[Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)
Alexander Bokovoy
abokovoy at redhat.com
Tue Jan 12 10:30:17 UTC 2016
On Tue, 12 Jan 2016, CFMS Support wrote:
>Hi Alexander,
>
>These are the entries from /var/log/dirsrv/slapd-<INSTANC>/access
>
>[12/Jan/2016:10:22:13 +0000] conn=30642 fd=128 slot=128 connection from
>172.19.6.16 to 172.20.3.6
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 EXT
>oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 RESULT err=0 tag=120
>nentries=0 etime=0
>[12/Jan/2016:10:22:13 +0000] conn=30642 TLS1.2 128-bit AES-GCM
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 BIND
>dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk"
>method=128 version=3
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 RESULT err=0 tag=97 nentries=0
>etime=0 dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk"
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 SRCH
>base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2
>filter="(cn=*)" attrs="memberOf"
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 RESULT err=0 tag=101
>nentries=145 etime=0
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 UNBIND
>[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 fd=128 closed - U1
>
>This is where it's searching for a group that exists but it doesn't return
>any result.
That's not what I see. I see a search for all groups (filter "(cn=*)")
and retrieiving memberOf attribute of those. The result is 145 entries
which have memberOf attribute set, all returned to the client. What
client then does with this list is unknown.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list