serviceSearchDescriptor $ serviceAuthenticationMethod $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ nisMapName ) )

    1.2.36.79672281.1.13.3 (rdnMatch):     2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect $ defaultSearchBase ) )

    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )

slapd startup: initiated.

backend_startup_one: starting "cn=config"

config_back_db_open

Backend ACL: access to *

	by * none

config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context

config_build_entry: "cn=config"

ldif_back_add: "cn=config"

oc_check_required entry (cn=config), objectClass "olcGlobal"

oc_check_allowed type "objectClass"

oc_check_allowed type "cn"

oc_check_allowed type "olcConfigFile"

oc_check_allowed type "olcConfigDir"

oc_check_allowed type "olcArgsFile"

oc_check_allowed type "olcAttributeOptions"

oc_check_allowed type "olcAuthzPolicy"

oc_check_allowed type "olcConcurrency"

oc_check_allowed type "olcConnMaxPending"

oc_check_allowed type "olcConnMaxPendingAuth"

oc_check_allowed type "olcGentleHUP"

oc_check_allowed type "olcIdleTimeout"

oc_check_allowed type "olcIndexSubstrIfMaxLen"

oc_check_allowed type "olcIndexSubstrIfMinLen"

oc_check_allowed type "olcIndexSubstrAnyLen"

oc_check_allowed type "olcIndexSubstrAnyStep"

oc_check_allowed type "olcIndexIntLen"

oc_check_allowed type "olcLocalSSF"

oc_check_allowed type "olcLogLevel"

oc_check_allowed type "olcPidFile"

oc_check_allowed type "olcReadOnly"

oc_check_allowed type "olcReverseLookup"

oc_check_allowed type "olcSockbufMaxIncoming"

oc_check_allowed type "olcSockbufMaxIncomingAuth"

oc_check_allowed type "olcThreads"

oc_check_allowed type "olcTLSCRLCheck"

oc_check_allowed type "olcTLSVerifyClient"

oc_check_allowed type "olcToolThreads"

oc_check_allowed type "olcWriteTimeout"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "cn=schema"

ldif_back_add: "cn=schema,cn=config"

oc_check_required entry (cn=schema,cn=config), objectClass "olcSchemaConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "cn"

oc_check_allowed type "olcObjectIdentifier"

oc_check_allowed type "olcAttributeTypes"

oc_check_allowed type "olcObjectClasses"

oc_check_allowed type "olcLdapSyntaxes"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "cn={0}core"

ldif_back_add: "cn={0}core,cn=schema,cn=config"

oc_check_required entry (cn={0}core,cn=schema,cn=config), objectClass "olcSchemaConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "cn"

oc_check_allowed type "olcAttributeTypes"

oc_check_allowed type "olcObjectClasses"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "cn={1}cosine"

ldif_back_add: "cn={1}cosine,cn=schema,cn=config"

oc_check_required entry (cn={1}cosine,cn=schema,cn=config), objectClass "olcSchemaConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "cn"

oc_check_allowed type "olcAttributeTypes"

oc_check_allowed type "olcObjectClasses"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "cn={2}duaconf"

ldif_back_add: "cn={2}duaconf,cn=schema,cn=config"

oc_check_required entry (cn={2}duaconf,cn=schema,cn=config), objectClass "olcSchemaConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "cn"

oc_check_allowed type "olcObjectIdentifier"

oc_check_allowed type "olcAttributeTypes"

oc_check_allowed type "olcObjectClasses"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "cn={3}inetorgperson"

ldif_back_add: "cn={3}inetorgperson,cn=schema,cn=config"

oc_check_required entry (cn={3}inetorgperson,cn=schema,cn=config), objectClass "olcSchemaConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "cn"

oc_check_allowed type "olcAttributeTypes"

oc_check_allowed type "olcObjectClasses"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "cn={4}nis"

ldif_back_add: "cn={4}nis,cn=schema,cn=config"

oc_check_required entry (cn={4}nis,cn=schema,cn=config), objectClass "olcSchemaConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "cn"

oc_check_allowed type "olcAttributeTypes"

oc_check_allowed type "olcObjectClasses"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "olcDatabase={-1}frontend"

ldif_back_add: "olcDatabase={-1}frontend,cn=config"

oc_check_required entry (olcDatabase={-1}frontend,cn=config), objectClass "olcDatabaseConfig"

oc_check_required entry (olcDatabase={-1}frontend,cn=config), objectClass "olcFrontendConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "olcDatabase"

oc_check_allowed type "olcAccess"

oc_check_allowed type "olcAddContentAcl"

oc_check_allowed type "olcLastMod"

oc_check_allowed type "olcMaxDerefDepth"

oc_check_allowed type "olcReadOnly"

oc_check_allowed type "olcSchemaDN"

oc_check_allowed type "olcSyncUseSubentry"

oc_check_allowed type "olcMonitoring"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "olcDatabase={0}config"

ldif_back_add: "olcDatabase={0}config,cn=config"

oc_check_required entry (olcDatabase={0}config,cn=config), objectClass "olcDatabaseConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "olcDatabase"

oc_check_allowed type "olcAccess"

oc_check_allowed type "olcAddContentAcl"

oc_check_allowed type "olcLastMod"

oc_check_allowed type "olcMaxDerefDepth"

oc_check_allowed type "olcReadOnly"

oc_check_allowed type "olcRootDN"

oc_check_allowed type "olcSyncUseSubentry"

oc_check_allowed type "olcMonitoring"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

config_build_entry: "olcDatabase={1}hdb"

ldif_back_add: "olcDatabase={1}hdb,cn=config"

oc_check_required entry (olcDatabase={1}hdb,cn=config), objectClass "olcHdbConfig"

oc_check_allowed type "objectClass"

oc_check_allowed type "olcDatabase"

oc_check_allowed type "olcSuffix"

oc_check_allowed type "olcAddContentAcl"

oc_check_allowed type "olcLastMod"

oc_check_allowed type "olcMaxDerefDepth"

oc_check_allowed type "olcReadOnly"

oc_check_allowed type "olcRootDN"

oc_check_allowed type "olcRootPW"

oc_check_allowed type "olcSyncUseSubentry"

oc_check_allowed type "olcMonitoring"

oc_check_allowed type "olcDbDirectory"

oc_check_allowed type "olcDbCacheSize"

oc_check_allowed type "olcDbCheckpoint"

oc_check_allowed type "olcDbNoSync"

oc_check_allowed type "olcDbDirtyRead"

oc_check_allowed type "olcDbIDLcacheSize"

oc_check_allowed type "olcDbIndex"

oc_check_allowed type "olcDbLinearIndex"

oc_check_allowed type "olcDbMode"

oc_check_allowed type "olcDbSearchStack"

oc_check_allowed type "olcDbShmKey"

oc_check_allowed type "olcDbCacheFree"

oc_check_allowed type "olcDbDNcacheSize"

oc_check_allowed type "structuralObjectClass"

oc_check_allowed type "entryUUID"

oc_check_allowed type "creatorsName"

oc_check_allowed type "createTimestamp"

oc_check_allowed type "entryCSN"

oc_check_allowed type "modifiersName"

oc_check_allowed type "modifyTimestamp"

ldif_back_add: err: 68 text: 

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=68 matched="" text=""

backend_startup_one: starting "dc=example,dc=com"

hdb_db_open: "dc=example,dc=com"

hdb_db_open: database "dc=example,dc=com": dbenv_open(/var/lib/openldap-data).

slapd starting

daemon: added 4r listener=(nil)

daemon: added 7r listener=0x1be6c50

daemon: added 8r listener=0x1be6d30

daemon: added 9r listener=0x1be6f00

daemon: added 10r listener=0x1be7000

daemon: added 11r listener=0x1be7130

daemon: epoll: listen=7 active_threads=0 tvp=zero

daemon: epoll: listen=8 active_threads=0 tvp=zero

daemon: epoll: listen=9 active_threads=0 tvp=zero

daemon: epoll: listen=10 active_threads=0 tvp=zero

daemon: epoll: listen=11 active_threads=0 tvp=zero

daemon: activity on 1 descriptor

daemon: activity on:

daemon: epoll: listen=7 active_threads=0 tvp=zero

daemon: epoll: listen=8 active_threads=0 tvp=zero

daemon: epoll: listen=9 active_threads=0 tvp=zero

daemon: epoll: listen=10 active_threads=0 tvp=zero

daemon: epoll: listen=11 active_threads=0 tvp=zero

server ~ # ldapsearch -x -D "cn=Manager,dc=example,dc=com" -W -LLL "(&(objectClass=posixAccount)(uid=charlie))"

Enter LDAP Password: 

dn: uid=charlie,ou=People,dc=example,dc=com

uid: charlie

cn: charlie

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: XXXXXXXXX

shadowLastChange: 15089

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 1000

gidNumber: 1001

server ~ # emerge --info openldap pam_ldap nss_ldap

Portage 2.1.9.42 (default/linux/amd64/10.0/server, gcc-4.4.5, libc-0-r0, 2.6.37-gentoo-r4-funky x86_64)

=================================================================

                        System Settings

=================================================================

System uname: Linux-2.6.37-gentoo-r4-funky-x86_64-Quad-Core_AMD_Opteron-tm-_Processor_1354-with-gentoo-1.12.14

Timestamp of tree: Sun, 24 Apr 2011 23:00:01 +0000

ccache version 2.4 [enabled]

app-shells/bash:     4.1_p9

dev-lang/python:     2.7.1-r1, 3.1.3-r1

dev-util/ccache:     2.4-r9

dev-util/cmake:      2.8.4

sys-apps/baselayout: 1.12.14-r1

sys-apps/sandbox:    2.4

sys-devel/autoconf:  2.65-r1

sys-devel/automake:  1.11.1

sys-devel/binutils:  2.20.1-r1

sys-devel/gcc:       4.4.5

sys-devel/gcc-config: 1.4.1

sys-devel/libtool:   2.2.10

sys-devel/make:      3.81-r2

sys-kernel/linux-headers: 2.6.36.1

virtual/os-headers:  0

ACCEPT_KEYWORDS="amd64"

ACCEPT_LICENSE="* -@EULA"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-O2 -march=native -pipe"

CHOST="x86_64-pc-linux-gnu"

CONFIG_PROTECT="/etc /var/bind"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-O2 -march=native -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"

FFLAGS=""

GENTOO_MIRRORS="ftp://gentoo.virginmedia.com/sites/gentoo http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ rsync://mirror.bytemark.co.uk/gentoo/"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="acl amd64 apache2 bash-completion berkdb bzip2 clamav cli cracklib crypt cxx fortran ftp gdbm iconv imap ipv6 ldap maildir mmx modules mp3 mudflap multilib mysql ncurses nls nptl nptlonly openmp pam pcre php readline samba session sse sse2 ssl static-libs sysfs syslog tcpd truetype udev unicode vim-syntax xml zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_default authn_file authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

=================================================================

                        Package Settings

=================================================================

net-nds/openldap-2.4.24 was built with the following:

USE="berkdb crypt ipv6 (multilib) samba ssl syslog tcpd -cxx -debug -experimental -gnutls -icu -iodbc -kerberos -minimal -odbc -overlays -perl -sasl (-selinux) -slp -smbkrb5passwd"

CFLAGS="-O2 -march=native -pipe -D_GNU_SOURCE"

CXXFLAGS="-O2 -march=native -pipe -D_GNU_SOURCE"

sys-auth/pam_ldap-183 was built with the following:

USE="(multilib) ssl -sasl"

sys-auth/nss_ldap-264-r1 was built with the following:

USE="(multilib) ssl -debug -kerberos -sasl"

Any help would be much appreaciated!!!!

Thanks,

Charlie

----------

## charlieclark

I have fixed it, you have to create an updated ebuild for nss-ldapd (now named nss-pam-ldapd), here are the required files:

sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.7.13.ebuild (the latest stable):

```
# Copyright 1999-2009 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss-ldapd/nss-ldapd-0.6.7-r1.ebuild,v 1.1 2009/04/02 18:50:35 cardoe Exp $

inherit eutils multilib

DESCRIPTION="NSS module for name lookups using LDAP"

HOMEPAGE="http://arthurdejong.org/nss-pam-ldapd/"

SRC_URI="http://arthurdejong.org/nss-pam-ldapd/${P}.tar.gz"

LICENSE="LGPL-2.1"

SLOT="0"

KEYWORDS="~amd64"

IUSE="debug kerberos sasl"

DEPEND="net-nds/openldap

      sasl? ( dev-libs/cyrus-sasl )

      kerberos? ( virtual/krb5 )

      !sys-auth/nss_ldap"

RDEPEND="${DEPEND}"

pkg_setup() {

   # create user and group

    ebegin "Creating nslcd group and user"

    enewgroup nslcd 500

    enewuser nslcd 500 -1 /usr/share/nslcd nslcd

}

src_compile() {

   # nss libraries always go in /lib on Gentoo

   econf --enable-warnings --with-ldap-lib=openldap $(use_enable debug) \

      --libdir=/$(get_libdir) \

      || die "econf failed"

   emake || die "emake failed"

}

src_install() {

   emake DESTDIR="${D}" install || die "make install failed"

   dodoc NEWS ChangeLog AUTHORS README

   # for socket and pid file

   keepdir /var/run/nslcd

   # init script

   newinitd "${FILESDIR}"/nslcd.rc nslcd

   # make an example copy

   insinto /usr/share/nslcd

   doins nslcd.conf

   fperms o-r /etc/nslcd.conf

}

pkg_postinst() {

   elog

   elog "For this to work you must configure /etc/nslcd.conf"

   elog "This configuration is similar to pam_ldap's /etc/ldap.conf"

   elog

   elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can"

   elog "start it like this:"

   elog "  # /etc/init.d/nslcd start"

   elog

   elog "You can add it to the default runlevel like so:"

   elog " # rc-update add nslcd default"

}
```

sys-auth/nss-pam-ldapd/files/nslcd.rc (the updated init.d script):

```
#!/sbin/runscript

# Copyright 1999-2008 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss-ldapd/files/nslcd.rc,v 1.2 2008/12/05 21:12:52 cardoe Exp $

opts="checkconfig"

depend() {

   need net   

   use dns logger

}

checkconfig() {

   if [ ! -f /etc/nslcd.conf ] ; then

      eerror "Please create /etc/nslcd.conf"

      eerror "Example config: /usr/share/nslcd/nslcd.conf"

      return 1

   fi

   return 0

}

start() {

   checkconfig || return $?

   ebegin "Starting nslcd"

   start-stop-daemon --start --pidfile /var/run/nslcd/nslcd.pid \

      --exec /usr/sbin/nslcd

   eend $? "Failed to start nslcd"

}

stop() {

   ebegin "Stopping nslcd"

   start-stop-daemon --stop --pidfile /var/run/nslcd/nslcd.pid

   eend $? "Failed to stop nslcd"

}
```

This howto will tell you what to do with these files: http://forums.funtoo.org/viewtopic.php?id=22

All you have to do then is configure nslcd.conf  :Smile: 

----------

## newtonian

This worked for me using the standard packages listed in the gentoo docs:

http://www.gentoo.org/doc/en/ldap-howto.xml as long as you add the config line below:

From this post:

http://www.gossamer-threads.com/lists/gentoo/user/157210

 *Quote:*   

> The developer list gave me the answer. Glibc checks for
> 
> group memberships of user ldap. A possible (temporary)
> 
> solution is to say in /etc/ldap.conf:

 

```
cat 'nss_initgroups_ignoreusers root,ldap' >> /etc/ldap.conf
```

----------

## hika

You also need pam_ldap beside nss_ldap and your system-auth in /etc/pam.d should look something like:

```
auth      required   pam_env.so 

auth      sufficient   pam_ldap.so try_first_pass ignore_authinfo_unavail ignore_unknown_user 

auth      required   pam_unix.so use_first_pass likeauth nullok 

auth      optional   pam_permit.so

 

account      sufficient   pam_ldap.so 

account      required   pam_unix.so 

account      optional   pam_permit.so

 

password   required   pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 

password   sufficient   pam_ldap.so try_first_pass use_authtok ignore_unknown_user ignore_authinfo_unavail 

password   required   pam_unix.so use_first_pass use_authtok nullok sha512 shadow 

password   optional   pam_permit.so

 

session      required   pam_limits.so 

session      required   pam_env.so 

session      required   pam_ldap.so 

session      required   pam_unix.so 

session      optional   pam_permit.so
```

and nsswitch.conf

```
#passwd:      compat

#shadow:      compat

#group:       compat

passwd:      files ldap

shadow:      files ldap

group:       files ldap

hosts:       files dns

networks:    files dns

services:    db files

protocols:   db files

rpc:         db files

ethers:      db files

netmasks:    files

netgroup:    files

bootparams:  files

automount:   files

aliases:     files
```

Hika

----------

