Bug 606952

Summary:	Smart card login with ldap authentication needs performance improvements.
Product:	Red Hat Enterprise Linux 6	Reporter:	Asha Akkiangady <aakkiang>
Component:	pam_pkcs11	Assignee:	Bob Relyea <rrelyea>
Status:	CLOSED WONTFIX	QA Contact:	Chandrasekar Kannan <ckannan>
Severity:	medium	Docs Contact:
Priority:	low
Version:	6.0	CC:	benl, jmagne
Target Milestone:	rc
Target Release:	6.1
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2010-11-22 23:15:01 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Asha Akkiangady 2010-06-22 19:37:33 UTC

Description of problem:
Smart card login with ldap authentication needs performance improvements. The ldap mapper is simply looping through the entire list of users before it finds the right one.

Version-Release number of selected component (if applicable):
pam_pkcs11-0.6.2-7.el6


How reproducible:


Steps to Reproduce:
1. Setup smart card authentication on Rhel 6 desktop as described in this sso document https://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/sso-ov.html.

2. Set up a ldap server and create user entry with the signing cert of the user.

3. Edit pam_pkcs11.conf file with the ldap mapper.

4. login to the desktop and run 'pklogin_finder debug'.

[tester@dhcp231-232 ~]$ pklogin_finder debug
DEBUG:pam_config.c:238: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:182: Initializing NSS ...
DEBUG:pkcs11_lib.c:192: Initializing NSS ... database=/etc/pki/nssdb
DEBUG:pkcs11_lib.c:210: ...  NSS Complete
DEBUG:pklogin_finder.c:71: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:222: Looking up module in list
DEBUG:pkcs11_lib.c:225: modList = 0x98af4e0 next = 0x98b94a0

DEBUG:pkcs11_lib.c:226: dllName= <null> 

DEBUG:pkcs11_lib.c:225: modList = 0x98b94a0 next = 0x0

DEBUG:pkcs11_lib.c:226: dllName= libcoolkeypk11.so 

DEBUG:pklogin_finder.c:79: initialising pkcs #11 module...
PIN for token: 
DEBUG:pkcs11_lib.c:48: PIN = [Secret123]
DEBUG:pkcs11_lib.c:745: cert 0: found (tester:signing key for tester),
"UID=tester,O=Token Key User"
DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
DEBUG:mapper_mgr.c:95: Loading dynamic module for mapper 'ldap'
DEBUG:ldap_mapper.c:846: test ssltls = off
DEBUG:ldap_mapper.c:848: LDAP mapper started.
DEBUG:ldap_mapper.c:849: debug         = 1
DEBUG:ldap_mapper.c:850: ignorecase    = 0
DEBUG:ldap_mapper.c:851: ldaphost      = wolverine.idm.lab.bos.redhat.com
DEBUG:ldap_mapper.c:852: ldapport      = 389
DEBUG:ldap_mapper.c:853: ldapURI       = 
DEBUG:ldap_mapper.c:854: scope         = 2
DEBUG:ldap_mapper.c:855: binddn        = cn=Directory Manager
DEBUG:ldap_mapper.c:856: passwd        = Secret123
DEBUG:ldap_mapper.c:857: base          =
ou=People,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
DEBUG:ldap_mapper.c:858: attribute     = userCertificate
DEBUG:ldap_mapper.c:859: filter        = (&(objectClass=posixAccount)(uid=%s))
DEBUG:ldap_mapper.c:860: searchtimeout = 20
DEBUG:ldap_mapper.c:861: ssl_on        = 0
DEBUG:ldap_mapper.c:863: tls_randfile  = 
DEBUG:ldap_mapper.c:864: tls_cacertfile= 
DEBUG:ldap_mapper.c:865: tls_cacertdir = 
DEBUG:ldap_mapper.c:866: tls_checkpeer = -1
DEBUG:ldap_mapper.c:867: tls_ciphers   = 
DEBUG:ldap_mapper.c:868: tls_cert      = 
DEBUG:ldap_mapper.c:869: tls_key       = 
DEBUG:mapper_mgr.c:197: Inserting mapper [ldap] into list
DEBUG:pklogin_finder.c:127: Found '1' certificate(s)
DEBUG:pklogin_finder.c:131: verifing the certificate #1
DEBUG:cert_vfy.c:34: Verifying Cert: tester:signing key for tester
(UID=tester,O=Token Key User)
DEBUG:pklogin_finder.c:145: Trying to deduce login from certificate
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'root'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = root
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=root))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'root' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'bin'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = bin
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=bin))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'bin' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'daemon'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = daemon
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=daemon))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'daemon' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'adm'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = adm
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=adm))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'adm' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'lp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = lp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=lp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'lp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'sync'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = sync
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=sync))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'sync' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'shutdown'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = shutdown
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=shutdown))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'shutdown' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'halt'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = halt
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=halt))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'halt' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'mail'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = mail
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=mail))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'mail' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'uucp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = uucp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=uucp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'uucp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'operator'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = operator
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=operator))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'operator' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'games'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = games
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=games))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'games' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'gopher'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = gopher
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=gopher))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'gopher' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'ftp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = ftp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=ftp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'ftp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nobody'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nobody
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nobody))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nobody' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'dbus'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = dbus
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=dbus))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'dbus' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'usbmuxd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = usbmuxd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=usbmuxd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'usbmuxd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'rpc'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = rpc
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=rpc))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'rpc' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'avahi-autoipd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = avahi-autoipd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=avahi-autoipd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'avahi-autoipd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nscd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nscd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nscd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nscd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'vcsa'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = vcsa
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=vcsa))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'vcsa' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'rtkit'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = rtkit
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=rtkit))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'rtkit' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'abrt'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = abrt
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=abrt))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'abrt' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'tcpdump'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = tcpdump
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=tcpdump))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'tcpdump' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'avahi'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = avahi
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=avahi))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'avahi' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'haldaemon'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = haldaemon
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=haldaemon))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'haldaemon' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'saslauth'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = saslauth
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=saslauth))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'saslauth' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'postfix'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = postfix
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=postfix))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'postfix' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'apache'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = apache
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=apache))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'apache' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nslcd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nslcd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nslcd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nslcd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'ntp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = ntp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=ntp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'ntp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'rpcuser'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = rpcuser
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=rpcuser))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'rpcuser' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nfsnobody'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nfsnobody
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nfsnobody))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nfsnobody' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'sshd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = sshd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=sshd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'sshd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'pulse'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = pulse
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=pulse))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'pulse' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'gdm'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = gdm
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=gdm))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'gdm' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'tester'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = tester
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=tester))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 1
DEBUG:ldap_mapper.c:745: attribute name = userCertificate;binary
DEBUG:ldap_mapper.c:750: number of user certificates = 1
DEBUG:ldap_mapper.c:791: d2i_X509(): success for certificate 0
DEBUG:ldap_mapper.c:805: ldap_get_certificate(): end
DEBUG:ldap_mapper.c:901: Certificate 0 is matching
DEBUG:ldap_mapper.c:933: Certificate maps to user 'tester'
DEBUG:pklogin_finder.c:151: Certificate is valid and maps to user tester
tester
DEBUG:mapper_mgr.c:214: unloading mapper module list
DEBUG:mapper_mgr.c:137: calling mapper_module_end() ldap
DEBUG:mapper_mgr.c:145: unloading module ldap
DEBUG:pklogin_finder.c:169: releasing pkcs #11 module...
DEBUG:pklogin_finder.c:172: Process completed  

  
Actual results:
The ldap mapper is simply looping (walking through the list) through the entire list of users on the system before it finds the right one. 

Expected results:
The correct way to search will be: perform an LDAP search for the user based on the certificate in hand and let the LDAP server come up with the DN of the user entry.

Additional info:

Comment 2 RHEL Program Management 2010-06-22 19:53:14 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 5 Bob Relyea 2010-11-22 23:10:35 UTC

as before, If someone with ldap expertise wants to help on this, I'll ack+ it, but I don't have the time to learn the ldap commands necessary to do this correctly.

bob

Comment 6 RHEL Program Management 2010-11-22 23:15:01 UTC

Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.