I'm experimenting with integrating Apple's OD as the authentication source, but the users and groups don't seem to be making it into the cache. As this is a testbed setup I don't have SSL/TLS turned on, and indeed I'm not even trying to authenticate yet.
The LDAP bind works correctly and I can see that the users are groups are being pulled into the raw cache. When I do
I get:
And when I dump the raw cache I get expected values from the Open Directory LDAP.
However, when I dump the cache itself I only get local users and groups. Ditto for doing getent passwd as per the documentation. It seems to me that something in the interpretation process is failing when presented with unexpected input.
Any clues on where I can look to debug the problem? Nothing obvious in /var/log/debug.log. I see that the cache update has picked up the expected LDAP entries, but the users and groups don't show up in the UI.
--Paul
The LDAP bind works correctly and I can see that the users are groups are being pulled into the raw cache. When I do
sudo /usr/local/www/freenasUI/tools/cacheutil.py keys
I get:
g key: staff
du key: uid=_ldap_replicator,cn=users,dc=einstein,dc=lcis,dc=bs
du key: uid=diradmin,cn=users,dc=einstein,dc=lcis,dc=bs
...
du key: uid=_ldap_replicator,cn=users,dc=einstein,dc=lcis,dc=bs
du key: uid=diradmin,cn=users,dc=einstein,dc=lcis,dc=bs
...
And when I dump the raw cache I get expected values from the Open Directory LDAP.
However, when I dump the cache itself I only get local users and groups. Ditto for doing getent passwd as per the documentation. It seems to me that something in the interpretation process is failing when presented with unexpected input.
Any clues on where I can look to debug the problem? Nothing obvious in /var/log/debug.log. I see that the cache update has picked up the expected LDAP entries, but the users and groups don't show up in the UI.
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:785] FreeNAS_LDAP_Base.get_users: enter
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:250] FreeNAS_LDAP_Directory.open: enter
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:257] FreeNAS_LDAP_Directory.open: uri = ldap://einstein.lcis.bs:389
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:260] FreeNAS_LDAP_Directory.open: initialized
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:297] FreeNAS_LDAP_Directory.open: trying to bind
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:221] FreeNAS_LDAP_Directory.open: (anonymous bind) trying to bind to einstein.lcis.bs:389
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:299] FreeNAS_LDAP_Directory.open: binded
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:311] FreeNAS_LDAP_Directory.open: connection open
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:313] FreeNAS_LDAP_Directory.open: leave
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:331] FreeNAS_LDAP_Directory._search: enter
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:333] FreeNAS_LDAP_Directory._search: basedn = 'cn=Users,dc=einstein,dc=lcis,dc=bs', filter = '(&(|(objectclass=person)(objectclass=posixaccount)(objectclass=account))(uid=*))'
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:363] FreeNAS_LDAP_Directory._search: pagesize = 1024
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:368] FreeNAS_LDAP_Directory._search: getting page 0
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:435] FreeNAS_LDAP_Directory._search: 5 results
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:436] FreeNAS_LDAP_Directory._search: leave
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:319] FreeNAS_LDAP_Directory.unbind: unbind
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:326] FreeNAS_LDAP_Directory.close: connection closed
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:809] FreeNAS_LDAP_Base.get_users: leave
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:250] FreeNAS_LDAP_Directory.open: enter
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:257] FreeNAS_LDAP_Directory.open: uri = ldap://einstein.lcis.bs:389
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:260] FreeNAS_LDAP_Directory.open: initialized
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:297] FreeNAS_LDAP_Directory.open: trying to bind
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:221] FreeNAS_LDAP_Directory.open: (anonymous bind) trying to bind to einstein.lcis.bs:389
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:299] FreeNAS_LDAP_Directory.open: binded
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:311] FreeNAS_LDAP_Directory.open: connection open
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:313] FreeNAS_LDAP_Directory.open: leave
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:331] FreeNAS_LDAP_Directory._search: enter
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:333] FreeNAS_LDAP_Directory._search: basedn = 'cn=Users,dc=einstein,dc=lcis,dc=bs', filter = '(&(|(objectclass=person)(objectclass=posixaccount)(objectclass=account))(uid=*))'
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:363] FreeNAS_LDAP_Directory._search: pagesize = 1024
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:368] FreeNAS_LDAP_Directory._search: getting page 0
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:435] FreeNAS_LDAP_Directory._search: 5 results
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:436] FreeNAS_LDAP_Directory._search: leave
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:319] FreeNAS_LDAP_Directory.unbind: unbind
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:326] FreeNAS_LDAP_Directory.close: connection closed
Jul 19 14:51:01 storage1 cachetool.py: [common.freenasldap:809] FreeNAS_LDAP_Base.get_users: leave
--Paul
