Openldap

為什麼 slapd 記錄“connection_read(12): no connection!”?

  • September 24, 2019

為什麼 slapd 記錄“connection_read(12):沒有連接!” ?

這是全新安裝。

沒有其他連接。

消息也記錄在olcLogLevel: none

命令

kldap1 ~ # ldapwhoami 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

日誌

Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 fd=12 ACCEPT from PATH=/var/run/openldap/slapd.sock (PATH=/var/run/openldap/slapd.sock)
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=0 BIND dn="" method=163
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=0 RESULT tag=97 err=0 text=
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=1 EXT oid=1.3.6.1.4.1.4203.1.11.3
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=1 WHOAMI
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=1 RESULT oid= err=0 text=
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 op=2 UNBIND
Jul 25 15:24:37 kldap1 slapd[6137]: conn=1055 fd=12 closed
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!
Jul 25 15:24:37 kldap1 slapd[6137]: connection_read(12): no connection!

配置

kldap1 ~ # ldapsearch -b cn=config "(|(cn=config)(olcDatabase={-1}frontend)(olcDatabase={0}config))"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (|(cn=config)(olcDatabase={-1}frontend)(olcDatabase={0}config))
# requesting: ALL
#

# config
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/slapd.conf
olcConfigDir: /etc/openldap/slapd.d/
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 15
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noplain,noanonymous
olcSizeLimit: unlimited
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTimeLimit: unlimited
olcTLSCACertificatePath: /etc/ssl/certs/
olcTLSCRLCheck: none
olcTLSVerifyClient: try
olcToolThreads: 1
olcWriteTimeout: 0
olcLogLevel: stats

# {-1}frontend, config
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSizeLimit: unlimited
olcSyncUseSubentry: FALSE
olcTimeLimit: unlimited
olcMonitoring: FALSE

# {0}config, config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to *  by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3

slapd開始於-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'

包含**cldap://**會導致這種行為,原因我現在不打算弄清楚。如果有人可以清楚地回答為什麼會這樣,我會將已接受的答案更改為我們的答案。

本來不想回答我自己的問題,但偶然發現了答案,我想為什麼要浪費別人的時間。

引用自:https://serverfault.com/questions/411272