Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 606952 - Smart card login with ldap authentication needs performance improvements.
Smart card login with ldap authentication needs performance improvements.
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pam_pkcs11 (Show other bugs)
6.0
All Linux
low Severity medium
: rc
: 6.1
Assigned To: Bob Relyea
Chandrasekar Kannan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-22 15:37 EDT by Asha Akkiangady
Modified: 2015-01-04 18:42 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-22 18:15:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Asha Akkiangady 2010-06-22 15:37:33 EDT
Description of problem:
Smart card login with ldap authentication needs performance improvements. The ldap mapper is simply looping through the entire list of users before it finds the right one.

Version-Release number of selected component (if applicable):
pam_pkcs11-0.6.2-7.el6


How reproducible:


Steps to Reproduce:
1. Setup smart card authentication on Rhel 6 desktop as described in this sso document https://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/sso-ov.html.

2. Set up a ldap server and create user entry with the signing cert of the user.

3. Edit pam_pkcs11.conf file with the ldap mapper.

4. login to the desktop and run 'pklogin_finder debug'.

[tester@dhcp231-232 ~]$ pklogin_finder debug
DEBUG:pam_config.c:238: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:182: Initializing NSS ...
DEBUG:pkcs11_lib.c:192: Initializing NSS ... database=/etc/pki/nssdb
DEBUG:pkcs11_lib.c:210: ...  NSS Complete
DEBUG:pklogin_finder.c:71: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:222: Looking up module in list
DEBUG:pkcs11_lib.c:225: modList = 0x98af4e0 next = 0x98b94a0

DEBUG:pkcs11_lib.c:226: dllName= <null> 

DEBUG:pkcs11_lib.c:225: modList = 0x98b94a0 next = 0x0

DEBUG:pkcs11_lib.c:226: dllName= libcoolkeypk11.so 

DEBUG:pklogin_finder.c:79: initialising pkcs #11 module...
PIN for token: 
DEBUG:pkcs11_lib.c:48: PIN = [Secret123]
DEBUG:pkcs11_lib.c:745: cert 0: found (tester:signing key for tester),
"UID=tester,O=Token Key User"
DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
DEBUG:mapper_mgr.c:95: Loading dynamic module for mapper 'ldap'
DEBUG:ldap_mapper.c:846: test ssltls = off
DEBUG:ldap_mapper.c:848: LDAP mapper started.
DEBUG:ldap_mapper.c:849: debug         = 1
DEBUG:ldap_mapper.c:850: ignorecase    = 0
DEBUG:ldap_mapper.c:851: ldaphost      = wolverine.idm.lab.bos.redhat.com
DEBUG:ldap_mapper.c:852: ldapport      = 389
DEBUG:ldap_mapper.c:853: ldapURI       = 
DEBUG:ldap_mapper.c:854: scope         = 2
DEBUG:ldap_mapper.c:855: binddn        = cn=Directory Manager
DEBUG:ldap_mapper.c:856: passwd        = Secret123
DEBUG:ldap_mapper.c:857: base          =
ou=People,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
DEBUG:ldap_mapper.c:858: attribute     = userCertificate
DEBUG:ldap_mapper.c:859: filter        = (&(objectClass=posixAccount)(uid=%s))
DEBUG:ldap_mapper.c:860: searchtimeout = 20
DEBUG:ldap_mapper.c:861: ssl_on        = 0
DEBUG:ldap_mapper.c:863: tls_randfile  = 
DEBUG:ldap_mapper.c:864: tls_cacertfile= 
DEBUG:ldap_mapper.c:865: tls_cacertdir = 
DEBUG:ldap_mapper.c:866: tls_checkpeer = -1
DEBUG:ldap_mapper.c:867: tls_ciphers   = 
DEBUG:ldap_mapper.c:868: tls_cert      = 
DEBUG:ldap_mapper.c:869: tls_key       = 
DEBUG:mapper_mgr.c:197: Inserting mapper [ldap] into list
DEBUG:pklogin_finder.c:127: Found '1' certificate(s)
DEBUG:pklogin_finder.c:131: verifing the certificate #1
DEBUG:cert_vfy.c:34: Verifying Cert: tester:signing key for tester
(UID=tester,O=Token Key User)
DEBUG:pklogin_finder.c:145: Trying to deduce login from certificate
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'root'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = root
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=root))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'root' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'bin'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = bin
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=bin))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'bin' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'daemon'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = daemon
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=daemon))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'daemon' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'adm'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = adm
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=adm))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'adm' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'lp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = lp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=lp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'lp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'sync'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = sync
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=sync))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'sync' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'shutdown'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = shutdown
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=shutdown))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'shutdown' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'halt'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = halt
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=halt))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'halt' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'mail'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = mail
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=mail))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'mail' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'uucp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = uucp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=uucp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'uucp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'operator'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = operator
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=operator))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'operator' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'games'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = games
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=games))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'games' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'gopher'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = gopher
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=gopher))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'gopher' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'ftp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = ftp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=ftp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'ftp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nobody'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nobody
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nobody))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nobody' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'dbus'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = dbus
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=dbus))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'dbus' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'usbmuxd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = usbmuxd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=usbmuxd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'usbmuxd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'rpc'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = rpc
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=rpc))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'rpc' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'avahi-autoipd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = avahi-autoipd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=avahi-autoipd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'avahi-autoipd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nscd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nscd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nscd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nscd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'vcsa'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = vcsa
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=vcsa))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'vcsa' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'rtkit'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = rtkit
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=rtkit))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'rtkit' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'abrt'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = abrt
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=abrt))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'abrt' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'tcpdump'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = tcpdump
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=tcpdump))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'tcpdump' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'avahi'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = avahi
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=avahi))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'avahi' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'haldaemon'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = haldaemon
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=haldaemon))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'haldaemon' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'saslauth'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = saslauth
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=saslauth))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'saslauth' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'postfix'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = postfix
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=postfix))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'postfix' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'apache'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = apache
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=apache))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'apache' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nslcd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nslcd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nslcd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nslcd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'ntp'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = ntp
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=ntp))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'ntp' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'rpcuser'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = rpcuser
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=rpcuser))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'rpcuser' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'nfsnobody'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = nfsnobody
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=nfsnobody))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'nfsnobody' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'sshd'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = sshd
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=sshd))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'sshd' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'pulse'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = pulse
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=pulse))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'pulse' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'gdm'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = gdm
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=gdm))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 0
DEBUG:ldap_mapper.c:734: ldap_first_entry() failed: (null)
DEBUG:ldap_mapper.c:891: ldap_get_certificate() failed
DEBUG:ldap_mapper.c:937: Certificate map to user 'gdm' failed
DEBUG:ldap_mapper.c:930: Trying to match certificate with user: 'tester'
DEBUG:ldap_mapper.c:617: ldap_get_certificate(): begin login = tester
DEBUG:ldap_mapper.c:622: ldap_get_certificate(): filter_str =
(&(objectClass=posixAccount)(uid=tester))
DEBUG:ldap_mapper.c:580: added URI ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:681: ldap_get_certificate(): try do_open for
ldap://wolverine.idm.lab.bos.redhat.com:389
DEBUG:ldap_mapper.c:143: do_init():
DEBUG:ldap_mapper.c:413: Set connection timeout to 8
DEBUG:ldap_mapper.c:321: do_bind(): bind DN="cn=Directory Manager"
pass="Secret123"
DEBUG:ldap_mapper.c:354: do_bind rc=97
DEBUG:ldap_mapper.c:720: ldap_get_certificate(): entries = 1
DEBUG:ldap_mapper.c:745: attribute name = userCertificate;binary
DEBUG:ldap_mapper.c:750: number of user certificates = 1
DEBUG:ldap_mapper.c:791: d2i_X509(): success for certificate 0
DEBUG:ldap_mapper.c:805: ldap_get_certificate(): end
DEBUG:ldap_mapper.c:901: Certificate 0 is matching
DEBUG:ldap_mapper.c:933: Certificate maps to user 'tester'
DEBUG:pklogin_finder.c:151: Certificate is valid and maps to user tester
tester
DEBUG:mapper_mgr.c:214: unloading mapper module list
DEBUG:mapper_mgr.c:137: calling mapper_module_end() ldap
DEBUG:mapper_mgr.c:145: unloading module ldap
DEBUG:pklogin_finder.c:169: releasing pkcs #11 module...
DEBUG:pklogin_finder.c:172: Process completed  

  
Actual results:
The ldap mapper is simply looping (walking through the list) through the entire list of users on the system before it finds the right one. 

Expected results:
The correct way to search will be: perform an LDAP search for the user based on the certificate in hand and let the LDAP server come up with the DN of the user entry.

Additional info:
Comment 2 RHEL Product and Program Management 2010-06-22 15:53:14 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 5 Bob Relyea 2010-11-22 18:10:35 EST
as before, If someone with ldap expertise wants to help on this, I'll ack+ it, but I don't have the time to learn the ldap commands necessary to do this correctly.

bob
Comment 6 RHEL Product and Program Management 2010-11-22 18:15:01 EST
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.