1. Authentication vs Authorization
Authentication is to verify you are really whom you said you are. The user to be authenticated must have something that no one else holds, which usually is a password.
Authorization is to verify you have the permissions to do certain things. It's usually based on a user's profile, like the group the user belongs to.
Authentication is the prerequisite of authorization. Someone cannot be authorized before he is authenticated.
2. Local authentication vs LDAP authentication vs Kerberos authentication
A Windows Active Directory DC server plays multiple roles besides LDAP. Kerberos KDC is another important role for AD DC servers.
Usually, AD clients use Kerberos to authenticate users as it's a much more secure way. However, the LDAP role played by AD DC servers is also able to authenticate users by itself.
LDAP authentication is also named "bind", for most LDAP products it used "userPassword" while AD used "unicodePwd" by default.
LDAP authentication is also named "bind", for most LDAP products it used "userPassword" while AD used "unicodePwd" by default.
Another important authentication method is local authentication. In this way, the application gets a user's password from any source (local file, LDAP database, ...) and compares it with the one user entered.
For AD, 'unicodePwd' cannot be read so it cannot be used for local authentication. The only way is to make use of the AD bind to authenticate a user.
In this article, we focus on LDAP authentication because it's much easier to understand and implement.
3. objectClass: posixAccount, posixGroup
Traditional Linux users' profile is stored in local files such as /etc/passwd, /etc/shadow, /etc/group/.
To provide the same information of a Linux user, the LDAP standard has some special object classes.
- posixAccount
- posixShadow
- posixGroup
Let's take a closer look at what attributes are included in those classes.
objectClass: posixAccount
{
cn:
uid:
uidNumber:
homeDirectory:
unixHomeDirectory:
loginShell:
gecos:
unixUserPassword:
userPassword:
}
objectClass: posixShadow
{
cn:
uid:
shadowExpire:
shadowFlag:
shadowInactive:
shadowLastChange:
shadowMin:
shadowMax:
shadowWarning:
userPassword:
}
objectClass: posixGroup
{
cn:
gidNumber:
memberUid:
unixUserPassword:
userPassword:
}
We can see that these classes hold the same attributes which are usually stored in local files.
4. Linux user management framework: nss and pam
Linux has a very extendable and flexible framework for user management. Instead of using a special way, it has a common interface for applications to call.
4.1 nss
"nss" stands for "Name Service Switch", which provides a common way to resolve names and look up information. The configure file is /etc/nsswitch.conf.
"nss" supports many different kinds of names, here we only care about the user names. To get a user's profile, "nss" provides some C functions for other applications to use, one of which is getpwuid.
#include <sys/types.h>
#include <pwd.h>
struct passwd *getpwuid(uid_t uid)
The benefit is that an application can use the same "getpwduid()" to look up a user's information saved in any source whether it's local files or LDAP server. The magic lies in /etc/nsswitch.conf.
$ grep passwd /etc/nsswitch.conf
passwd: files ldap
The "getpwuid()" automatically calls _nss_ldap_getpwuid_r() defined and exported in /usr/lib64/libnss_ldap.so to find user info.
The "nss" module's file name must be consistent to the one in /etc/nsswitch.conf file. If "XXX" is used in /etc/nsswitch.conf, the file name must be libnss_XXX.so.
For more details, please check https://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html#Name-Service-Switch.
In addition to the low-level functions, Linux also provides a command called "getent", which is very useful for debugging.
4.2 pam
"pam" stands for "Pluggable Authentication Modules". How to authenticate a user is so important that many different methods are used for security. Besides local authentication, as we said before, both LDAP and Kerberos provide authentication service. In order to support different authentication methods and keep the interface simple, Linux uses "pam".
Just like "nss", "pam" works the similar way. It has /etc/pam.d/* configure files to describe the process of authentication. All modules must obey the same rules so that the common interface functions can call them automatically.
On Linux, many applications need to authenticate users, such as "sshd", "login", "su", "sudo",....
These applications are all "pam-enabled", as they all use the "pam" lib under the hood. Different pam-enabled applications have their own configuration files, so "sshd" and "login" may use different processes to authenticate a user.
An authentication process consists of multiple steps calling "pam" modules which are .so files exporting a certain set of functions.
[root@host1 security]# ls /etc/pam.d/
chfn fingerprint-auth-ac password-auth remote smtp sudo-i vlock
chsh ksu password-auth-ac runuser smtp.postfix su-l
config-util login polkit-1 runuser-l sshd system-auth
crond other postlogin smartcard-auth su system-auth-ac
fingerprint-auth passwd postlogin-ac smartcard-auth-ac sudo systemd-user
[root@host1 pam.d]# cat sshd
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
Please be noticed that the complete .so file name is used so a pam "module" can be named whatever the author likes.
All pam modules are under /usr/lib64/security folder.
[root@host1 security]# ls /usr/lib64/security/
pam_access.so pam_faildelay.so pam_limits.so pam_postgresok.so pam_stress.so pam_unix_passwd.so
pam_cap.so pam_faillock.so pam_listfile.so pam_pwhistory.so pam_succeed_if.so pam_unix_session.so
pam_chroot.so pam_filter pam_localuser.so pam_pwquality.so pam_systemd.so pam_unix.so
pam_console.so pam_filter.so pam_loginuid.so pam_rhosts.so pam_tally2.so pam_userdb.so
pam_cracklib.so pam_ftp.so pam_mail.so pam_rootok.so pam_time.so pam_warn.so
pam_debug.so pam_group.so pam_mkhomedir.so pam_securetty.so pam_timestamp.so pam_wheel.so
pam_deny.so pam_issue.so pam_motd.so pam_selinux_permit.so pam_tty_audit.so pam_xauth.so
pam_echo.so pam_keyinit.so pam_namespace.so pam_selinux.so pam_umask.so
pam_env.so pam_lastlog.so pam_nologin.so pam_sepermit.so pam_unix_acct.so
pam_exec.so pam_ldap.so pam_permit.so pam_shells.so pam_unix_auth.so
For more details, please refer to http://www.linux-pam.org/Linux-PAM-html/.
4.3 Concept: How ldap can be used by Linux?
As any other sources, to use information stored in the LDAP database, "nss" and "pam" modules must be provided.
"nss" helps search users' profile like homedir, loginshell and groups; while "pam" implements the authentication logic.
For LDAP, the "nss" module should look like "/usr/lib64/libnss_ldap.so" and the "pam" module looks like "/usr/lib64/security/pam_ldap.so".
In the old days, there was a project called nss-pam-ldap providing both "nss" and "pam" modules for LDAP source. Because of its slowness, it has been replaced today.
For Linux, many projects for LDAP authentication exist, including open source and commercial software.
"nss-pam-ldapd" is such an open sourced project which also is called "nslcd". https://arthurdejong.org/nss-pam-ldapd/
"sssd" is another open source software providing more advanced features.https://docs.pagure.org/SSSD.sssd/
"Centrify" is commercial software with many other features.
5. nslcd / nss-pam-ldapd configuration on CentOS 7
5.1 Install nslcd
# yum install nss-pam-ldapd
Two important files in this package are the "nss" and "pam" modules.
[root@host1]# rpm -ql nss-pam-ldapd
/etc/nslcd.conf
/usr/lib/systemd/system/nslcd.service
/usr/lib/tmpfiles.d/nss-pam-ldapd.conf
/usr/lib64/libnss_ldap.so
/usr/lib64/libnss_ldap.so.2
/usr/lib64/security/pam_ldap.so
/usr/sbin/nslcd
/usr/share/doc/nss-pam-ldapd-0.8.13
/usr/share/doc/nss-pam-ldapd-0.8.13/AUTHORS
/usr/share/doc/nss-pam-ldapd-0.8.13/COPYING
/usr/share/doc/nss-pam-ldapd-0.8.13/ChangeLog
/usr/share/doc/nss-pam-ldapd-0.8.13/HACKING
/usr/share/doc/nss-pam-ldapd-0.8.13/NEWS
/usr/share/doc/nss-pam-ldapd-0.8.13/README
/usr/share/doc/nss-pam-ldapd-0.8.13/TODO
/usr/share/man/man5/nslcd.conf.5.gz
/usr/share/man/man8/nslcd.8.gz
/usr/share/man/man8/pam_ldap.8.gz
/var/run/nslcd
5.2 configure nslcd
nss-pam-ldapd has only one configuration file for itself. However "nss" and "pam" modules have their own configuration files too. So we have 3 files to configure.
- /etc/nslcd.conf
[root@host1 security]# cat /etc/nslcd.conf | grep -v ^# | grep -v '^$'
uid nslcd
gid ldap
uri ldap://192.168.0.11
base dc=smallstrong,dc=org
binddn CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org
bindpw Password123
base group ou=TestUsers,dc=smallstrong,dc=org
base passwd ou=TestUsers,dc=smallstrong,dc=org
The configuration is super easy and straight forward.
- uri: this is the LDAP server address
- base: the search base in LDAP
- binddn: AD doesn't allow anonymous access, so a valid user must be provided.
- bindpwd: the password of the binddn.
- base group: where to search the Linux group info.
- base passwd: where to search the Linux user info.
- /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
LDAP can store much other information in its database but we don't include them here since it's not related to user authentication.
- /etc/pam.d/
The configuration for PAMified apps is kind of complicated. Fortunately, we have a util tool "authconfig" which can update many files automatically.
"authconfig" will modify the follwing common files under /etc/pam.d/.
-rw-r--r--. 1 root root 1309 Jul 4 13:53 system-auth-ac-rw-r--r--. 1 root root 330 Jul 4 13:53 postlogin-ac-rw-r--r--. 1 root root 1311 Jul 4 13:53 password-auth-ac-rw-r--r--. 1 root root 877 Jul 4 13:53 fingerprint-auth-ac-rw-r--r--. 1 root root 927 Jul 4 13:53 smartcard-auth-ac
The other config files related to a specific app like sshd, login, su, will "include" these common files.
To enable ldap authentication and ldap lookup,
# authconfig --enableldap --enableldapauth --update
-rw-r--r--. 1 root root 1309 Jul 4 13:53 system-auth-ac
-rw-r--r--. 1 root root 330 Jul 4 13:53 postlogin-ac
-rw-r--r--. 1 root root 1311 Jul 4 13:53 password-auth-ac
-rw-r--r--. 1 root root 877 Jul 4 13:53 fingerprint-auth-ac
-rw-r--r--. 1 root root 927 Jul 4 13:53 smartcard-auth-ac
5.3 Configure users in AD
- create ou=TestUsers
- create a user 'user01' in ou=TestUsers
- Edit user01's attributes:
- objectClass: add 'posixAccount'. (Note: do NOT add "shadowAccount", as we don't use it)
- uid: user01
- uidNumber: 10001
- gidNumber: 20000
- homeDirectory: /home/smallstrong.org/user01
- loginShell: /bin/bash
- create group
- objectClass: add "posixGroup"
- cn: linux_group01
- gidNumber: 20000
5.4 debug nslcd
Stop nslcd service and run it as a foreground process in debug mode.
systemctl stop nslcd
nslcd -d
Now we can login the Linux as user01.
$ ssh user01@192.168.100.193
user01@192.168.100.193's password:
Last login: Fri Jul 5 23:30:13 2019 from gateway
[user01@host1 ~]$ id
uid=10001(user01) gid=20000(linux_group01) groups=20000(linux_group01) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
6. What's next?
Right now we can login as an AD user account, and get it's profile. We can even use AD to control a user's logon Hours.
- But we cannot control which Linux machines the user can log in to. As the Linux machine has been joined to AD as a Computer account.
- But we cannot change its password. Changing a AD user's password will be our next topic.
7. appendix: nslcd log
[root@host1 ~]# nslcd -d
nslcd: DEBUG: add_uri(ldap://192.168.0.11)
nslcd: version 0.8.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("nslcd",55) done
nslcd: DEBUG: setgid(55) done
nslcd: DEBUG: setuid(65) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [8b4567] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [7b23c6] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [7b23c6] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [7b23c6] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixGroup)(|(memberUid=user01)(member=CN=user01,OU=TestUsers,DC=smallstrong,DC=org)))")
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [3c9869] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [3c9869] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [334873] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [334873] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [334873] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [334873] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b0dc51] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [b0dc51] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b0dc51] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b0dc51] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [495cff] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [495cff] <authc="user01"> DEBUG: nslcd_pam_authc("user01","sshd","***")
nslcd: [495cff] <authc="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: myldap_search(base="CN=user01,OU=TestUsers,DC=smallstrong,DC=org", filter="(objectClass=*)")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=user01,OU=TestUsers,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_unbind()
nslcd: [495cff] <authc="user01"> DEBUG: bind successful
nslcd: [495cff] <authc="user01"> DEBUG: myldap_search(base="dc=smallstrong,dc=org", filter="(&(objectClass=shadowAccount)(uid=user01))")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [e8944a] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [e8944a] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [5558ec] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [5558ec] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [5558ec] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [5558ec] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [8e1f29] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [8e1f29] <authz="user01"> DEBUG: nslcd_pam_authz("user01","sshd","","gateway","ssh")
nslcd: [8e1f29] <authz="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: myldap_search(base="dc=smallstrong,dc=org", filter="(&(objectClass=shadowAccount)(uid=user01))")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [e87ccd] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [e87ccd] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [e87ccd] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [e87ccd] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [1b58ba] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [1b58ba] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [1b58ba] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [1b58ba] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [7ed7ab] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [7ed7ab] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [7ed7ab] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [7ed7ab] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b141f2] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [b141f2] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b141f2] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b141f2] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b71efb] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [b71efb] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b71efb] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b71efb] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [e2a9e3] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [e2a9e3] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [e2a9e3] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [e2a9e3] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [45e146] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [45e146] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [45e146] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [45e146] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [5f007c] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [5f007c] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [5f007c] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [5f007c] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [d062c2] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [d062c2] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [d062c2] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [d062c2] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [200854] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [200854] <sess_o="user01"> DEBUG: nslcd_pam_sess_o("user01","sshd","ssh","gateway","")
nslcd: [b127f8] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [b127f8] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b127f8] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b127f8] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [16231b] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [16231b] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [16231b] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [16231b] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [16e9e8] DEBUG: connection from pid=23996 uid=0 gid=20000
nslcd: [16e9e8] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [16e9e8] <group/member="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [16e9e8] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixGroup)(|(memberUid=user01)(member=CN=user01,OU=TestUsers,DC=smallstrong,DC=org)))")
nslcd: [16e9e8] <group/member="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [90cde7] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [90cde7] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: [90cde7] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [90cde7] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
nslcd: [ef438d] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [ef438d] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [ef438d] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [ef438d] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [0e0f76] DEBUG: connection from pid=23997 uid=10001 gid=20000
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [0e0f76] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: [0e0f76] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [0e0f76] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
nslcd: [52255a] DEBUG: connection from pid=23999 uid=10001 gid=20000
nslcd: [52255a] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [52255a] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [52255a] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
nslcd: [9cf92e] DEBUG: connection from pid=24003 uid=10001 gid=20000
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [9cf92e] <group=20000> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixGroup)(gidNumber=20000))")
nslcd: [9cf92e] <group=20000> DEBUG: ldap_result(): CN=linux_group01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [9cf92e] <group=20000> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [ed7263] DEBUG: connection from pid=24005 uid=10001 gid=20000
nslcd: [ed7263] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: [ed7263] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [ed7263] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: add_uri(ldap://192.168.0.11)
nslcd: version 0.8.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("nslcd",55) done
nslcd: DEBUG: setgid(55) done
nslcd: DEBUG: setuid(65) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [8b4567] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [8b4567] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [7b23c6] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [7b23c6] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [7b23c6] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixGroup)(|(memberUid=user01)(member=CN=user01,OU=TestUsers,DC=smallstrong,DC=org)))")
nslcd: [7b23c6] <group/member="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [3c9869] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [3c9869] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [3c9869] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [334873] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [334873] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [334873] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [334873] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b0dc51] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [b0dc51] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b0dc51] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b0dc51] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [495cff] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [495cff] <authc="user01"> DEBUG: nslcd_pam_authc("user01","sshd","***")
nslcd: [495cff] <authc="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: myldap_search(base="CN=user01,OU=TestUsers,DC=smallstrong,DC=org", filter="(objectClass=*)")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=user01,OU=TestUsers,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_unbind()
nslcd: [495cff] <authc="user01"> DEBUG: bind successful
nslcd: [495cff] <authc="user01"> DEBUG: myldap_search(base="dc=smallstrong,dc=org", filter="(&(objectClass=shadowAccount)(uid=user01))")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: rebinding to ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org
nslcd: [495cff] <authc="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org")
nslcd: [495cff] <authc="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [e8944a] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [e8944a] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_initialize(ldap://192.168.0.11)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_rebind_proc()
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://192.168.0.11")
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [e8944a] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [5558ec] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [5558ec] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [5558ec] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [5558ec] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [8e1f29] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [8e1f29] <authz="user01"> DEBUG: nslcd_pam_authz("user01","sshd","","gateway","ssh")
nslcd: [8e1f29] <authz="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: myldap_search(base="dc=smallstrong,dc=org", filter="(&(objectClass=shadowAccount)(uid=user01))")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://canada.smallstrong.org/DC=canada,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://ForestDnsZones.smallstrong.org/DC=ForestDnsZones,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.smallstrong.org/DC=DomainDnsZones,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://smallstrong.org/CN=Configuration,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: rebinding to ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_simple_bind_s("CN=serviceAccount1,OU=ServiceAccounts,DC=smallstrong,DC=org","***") (uri="ldap://DomainDnsZones.canada.smallstrong.org/DC=DomainDnsZones,DC=canada,DC=smallstrong,DC=org")
nslcd: [8e1f29] <authz="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [e87ccd] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [e87ccd] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [e87ccd] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [e87ccd] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [1b58ba] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [1b58ba] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [1b58ba] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [1b58ba] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [7ed7ab] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [7ed7ab] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [7ed7ab] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [7ed7ab] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b141f2] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [b141f2] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b141f2] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b141f2] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b71efb] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [b71efb] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b71efb] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b71efb] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [e2a9e3] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [e2a9e3] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [e2a9e3] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [e2a9e3] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [45e146] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [45e146] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [45e146] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [45e146] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [5f007c] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [5f007c] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [5f007c] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [5f007c] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [d062c2] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [d062c2] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [d062c2] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [d062c2] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [200854] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [200854] <sess_o="user01"> DEBUG: nslcd_pam_sess_o("user01","sshd","ssh","gateway","")
nslcd: [b127f8] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [b127f8] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [b127f8] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [b127f8] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [16231b] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [16231b] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [16231b] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [16231b] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [16e9e8] DEBUG: connection from pid=23996 uid=0 gid=20000
nslcd: [16e9e8] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [16e9e8] <group/member="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [16e9e8] <group/member="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixGroup)(|(memberUid=user01)(member=CN=user01,OU=TestUsers,DC=smallstrong,DC=org)))")
nslcd: [16e9e8] <group/member="user01"> DEBUG: ldap_result(): end of results (0 total)
nslcd: [90cde7] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [90cde7] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: [90cde7] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [90cde7] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
nslcd: [ef438d] DEBUG: connection from pid=23994 uid=0 gid=0
nslcd: [ef438d] <passwd="user01"> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uid=user01))")
nslcd: [ef438d] <passwd="user01"> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [ef438d] <passwd="user01"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [0e0f76] DEBUG: connection from pid=23997 uid=10001 gid=20000
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [0e0f76] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: [0e0f76] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [0e0f76] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
nslcd: [52255a] DEBUG: connection from pid=23999 uid=10001 gid=20000
nslcd: [52255a] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [52255a] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [52255a] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
nslcd: [9cf92e] DEBUG: connection from pid=24003 uid=10001 gid=20000
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [9cf92e] <group=20000> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixGroup)(gidNumber=20000))")
nslcd: [9cf92e] <group=20000> DEBUG: ldap_result(): CN=linux_group01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [9cf92e] <group=20000> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [ed7263] DEBUG: connection from pid=24005 uid=10001 gid=20000
nslcd: [ed7263] <passwd=10001> DEBUG: myldap_search(base="ou=TestUsers,dc=smallstrong,dc=org", filter="(&(objectClass=posixAccount)(uidNumber=10001))")
nslcd: [ed7263] <passwd=10001> DEBUG: ldap_result(): CN=user01,OU=TestUsers,DC=smallstrong,DC=org
nslcd: [ed7263] <passwd=10001> DEBUG: ldap_result(): end of results (1 total)
No comments:
Post a Comment