0

I try to setup an OpenLDAP-Server that I can use as backend for a WebSSO (LemonLDAP::NG). This specific WebSSO allows to store the sessions inside the LDAP backend. My problem is that it seems that whenever I connect to the LDAP backend to store session data ~1 out of 10 times it works, the other times LDAP rejects the authentication. Logs for failed attempts and for successful attempts can be found here

As you can see the maker of LemonLDAP::NG thinks the error is within OpenLDAP (or my configuration of OpenLDAP). I'm out of ideas and open to suggestions.

Erich Bauer
  • 111
  • 1
  • 7

1 Answers1

0

Looks like someone changes OpenLDAP DB during your session. Don't you have any processes with access to MDB file except this instance of OpenLDAP? It may be slapadd/slapmodify/2nd slapd instance with the same directory value in config.

If not, could you show your slapd.conf (don't forget to change rootpw)

Vadim Prozorov
  • 175
  • 7
  • It is a clean installation and no other process is running. Since all configuration is located inside the ldap Store there is no slapd.conf. This is a test system that will be wiped clean an all passwords will change even the IP will be different I can grant you access to the system so you can look around. This is my Facebook Profile for contact: https://www.facebook.com/iam.swtrse – Erich Bauer Dec 09 '15 at 09:02
  • Logs you offered show that monitored instance of `slapd` unexpectedly can't read value that was just read. It can be caused by: * OpenLDAP error (trust me, there are a lot of them) * OS errors (someone might modify DB file) * replication process (I don't know your config) So I recommend to enable auditlog, reproduce the trouble and analyze what modification were during test. # auditlog overlay auditlog auditlog /path/to/var/log/audit.log – Vadim Prozorov Dec 10 '15 at 09:25