Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1966 connectés 

  FORUM HardWare.fr
  Linux et OS Alternatifs
  Installation

  Problème de connexion bureau à distance sur Linux via xRDP et LDAP

 
 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

Problème de connexion bureau à distance sur Linux via xRDP et LDAP

n°1479614
jay31790
Posté le 22-11-2022 à 08:42:23  profilanswer
 

Bonjour
 
Voilà mon soucis.
 
J'ai une VM sous Rocky Linux 8.5 qui me sert de poste de développement.
Elle est connectée à un serveur LDAP qui se trouve sur une VM dédiée.
Je souhaite y accéder via le bureau à distance de mon poste de travail Windows.
xRDP a été installé sur la VM Rocky Linux.
 
J'ai des problèmes d'ouverture de sessions avec les comptes LDAP.
Voici ce qui fonctionne :

  • Ouverture d'une session ssh avec compte local à la VM
  • Ouverture d'une session ssh avec un compte LDAP
  • Ouverture d'une session graphique via Connexion Bureau à Distance avec un compte local à la VM


Voici ce qui ne fonctionne pas :

  • Ouverture d'une session graphique via Connexion Bureau à Distance avec un compte LDAP à la VM


Une boîte de dialogue s'ouvre sur le Bureau à distance avec le message suivant :


connection to sesman on 127.0.0.1:3350
sesman connect ok
sending login info to session manager. Please wait...
login failed for user usertest


 
Voici les logs xrdp.log de ma tentative d'ouverture de session :


[20221122-08:18:55] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:xx.xx.xxx.xx port 50694
[20221122-08:18:55] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20221122-08:18:55] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20221122-08:18:55] [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|HYBRID_EX|RDP], selected [SSL]
[20221122-08:18:56] [ERROR] SSL_read: I/O error
[20221122-08:18:56] [ERROR] libxrdp_force_read: header read error
[20221122-08:18:56] [ERROR] Processing [ITU-T T.125] Connect-Initial failed
[20221122-08:18:56] [ERROR] [MCS Connection Sequence] receive connection request failed
[20221122-08:18:56] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20221122-08:18:56] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20221122-08:18:56] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20221122-08:18:56] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20221122-08:18:56] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20221122-08:18:59] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:xx.xx.xxx.xx port 50695
[20221122-08:18:59] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20221122-08:18:59] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20221122-08:18:59] [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|HYBRID_EX|RDP], selected [SSL]
[20221122-08:18:59] [INFO ] Connected client computer name: PC_usertest
[20221122-08:18:59] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20221122-08:18:59] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20221122-08:18:59] [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x07], keyboard_subtype:[0x00], keylayout:[0x0000040C]
[20221122-08:18:59] [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [fr] options []
[20221122-08:18:59] [INFO ] TLS connection established from ::ffff:xx.xx.xxx.xx port 50695: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
[20221122-08:18:59] [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
[20221122-08:18:59] [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 10485760 MB cache entries 100
[20221122-08:18:59] [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
[20221122-08:18:59] [WARN ] xrdp_caps_process_codecs: unknown codec id 5
[20221122-08:18:59] [INFO ] xrdp_caps_process_codecs: RemoteFX, codec id 3, properties len 49
[20221122-08:18:59] [INFO ] Loading keymap file /etc/xrdp/km-0000040c.ini
[20221122-08:18:59] [WARN ] local keymap file for 0x0000040c found and doesn't match built in keymap, using local keymap file
[20221122-08:19:06] [INFO ] connecting to sesman on 127.0.0.1:3350
[20221122-08:19:06] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20221122-08:19:06] [INFO ] sesman connect ok
[20221122-08:19:06] [INFO ] sending login info to session manager. Please wait...
[20221122-08:19:10] [INFO ] xrdp_wm_log_msg: login failed for user usertest
[20221122-08:19:10] [INFO ] login failed for user usertest


 
Voici le contenu du fichier secure de ma tentative d'ouverture de session


Nov 22 08:18:18 localhost sshd[86994]: Accepted password for root from xx.xx.xxx.xx port 50687 ssh2
Nov 22 08:18:19 localhost sshd[86994]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 22 08:19:07 localhost xrdp-sesman[1310]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost=  user=usertest


 
Voici le contenu du fichier message de ma tentative d'ouverture de session


Nov 22 08:18:55 localhost xrdp[1312]: [INFO ] Socket 12: AF_INET6 connection received from ::ffff:xx.xx.xxx.xx port 50694
Nov 22 08:18:55 localhost xrdp[87063]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Nov 22 08:18:55 localhost xrdp[87063]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Nov 22 08:18:55 localhost xrdp[87063]: [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|HYBRID_EX|RDP], selected [SSL]
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] SSL_read: I/O error
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] libxrdp_force_read: header read error
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] Processing [ITU-T T.125] Connect-Initial failed
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] [MCS Connection Sequence] receive connection request failed
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] xrdp_iso_send: trans_write_copy_s failed
Nov 22 08:18:56 localhost xrdp[87063]: [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
Nov 22 08:18:59 localhost xrdp[1312]: [INFO ] Socket 12: AF_INET6 connection received from ::ffff:xx.xx.xxx.xx port 50695
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|HYBRID_EX|RDP], selected [SSL]
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] Connected client computer name: PC_usertest
Nov 22 08:18:59 localhost xrdp[87064]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
Nov 22 08:18:59 localhost xrdp[87064]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x07], keyboard_subtype:[0x00], keylayout:[0x0000040C]
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [fr] options []
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] TLS connection established from ::ffff:xx.xx.xxx.xx port 50695: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 10485760 MB cache entries 100
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
Nov 22 08:18:59 localhost xrdp[87064]: [WARN ] xrdp_caps_process_codecs: unknown codec id 5
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] xrdp_caps_process_codecs: RemoteFX, codec id 3, properties len 49
Nov 22 08:18:59 localhost xrdp[87064]: [INFO ] Loading keymap file /etc/xrdp/km-0000040c.ini
Nov 22 08:18:59 localhost xrdp[87064]: [WARN ] local keymap file for 0x0000040c found and doesn't match built in keymap, using local keymap file
Nov 22 08:19:06 localhost xrdp[87064]: [INFO ] connecting to sesman on 127.0.0.1:3350
Nov 22 08:19:06 localhost xrdp-sesman[1310]: [INFO ] Socket 14: AF_INET6 connection received from ::1 port 32804
Nov 22 08:19:06 localhost xrdp[87064]: [INFO ] xrdp_wm_log_msg: sesman connect ok
Nov 22 08:19:06 localhost xrdp[87064]: [INFO ] sesman connect ok
Nov 22 08:19:06 localhost xrdp[87064]: [INFO ] sending login info to session manager. Please wait...
Nov 22 08:19:10 localhost xrdp-sesman[1310]: [ERROR] pam_authenticate failed: Authentication failure
Nov 22 08:19:10 localhost xrdp-sesman[1310]: [INFO ] AUTHFAIL: user=usertest ip=::ffff:xx.xx.xxx.xx time=1669101550
Nov 22 08:19:10 localhost xrdp-sesman[1310]: [ERROR] sesman_data_in: scp_process_msg failed
Nov 22 08:19:10 localhost xrdp[87064]: [INFO ] login failed for user usertest


 
Voici le contenu du fichier xrdp-sesman.log de ma tentative d'ouverture de session


[20221122-08:19:06] [INFO ] Socket 14: AF_INET6 connection received from ::1 port 32804
[20221122-08:19:10] [ERROR] pam_authenticate failed: Authentication failure
[20221122-08:19:10] [INFO ] AUTHFAIL: user=usertest ip=::ffff:xx.xx.xxx.xx time=1669101550
[20221122-08:19:10] [ERROR] sesman_data_in: scp_process_msg failed
[20221122-08:19:10] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans


 
Je pense que c'est problème de configuration du pam mais je ne sais plus où chercher et je maitrise mal le service pam.d.
 
La conf pam du xrdp-sesman


#%PAM-1.0
# Generic Fedora config
auth       include      password-auth
account    include      password-auth
password   include      password-auth
session    include      password-auth
 
# Gnome specific Fedora config
# auth       include      gdm-password
# account    include      gdm-password
# password   include      gdm-password
# session    include      gdm-password


Nota: j'ai essayé de décommenter le Gnome specific Fedora config et de commenter le Generic Fedora config mais sans plus de résultat
 
La conf pam du xserver

#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
account    required     pam_permit.so
session    optional     pam_keyinit.so force revoke


 
La conf pam du gdm-password


# auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth        sufficient    pam_ldap.so
auth        substack      password-auth
auth        optional      pam_gnome_keyring.so
auth        include       postlogin
 
account     sufficient    pam_ldap.so
account     required      pam_nologin.so
account     include       password-auth
 
password    substack       password-auth
-password   optional       pam_gnome_keyring.so use_authtok
password    sufficient    pam_ldap.so try_first_pass
 
session     optional      pam_ldap.so
session     required      pam_selinux.so close
session     required      pam_loginuid.so
session     optional      pam_console.so
session     required      pam_selinux.so open
session     optional      pam_keyinit.so force revoke
session     required      pam_namespace.so
session     include       password-auth
session     optional      pam_gnome_keyring.so auto_start
session     include       postlogin


 
 
Merci de votre aide
:jap:


---------------
Achats/Ventes
mood
Publicité
Posté le 22-11-2022 à 08:42:23  profilanswer
 

n°1479615
XaTriX
Posté le 22-11-2022 à 10:37:40  profilanswer
 

et côté log du LDAP ?

Message cité 1 fois

---------------
"Xat le punk à chien facho raciste. C'est complexe comme personnage." caudacien 05/10/2020
n°1479616
jay31790
Posté le 22-11-2022 à 10:52:40  profilanswer
 

J'ai pour le moment pas accès au serveur LDAP, je dois passer par les admins sys pour y accéder.
Je vais voir avec eux et reviens avec les infos que je trouverais


---------------
Achats/Ventes
n°1479617
XaTriX
Posté le 22-11-2022 à 11:05:22  profilanswer
 

J'ai relu en prenant le temps, fais voir ton /etc/xrdp/sesman.ini ?

Message cité 1 fois

---------------
"Xat le punk à chien facho raciste. C'est complexe comme personnage." caudacien 05/10/2020
n°1479618
jay31790
Posté le 22-11-2022 à 11:39:59  profilanswer
 


XaTriX a écrit :

J'ai relu en prenant le temps, fais voir ton /etc/xrdp/sesman.ini ?


J'ai retiré toutes les lignes commentées pour raccourcir le contenu

[root@localhost xrdp]# grep -v -e ^";" sesman.ini -e "^$" -e ^"#"
[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
UserWindowManager=startwm.sh
DefaultWindowManager=startwm-bash.sh
ReconnectScript=reconnectwm.sh
[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
AlwaysGroupCheck=false
RestrictOutboundClipboard=none
RestrictInboundClipboard=none
[Sessions]
X11DisplayOffset=10
MaxSessions=50
KillDisconnected=false
DisconnectedTimeLimit=0
IdleTimeLimit=0
Policy=Default
[Logging]
LogFile=xrdp-sesman.log
LogLevel=INFO
EnableSyslog=true
[LoggingPerLogger]
[Xorg]
param=/usr/libexec/Xorg
param=-config
param=xrdp/xorg.conf
param=-noreset
param=-nolisten
param=tcp
param=-logfile
param=.xorgxrdp.%s.log
[Xvnc]
param=Xvnc
param=-bs
param=-nolisten
param=tcp
param=-localhost
param=-dpi
param=96
[Chansrv]
FuseMountName=thinclient_drives
FileUmask=077
[ChansrvLogging]
LogLevel=INFO
EnableSyslog=true
[ChansrvLoggingPerLogger]
[SessionVariables]
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
[root@localhost xrdp]#


 
 
 

XaTriX a écrit :

et côté log du LDAP ?


Uniquement des infos dans le fichier /var/log/dirsrv/slapd-ldap/errors


==> errors <==
[22/Nov/2022:11:28:55.883283804 +0100] - DEBUG - connection_table_dump_activity_to_errors_log - activity on 73r
[22/Nov/2022:11:28:55.885628881 +0100] - DEBUG - handle_pr_read_ready - read activity on 73
[22/Nov/2022:11:28:55.886921024 +0100] - DEBUG - connection_read_operation - connection 12890 read 138 bytes
[22/Nov/2022:11:28:55.888115247 +0100] - DEBUG - connection_threadmain - conn 12890 read operation successfully - thread_turbo_flag 0 more_data 0 ops_initiated 211 refcnt 2 flags 0
[22/Nov/2022:11:28:55.889354065 +0100] - DEBUG - connection_check_activity_level - conn 12890 activity level = 3
[22/Nov/2022:11:28:55.890514146 +0100] - DEBUG - connection_enter_leave_turbo - conn 12890 turbo rank = 8 out of 22 conns
[22/Nov/2022:11:28:55.891602852 +0100] - DEBUG - connection_enter_leave_turbo - conn 12890 entering turbo mode
[22/Nov/2022:11:28:55.892911056 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:55.894588784 +0100] - DEBUG - get_filter_internal - AND
[22/Nov/2022:11:28:55.895777173 +0100] - DEBUG - get_filter_list - =>
[22/Nov/2022:11:28:55.896974439 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:55.898237605 +0100] - DEBUG - get_filter_internal - PRESENT
[22/Nov/2022:11:28:55.899462487 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:55.900535775 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:55.901654263 +0100] - DEBUG - get_filter_internal - EQUALITY
[22/Nov/2022:11:28:55.902696014 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:55.903749490 +0100] - DEBUG - get_filter_list - <=
[22/Nov/2022:11:28:55.904777907 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:55.905981073 +0100] - DEBUG - slapi_str2filter - "objectclass=referral"
[22/Nov/2022:11:28:55.906936664 +0100] - DEBUG - slapi_str2filter - default
[22/Nov/2022:11:28:55.907928786 +0100] - DEBUG - str2simple - "objectclass=referral"
[22/Nov/2022:11:28:55.908986568 +0100] - DEBUG - filter_candidates_ext -        OR
[22/Nov/2022:11:28:55.909973911 +0100] - DEBUG - filter_candidates_ext -        AND
[22/Nov/2022:11:28:55.911100700 +0100] - DEBUG - filter_candidates_ext -        PRESENT
[22/Nov/2022:11:28:55.912367793 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:55.913569403 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:55.914512390 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:55.915608531 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:55.916651513 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:55.917671563 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:55.918765263 +0100] - DEBUG - slapi_filter_free - type 0xA1
[22/Nov/2022:11:28:55.919868351 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:55.920837401 +0100] - DEBUG - slapi_filter_dup - type 0xA0
[22/Nov/2022:11:28:55.921820967 +0100] - DEBUG - slapi_filter_dup - type 0x87
[22/Nov/2022:11:28:55.922854932 +0100] - DEBUG - slapi_filter_dup - type 0xA3
[22/Nov/2022:11:28:55.923888099 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:55.924902305 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:55.926495593 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - AND
[22/Nov/2022:11:28:55.927492426 +0100] - DEBUG - vattr_test_filter_list_and - =>
[22/Nov/2022:11:28:55.928410761 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:55.929377974 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:55.930359450 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - PRESENT
[22/Nov/2022:11:28:55.931336024 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=210 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:55.932406211 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:55.933437825 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:55.934410830 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:55.935411608 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - EQUALITY
[22/Nov/2022:11:28:55.936356707 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=210 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:55.937518742 +0100] - DEBUG - test_ava_filter - =>
[22/Nov/2022:11:28:55.938604399 +0100] - DEBUG - plugin_call_syntax_filter_ava_sv - => uid=usertest
[22/Nov/2022:11:28:55.939742293 +0100] - DEBUG - plugin_call_syntax_filter_ava - <= 0
[22/Nov/2022:11:28:55.940866927 +0100] - DEBUG - test_ava_filter - <= 0
[22/Nov/2022:11:28:55.942011455 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:55.942973199 +0100] - DEBUG - vattr_test_filter_list_and - <= 0
[22/Nov/2022:11:28:55.943908768 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:55.944974833 +0100] - DEBUG - NSACLPlugin - acl_read_access_allowed_on_entry - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:55.946148250 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:55.947160726 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:55.948617768 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:55.949672986 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:55.950749835 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:55.951848686 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:55.953081881 +0100] - DEBUG - flush_ber - Wrote 270 bytes to socket 73
[22/Nov/2022:11:28:55.954139262 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:55.955063685 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:55.956069408 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:55.957140807 +0100] - DEBUG - flush_ber - Wrote 15 bytes to socket 73
[22/Nov/2022:11:28:55.958108788 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:55.959001489 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:55.959995114 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:55.961108044 +0100] - DEBUG - connection_threadmain - conn 12890 check more_data 0 thread_turbo_flag 1repl_conn_bef 0, repl_conn_now 0
[22/Nov/2022:11:28:55.964203842 +0100] - DEBUG - connection_read_operation - connection 12890 waited 1 times for read to be ready
[22/Nov/2022:11:28:55.965460610 +0100] - DEBUG - connection_read_operation - connection 12890 read 138 bytes
[22/Nov/2022:11:28:55.966561460 +0100] - DEBUG - connection_threadmain - conn 12890 read operation successfully - thread_turbo_flag 1 more_data 0 ops_initiated 212 refcnt 2 flags 0
[22/Nov/2022:11:28:55.967609352 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:55.969081073 +0100] - DEBUG - get_filter_internal - AND
[22/Nov/2022:11:28:55.969999138 +0100] - DEBUG - get_filter_list - =>
[22/Nov/2022:11:28:55.970957730 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:55.971932190 +0100] - DEBUG - get_filter_internal - PRESENT
[22/Nov/2022:11:28:55.972937439 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:55.974072173 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:55.975166345 +0100] - DEBUG - get_filter_internal - EQUALITY
[22/Nov/2022:11:28:55.976373019 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:55.977492304 +0100] - DEBUG - get_filter_list - <=
[22/Nov/2022:11:28:55.978554278 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:55.979837157 +0100] - DEBUG - slapi_str2filter - "objectclass=referral"
[22/Nov/2022:11:28:55.980988701 +0100] - DEBUG - slapi_str2filter - default
[22/Nov/2022:11:28:55.982082561 +0100] - DEBUG - str2simple - "objectclass=referral"
[22/Nov/2022:11:28:55.983212906 +0100] - DEBUG - filter_candidates_ext -        OR
[22/Nov/2022:11:28:55.984286839 +0100] - DEBUG - filter_candidates_ext -        AND
[22/Nov/2022:11:28:55.985370884 +0100] - DEBUG - filter_candidates_ext -        PRESENT
[22/Nov/2022:11:28:55.986417570 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:55.987452266 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:55.988499230 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:55.989795636 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:55.990879648 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:55.991915046 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:55.992977751 +0100] - DEBUG - slapi_filter_free - type 0xA1
[22/Nov/2022:11:28:55.993925130 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:55.994955715 +0100] - DEBUG - slapi_filter_dup - type 0xA0
[22/Nov/2022:11:28:55.995937734 +0100] - DEBUG - slapi_filter_dup - type 0x87
[22/Nov/2022:11:28:55.996983916 +0100] - DEBUG - slapi_filter_dup - type 0xA3
[22/Nov/2022:11:28:55.998132226 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:55.999107616 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.000116306 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - AND
[22/Nov/2022:11:28:56.001028391 +0100] - DEBUG - vattr_test_filter_list_and - =>
[22/Nov/2022:11:28:56.001937493 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.002932745 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.003857635 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - PRESENT
[22/Nov/2022:11:28:56.004839375 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=211 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:56.005778577 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.006934624 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.007900185 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.008949020 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - EQUALITY
[22/Nov/2022:11:28:56.009995035 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=211 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:56.010955266 +0100] - DEBUG - test_ava_filter - =>
[22/Nov/2022:11:28:56.012039104 +0100] - DEBUG - plugin_call_syntax_filter_ava_sv - => uid=usertest
[22/Nov/2022:11:28:56.015984623 +0100] - DEBUG - plugin_call_syntax_filter_ava - <= 0
[22/Nov/2022:11:28:56.023997717 +0100] - DEBUG - test_ava_filter - <= 0
[22/Nov/2022:11:28:56.031072215 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.036779268 +0100] - DEBUG - vattr_test_filter_list_and - <= 0
[22/Nov/2022:11:28:56.038361896 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.040698552 +0100] - DEBUG - NSACLPlugin - acl_read_access_allowed_on_entry - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.044021060 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.049414449 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.051705241 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.052958518 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.054008569 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.055148362 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.056104473 +0100] - DEBUG - flush_ber - Wrote 270 bytes to socket 73
[22/Nov/2022:11:28:56.057045550 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:56.058103201 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:56.059013182 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.060109297 +0100] - DEBUG - flush_ber - Wrote 15 bytes to socket 73
[22/Nov/2022:11:28:56.061111238 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:56.062089419 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:56.063184500 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.064349015 +0100] - DEBUG - connection_threadmain - conn 12890 check more_data 0 thread_turbo_flag 1repl_conn_bef 0, repl_conn_now 0
[22/Nov/2022:11:28:56.067293527 +0100] - DEBUG - connection_read_operation - connection 12890 waited 1 times for read to be ready
[22/Nov/2022:11:28:56.068426840 +0100] - DEBUG - connection_read_operation - connection 12890 read 138 bytes
[22/Nov/2022:11:28:56.069738766 +0100] - DEBUG - connection_threadmain - conn 12890 read operation successfully - thread_turbo_flag 1 more_data 0 ops_initiated 213 refcnt 2 flags 0
[22/Nov/2022:11:28:56.070788071 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:56.071911425 +0100] - DEBUG - get_filter_internal - AND
[22/Nov/2022:11:28:56.072950520 +0100] - DEBUG - get_filter_list - =>
[22/Nov/2022:11:28:56.073937708 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:56.074980567 +0100] - DEBUG - get_filter_internal - PRESENT
[22/Nov/2022:11:28:56.076057103 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:56.077076279 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:56.078132683 +0100] - DEBUG - get_filter_internal - EQUALITY
[22/Nov/2022:11:28:56.079112035 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:56.080336826 +0100] - DEBUG - get_filter_list - <=
[22/Nov/2022:11:28:56.081447818 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:56.082605182 +0100] - DEBUG - slapi_str2filter - "objectclass=referral"
[22/Nov/2022:11:28:56.083831235 +0100] - DEBUG - slapi_str2filter - default
[22/Nov/2022:11:28:56.084874413 +0100] - DEBUG - str2simple - "objectclass=referral"
[22/Nov/2022:11:28:56.085949130 +0100] - DEBUG - filter_candidates_ext -        OR
[22/Nov/2022:11:28:56.086973894 +0100] - DEBUG - filter_candidates_ext -        AND
[22/Nov/2022:11:28:56.087943358 +0100] - DEBUG - filter_candidates_ext -        PRESENT
[22/Nov/2022:11:28:56.088954099 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:56.089922139 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:56.090869203 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:56.091908066 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:56.093052230 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:56.093946903 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:56.094942217 +0100] - DEBUG - slapi_filter_free - type 0xA1
[22/Nov/2022:11:28:56.096449117 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.097422233 +0100] - DEBUG - slapi_filter_dup - type 0xA0
[22/Nov/2022:11:28:56.098320358 +0100] - DEBUG - slapi_filter_dup - type 0x87
[22/Nov/2022:11:28:56.099238672 +0100] - DEBUG - slapi_filter_dup - type 0xA3
[22/Nov/2022:11:28:56.100158502 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.101073418 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.101992561 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - AND
[22/Nov/2022:11:28:56.102915193 +0100] - DEBUG - vattr_test_filter_list_and - =>
[22/Nov/2022:11:28:56.103827096 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.104839327 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.105783957 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - PRESENT
[22/Nov/2022:11:28:56.106878791 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=212 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:56.107905412 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.108949279 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.109935443 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.111103901 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - EQUALITY
[22/Nov/2022:11:28:56.112104266 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=212 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:56.113261291 +0100] - DEBUG - test_ava_filter - =>
[22/Nov/2022:11:28:56.114305076 +0100] - DEBUG - plugin_call_syntax_filter_ava_sv - => uid=usertest
[22/Nov/2022:11:28:56.115394491 +0100] - DEBUG - plugin_call_syntax_filter_ava - <= 0
[22/Nov/2022:11:28:56.116335119 +0100] - DEBUG - test_ava_filter - <= 0
[22/Nov/2022:11:28:56.117377880 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.118313878 +0100] - DEBUG - vattr_test_filter_list_and - <= 0
[22/Nov/2022:11:28:56.119292349 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.120309911 +0100] - DEBUG - NSACLPlugin - acl_read_access_allowed_on_entry - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.121456112 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.122485144 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.123555574 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.124481781 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.125442075 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.126379722 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.127319291 +0100] - DEBUG - flush_ber - Wrote 270 bytes to socket 73
[22/Nov/2022:11:28:56.128473301 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:56.129437343 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:56.130356386 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.131282932 +0100] - DEBUG - flush_ber - Wrote 15 bytes to socket 73
[22/Nov/2022:11:28:56.132201536 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:56.133121247 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:56.134024722 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.135025111 +0100] - DEBUG - connection_threadmain - conn 12890 check more_data 0 thread_turbo_flag 1repl_conn_bef 0, repl_conn_now 0
[22/Nov/2022:11:28:56.138023934 +0100] - DEBUG - connection_read_operation - connection 12890 waited 1 times for read to be ready
[22/Nov/2022:11:28:56.139686535 +0100] - DEBUG - connection_read_operation - connection 12890 read 138 bytes
[22/Nov/2022:11:28:56.140618830 +0100] - DEBUG - connection_threadmain - conn 12890 read operation successfully - thread_turbo_flag 1 more_data 0 ops_initiated 214 refcnt 2 flags 0
[22/Nov/2022:11:28:56.141593943 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:56.142515063 +0100] - DEBUG - get_filter_internal - AND
[22/Nov/2022:11:28:56.143630027 +0100] - DEBUG - get_filter_list - =>
[22/Nov/2022:11:28:56.144582167 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:56.145569001 +0100] - DEBUG - get_filter_internal - PRESENT
[22/Nov/2022:11:28:56.146524272 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:56.147667805 +0100] - DEBUG - get_filter_internal - ==>
[22/Nov/2022:11:28:56.148698853 +0100] - DEBUG - get_filter_internal - EQUALITY
[22/Nov/2022:11:28:56.149677040 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:56.150650954 +0100] - DEBUG - get_filter_list - <=
[22/Nov/2022:11:28:56.151653373 +0100] - DEBUG - get_filter_internal - <= 0
[22/Nov/2022:11:28:56.152758728 +0100] - DEBUG - slapi_str2filter - "objectclass=referral"
[22/Nov/2022:11:28:56.153732290 +0100] - DEBUG - slapi_str2filter - default
[22/Nov/2022:11:28:56.154682691 +0100] - DEBUG - str2simple - "objectclass=referral"
[22/Nov/2022:11:28:56.155564936 +0100] - DEBUG - filter_candidates_ext -        OR
[22/Nov/2022:11:28:56.156545638 +0100] - DEBUG - filter_candidates_ext -        AND
[22/Nov/2022:11:28:56.157663436 +0100] - DEBUG - filter_candidates_ext -        PRESENT
[22/Nov/2022:11:28:56.158613618 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:56.159509688 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:56.160450337 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:56.161437623 +0100] - DEBUG - filter_candidates_ext -        EQUALITY
[22/Nov/2022:11:28:56.162384194 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - =>
[22/Nov/2022:11:28:56.163346775 +0100] - DEBUG - slapi_attr_assertion2keys_ava_sv - => 0
[22/Nov/2022:11:28:56.164500985 +0100] - DEBUG - slapi_filter_free - type 0xA1
[22/Nov/2022:11:28:56.173661478 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.174427261 +0100] - DEBUG - slapi_filter_dup - type 0xA0
[22/Nov/2022:11:28:56.175212380 +0100] - DEBUG - slapi_filter_dup - type 0x87
[22/Nov/2022:11:28:56.176170325 +0100] - DEBUG - slapi_filter_dup - type 0xA3
[22/Nov/2022:11:28:56.177412556 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.178550908 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.179524048 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - AND
[22/Nov/2022:11:28:56.180887067 +0100] - DEBUG - vattr_test_filter_list_and - =>
[22/Nov/2022:11:28:56.182111792 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.183035307 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.183944978 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - PRESENT
[22/Nov/2022:11:28:56.185583467 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=213 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:56.186885489 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.188330199 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - =>
[22/Nov/2022:11:28:56.189897291 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <=
[22/Nov/2022:11:28:56.191374418 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - EQUALITY
[22/Nov/2022:11:28:56.192849236 +0100] - DEBUG - NSACLPlugin - acl_access_allowed - conn=12890 op=213 (main): Allow search on entry(uid=usertest,ou=people,dc=projecttest): root user
[22/Nov/2022:11:28:56.194273720 +0100] - DEBUG - test_ava_filter - =>
[22/Nov/2022:11:28:56.195829618 +0100] - DEBUG - plugin_call_syntax_filter_ava_sv - => uid=usertest
[22/Nov/2022:11:28:56.198006665 +0100] - DEBUG - plugin_call_syntax_filter_ava - <= 0
[22/Nov/2022:11:28:56.199339794 +0100] - DEBUG - test_ava_filter - <= 0
[22/Nov/2022:11:28:56.200766691 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.202158532 +0100] - DEBUG - vattr_test_filter_list_and - <= 0
[22/Nov/2022:11:28:56.203796323 +0100] - DEBUG - slapi_vattr_filter_test_ext_internal - <= 0
[22/Nov/2022:11:28:56.205157867 +0100] - DEBUG - NSACLPlugin - acl_read_access_allowed_on_entry - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.206653827 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.207934260 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.209315056 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.210947544 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.212273524 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.213560548 +0100] - DEBUG - NSACLPlugin - Root access (read) allowed on entry(uid=usertest,ou=people,dc=projecttest)
[22/Nov/2022:11:28:56.214974259 +0100] - DEBUG - flush_ber - Wrote 270 bytes to socket 73
[22/Nov/2022:11:28:56.216429038 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:56.217788983 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:56.218739586 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.219906718 +0100] - DEBUG - flush_ber - Wrote 15 bytes to socket 73
[22/Nov/2022:11:28:56.221028960 +0100] - DEBUG - slapi_filter_free - type 0xA0
[22/Nov/2022:11:28:56.222069889 +0100] - DEBUG - slapi_filter_free - type 0x87
[22/Nov/2022:11:28:56.223001807 +0100] - DEBUG - slapi_filter_free - type 0xA3
[22/Nov/2022:11:28:56.223986155 +0100] - DEBUG - connection_threadmain - conn 12890 check more_data 0 thread_turbo_flag 1repl_conn_bef 0, repl_conn_now 0
[22/Nov/2022:11:28:56.325204865 +0100] - DEBUG - connection_threadmain - conn 12890 read not ready due to 4 - thread_turbo_flag 1 more_data 0 ops_initiated 215 refcnt 2 flags 0
[22/Nov/2022:11:28:56.326684416 +0100] - DEBUG - connection_threadmain - conn 12890 leaving turbo mode due to 4
[22/Nov/2022:11:28:56.327854220 +0100] - DEBUG - connection_threadmain - conn 12890 check more_data 0 thread_turbo_flag 0repl_conn_bef 0, repl_conn_now 0
[22/Nov/2022:11:28:56.328908139 +0100] - DEBUG - connection_make_readable_nolock - making readable conn 12890 fd=73
[22/Nov/2022:11:28:56.330075324 +0100] - DEBUG - clear_signal - Listener got signaled


 
Merci de ton aide
:jap:


---------------
Achats/Ventes
n°1479620
jay31790
Posté le 22-11-2022 à 12:00:21  profilanswer
 

Petit complément en modifiant le fichier /etc/pam.d/xrdp-sesman pour inverser les commentaires :


[root@localhost pam.d]# cat xrdp-sesman
#%PAM-1.0
# Generic Fedora config
# auth       include      password-auth
# account    include      password-auth
# password   include      password-auth
# session    include      password-auth
 
# Gnome specific Fedora config
auth       include      gdm-password
account    include      gdm-password
password   include      gdm-password
session    include      gdm-password


 
J'obtiens un autre message de logs dans /var/log/xrdp-sesman.log


[20221122-11:55:39] [INFO ] Socket 14: AF_INET6 connection received from ::1 port 33256
[20221122-11:55:40] [INFO ] Terminal Server Users group is disabled, allowing authentication
[20221122-11:55:40] [INFO ] ++ created session (access granted): username usertest, ip ::ffff:xx.xx.xxx.xx:61408 - socket: 12
[20221122-11:55:40] [INFO ] starting Xvnc session...
[20221122-11:55:40] [INFO ] Starting session: session_pid 89316, display :10.0, width 1680, height 1050, bpp 32, client ip ::ffff:xx.xx.xxx.xx:61408 - socket: 12, user name usertest
[20221122-11:55:40] [INFO ] [session start] (display 10): calling auth_start_session from pid 89316
[20221122-11:55:40] [ERROR] sesman_data_in: scp_process_msg failed
[20221122-11:55:40] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20221122-11:56:06] [INFO ] Starting X server on display 10: Xvnc :10 -auth .Xauthority -geometry 1680x1050 -depth 32 -rfbauth /home/usertest/.vnc/sesman_passwd-usertest@localhost.localdomain:10 -bs -nolisten tcp -localhost -dpi 96


 
Mais l'erreur remontée par la connexion bureau à distance devient :


connecting to sesman on 127.0.0.1:3350
sesman connect ok
sending login info to session manager. Please wait...
login successful for user usertest on display 10
VNC started connecting
VNC connecting to 127.0.0.1 5910
VNC error - problem connecting
some problem
Error connecting to user session


Message édité par jay31790 le 22-11-2022 à 12:02:37

---------------
Achats/Ventes
n°1479621
XaTriX
Posté le 22-11-2022 à 13:53:08  profilanswer
 

Difficile de lire sur redface :D
Mais déjà essaie de vérifier si ton user appartient au groupe tsusers. Tu peux aussi commenter la ligne qui demande que ça fasse parti de ce groupe.
Tu peux aussi passer le log en debug pour avoir plus d'infos et tu peux aussi tester depuis une autre box linux avec remina et rdp pour voir si c'est pas windows le fautif.


---------------
"Xat le punk à chien facho raciste. C'est complexe comme personnage." caudacien 05/10/2020
n°1479623
jay31790
Posté le 22-11-2022 à 14:54:59  profilanswer
 

A priori, non, le user n'appartient pas au groupe tsusers.
J'ai essayer de modifier le TerminalServerUsers pour l'initialiser avec un des groupes de testuser mais sans succès.
 
Ceci dit, une info non présente dans mon message précédant puisque les commentaires avaient été retirés :
 


[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=false


J'en comprends que si AlwaysGroupCheck est à false (comme c'est le cas ici), le groupe n'est pas vérifié et donc tous les accès sont autorisés.
 
Je vais augmenter le niveau de log
Ensuite, pour le reste (test avec autre box linux), étant au taf, je n'ai pas forcément accès à tout ce dont je souhaite
 
:jap:


---------------
Achats/Ventes
n°1479650
jay31790
Posté le 23-11-2022 à 17:33:53  profilanswer
 

Bonjour
 
La suite des investigations du jour.
 
Je teste en parallèle l'ouverture de session via xrdp de 2 utilisateurs :

  • un utilisateur avec un compte local : la session s'ouvre normalement
  • un utilisateur avec un compte ldap : la session ne s'ouvre pas


En suivant les logs et les process qui démarrent ou pas dans les 2 cas, j'ai constaté des petites différences.
Cas de test identique dans les 2 cas :
1. depuis la fenêtre de connexion Bureau à Distance, je saisie les identifiants de connexion
2. en parallèle, depuis une console en root sur la machine cible, je monitore en temps réel le contenu du dossier /tmp/.X11-unix/
 

  • Compte local

Les identifiants sont validés
Le socket X apparait dans les 2 secondes dans le dossier /tmp/.X11-unix
La session s'ouvre
 

  • Compte ldap

Les identifiants sont validés
Le log de connexion indique l'erreur suivante :


connecting to sesman on 127.0.0.1:3350
sesman connect ok
sending login info to session manager. Please wait...
login successful for user testuser on display 10
VNC started connecting
VNC connecting to 127.0.0.1 5910
VNC error - problem connecting
some problem
Error connecting to user session


20 sec environ après le message d'erreur, le socket X10 apparait dans le dossier /tmp/.X11-unix
1 minutes après, le socket X10 disparaît du dossier /tmp/.X11-unix
 

  • Mes impressions :

On dirait que le serveur X met du temps à démarrer et qu'une sorte de TimeOut détecte cela comme une absence de serveur X.
Du coup, l'erreur claque alors que c'est juste un problème de latence.
Comme cette latence n'est pas visible sur un compte local, j'aurais tendance à incriminer le serveur LDAP qui mettrait du temps à répondre ou bien au service pam qui met du temps à passer à la suite, c'est à dire démarrer le serveur X.
 

  • Questions :

Comment pourrais-je valider mes hypothèses ?
Est-ce qu'un tel TimeOut est réellement présent et est-il configurable ?
...
 
Merci de votre aide
:jap:


Message édité par jay31790 le 23-11-2022 à 17:34:32

---------------
Achats/Ventes
n°1479658
jay31790
Posté le 24-11-2022 à 11:01:05  profilanswer
 

Allez la suite
(oui, j'aime bien me parler à moi-même :))
 
Ce matin, j'ai regardé un peu les délais d'ouverture de session (ou de non ouverture dans le cas des comptes LDAP) et en regardant dans le fichier /var/log/secure, j'ai constaté des délais dans les authentifications des modules du service pam.
 

  • compte local

Nov 24 08:47:00 localhost xrdp-sesman[10091]: pam_unix(xrdp-sesman:session): session opened for user localUser by (uid=0)


avec les données suivantes :
Validation identifiants sur la fenêtre de connexion RDP à 08:47:00
Apparition du socket /tmp/.X11-unix/X10 à 08:47:02
==> Ouverture de session
 

  • compte ldap

Nov 24 08:54:01 localhost xrdp-sesman[1249]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost=  user=ldapUser  
Nov 24 08:54:20 localhost systemd[19069]: pam_unix(systemd-user:session): session opened for user ldapUser by (uid=0)
Nov 24 08:54:26 localhost xrdp-sesman[18924]: pam_unix(xrdp-sesman:session): session opened for user ldapUser by (uid=0)


avec les données suivantes :
Validation identifiants sur la fenêtre de connexion RDP à 08:54:00
Apparition du socket /tmp/.X11-unix/X10 à 08:54:30
Message d'erreur dans la fenêtre de connextion RDP à 08:54:05
==> Pas d'ouverture de session


---------------
Achats/Ventes

Aller à :
Ajouter une réponse
  FORUM HardWare.fr
  Linux et OS Alternatifs
  Installation

  Problème de connexion bureau à distance sur Linux via xRDP et LDAP

 

Sujets relatifs
Comment installer Linux sans altérer mon bootDuplication d'un Linux
problème DNS netplan et resolv.confSamba 4 & W10 : problème accès simultané
Asus e402 - linux ou chrome os flexProblème détection microscope numérique sous Ubuntu
Abonnement à Linux Magazine ou Linux Pratique pour une alternance admikali-linux ne boot pas automatiquement
Nagios - Problème de lancementLinux sur portable ARM ? (MacBook, Galaxy Book S, Thinkpad X13s, ...)
Plus de sujets relatifs à : Problème de connexion bureau à distance sur Linux via xRDP et LDAP

Forum MesDiscussions.Net, Version 2010.2
(c) 2000-2011 Doctissimo
Page générée en 0.081 secondes

Copyright © 1997-2025 Groupe LDLC (Signaler un contenu illicite / Données personnelles)