/var/log/apache2/error.log [Thu Feb 06 09:32:01 2014] [error] [client xxx.xxx.xxx.100] PAM: user 'Administrator' - not authenticated: User not known to the underlying authentication module /var/log/syslog (mit slapd loglevel=385 = acl+stats+trace) Feb 6 09:31:58 projects slapd[6719]: slap_listener_activate(8): Feb 6 09:31:58 projects slapd[6719]: >>> slap_listener(ldap://:7389/) Feb 6 09:31:58 projects slapd[6719]: conn=1004 fd=30 ACCEPT from IP=xxx.xxx.xxx.230:35340 (IP=0.0.0.0:7389) Feb 6 09:31:58 projects slapd[6719]: connection_get(30): got connid=1004 Feb 6 09:31:58 projects slapd[6719]: connection_read(30): checking for input on id=1004 Feb 6 09:31:58 projects slapd[6719]: op tag 0x77, time 1391675518 Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=0 do_extended Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=0 STARTTLS Feb 6 09:31:58 projects slapd[6719]: send_ldap_extended: err=0 oid= len=0 Feb 6 09:31:58 projects slapd[6719]: send_ldap_response: msgid=1 tag=120 err=0 Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=0 RESULT oid= err=0 text= Feb 6 09:31:58 projects slapd[6719]: connection_get(30): got connid=1004 Feb 6 09:31:58 projects slapd[6719]: connection_read(30): checking for input on id=1004 Feb 6 09:31:58 projects slapd[6719]: connection_get(30): got connid=1004 Feb 6 09:31:58 projects slapd[6719]: connection_read(30): checking for input on id=1004 Feb 6 09:31:58 projects slapd[6719]: connection_read(30): unable to get TLS client DN, error=49 id=1004 Feb 6 09:31:58 projects slapd[6719]: conn=1004 fd=30 TLS established tls_ssf=256 ssf=256 Feb 6 09:31:58 projects slapd[6719]: connection_get(30): got connid=1004 Feb 6 09:31:58 projects slapd[6719]: connection_read(30): checking for input on id=1004 Feb 6 09:31:58 projects slapd[6719]: op tag 0x60, time 1391675518 Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=1 do_bind Feb 6 09:31:58 projects slapd[6719]: >>> dnPrettyNormal: <> Feb 6 09:31:58 projects slapd[6719]: <<< dnPrettyNormal: <>, <> Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=1 BIND dn="" method=128 Feb 6 09:31:58 projects slapd[6719]: do_bind: version=3 dn="" method=128 Feb 6 09:31:58 projects slapd[6719]: send_ldap_result: conn=1004 op=1 p=3 Feb 6 09:31:58 projects slapd[6719]: send_ldap_response: msgid=2 tag=97 err=0 Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=1 RESULT tag=97 err=0 text= Feb 6 09:31:58 projects slapd[6719]: do_bind: v3 anonymous bind Feb 6 09:31:58 projects slapd[6719]: connection_get(30): got connid=1004 Feb 6 09:31:58 projects slapd[6719]: connection_read(30): checking for input on id=1004 Feb 6 09:31:58 projects slapd[6719]: op tag 0x63, time 1391675518 Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=2 do_search Feb 6 09:31:58 projects slapd[6719]: >>> dnPrettyNormal: Feb 6 09:31:58 projects slapd[6719]: <<< dnPrettyNormal: , Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=2 SRCH base="dc=company,dc=tld" scope=2 deref=0 filter="(uid=administrator)" Feb 6 09:31:58 projects slapd[6719]: ==> limits_get: conn=1004 op=2 self="[anonymous]" this="dc=company,dc=tld" Feb 6 09:31:58 projects slapd[6719]: => bdb_search Feb 6 09:31:58 projects slapd[6719]: bdb_dn2entry("dc=company,dc=tld") Feb 6 09:31:58 projects slapd[6719]: => access_allowed: search access to "dc=company,dc=tld" "entry" requested Feb 6 09:31:58 projects slapd[6719]: => dn: [2] cn=admin,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: => acl_get: [3] attr entry Feb 6 09:31:58 projects slapd[6719]: => acl_mask: access to entry "dc=company,dc=tld", attr "entry" requested Feb 6 09:31:58 projects slapd[6719]: => acl_mask: to all values by "", (=0) Feb 6 09:31:58 projects slapd[6719]: <= check a_sockname_path: PATH=/var/run/slapd/ldapi Feb 6 09:31:58 projects slapd[6719]: <= check a_dn_pat: cn=admin,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: <= check a_dn_pat: uid=administrator,cn=users,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: <= check a_dn_pat: * Feb 6 09:31:58 projects slapd[6719]: <= acl_mask: [4] applying none(=0) (break) Feb 6 09:31:58 projects slapd[6719]: <= acl_mask: [4] mask: none(=0) Feb 6 09:31:58 projects slapd[6719]: => dn: [4] uid=administrator,cn=users,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: => dn: [5] uid=join-backup,cn=users,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: => dn: [6] uid=join-slave,cn=users,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: => acl_get: [7] attr entry Feb 6 09:31:58 projects slapd[6719]: => acl_mask: access to entry "dc=company,dc=tld", attr "entry" requested Feb 6 09:31:58 projects slapd[6719]: => acl_mask: to all values by "", (none(=0)) Feb 6 09:31:58 projects slapd[6719]: <= check a_dn_pat: cn=admin,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: <= check a_dn_pat: * Feb 6 09:31:58 projects slapd[6719]: <= acl_mask: [3] applying read(=rscxd) (break) Feb 6 09:31:58 projects slapd[6719]: <= acl_mask: [3] mask: read(=rscxd) Feb 6 09:31:58 projects slapd[6719]: => dn: [9] cn=admin-settings,cn=univention,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: => dnpat: [10] uid=([^,]+),cn=admin-settings,cn=univention,dc=company,dc=tld nsub: 1 Feb 6 09:31:58 projects slapd[6719]: => dn: [11] dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: => acl_get: [11] matched Feb 6 09:31:58 projects slapd[6719]: => dnpat: [12] ^univentionVirtualMachineUUID=([^,]+),cn=Information,cn=Virtual Machine Manager,dc=company,dc=tld nsub: 1 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [13] ^cn=Information,cn=Virtual Machine Manager,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [14] ^cn=([^,]+),cn=([^,]+),cn=temporary,cn=univention,dc=company,dc=tld nsub: 2 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [15] ^cn=([^,]+),cn=temporary,cn=univention,dc=company,dc=tld nsub: 1 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [16] ^cn=([^,]+),cn=temporary,cn=univention,dc=company,dc=tld nsub: 1 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [17] cn=computers,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [18] .*,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [19] .*,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [20] cn=.*,cn=dc,cn=computers,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [21] cn=.*,cn=memberserver,cn=computers,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => dnpat: [22] cn=.*,cn=memberserver,cn=computers,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => dn: [25] cn=idmap,cn=univention,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: => dnpat: [26] .*,cn=idmap,cn=univention,dc=company,dc=tld nsub: 0 Feb 6 09:31:58 projects slapd[6719]: => acl_get: [27] attr entry Feb 6 09:31:58 projects slapd[6719]: => acl_mask: access to entry "dc=company,dc=tld", attr "entry" requested Feb 6 09:31:58 projects slapd[6719]: => acl_mask: to all values by "", (read(=rscxd)) Feb 6 09:31:58 projects slapd[6719]: <= check a_dn_pat: cn=admin,dc=company,dc=tld Feb 6 09:31:58 projects slapd[6719]: <= check a_set_pat: user & [cn=Domain Admins,cn=groups,dc=company,dc=tld]/uniqueMember* Feb 6 09:31:58 projects slapd[6719]: <= check a_dn_pat: users Feb 6 09:31:58 projects slapd[6719]: <= check a_peername_path: xxx.xxx.xxx.231 Feb 6 09:31:58 projects slapd[6719]: <= acl_mask: no more clauses, returning =0 (stop) Feb 6 09:31:58 projects slapd[6719]: => slap_access_allowed: search access denied by =0 Feb 6 09:31:58 projects slapd[6719]: => access_allowed: no more rules Feb 6 09:31:58 projects slapd[6719]: send_ldap_result: conn=1004 op=2 p=3 Feb 6 09:31:58 projects slapd[6719]: OVER: rs->sr_err != LDAP_SUCCESS on "dc=company,dc=tld" ERR: 0x20 Feb 6 09:31:58 projects slapd[6719]: send_ldap_response: msgid=3 tag=101 err=32 Feb 6 09:31:58 projects slapd[6719]: conn=1004 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text= Feb 6 09:31:58 projects apache2: pam_ldap: ldap_search_s No such object