openldap TLS multi master

Linux-haladó

Sziasztok!

Ubuntun openldap szervert építek, a módját ismerem, csináltam már.
Amit nem tudok, hogy ha TLS titkosítással szeretném kialakítani 2 szerverrel a multi master üzemmódot akkort hogyan kell bánni a certekkel?

Arra gondolok, hogy ha szinkronizálás után a második szerverre átkerül a cert akkor nem fog működni.
Ezt már egy leírásból is megtaláltam:
http://www.openldap.org/lists/openldap-software/200809/msg00058.html

Azt szeretném kérdezni, hogy aki ezt már összehozta, írja le mi a módja, hogyan kell megoldani a problémát?
A két szerver között és a szerverek és kliensek között is TLS lenne.

köszönöm

  • 3181 megtekintés

( battila | 2014. 12. 09., k – 11:54 )

Ha replikalod a cn=conf -t is, akkor a certifikaciokat ugyanugy hivd az fs-en. En synlinket csinaltam, es a konfiguralasnal ezt a nevet adtam meg neki. 


olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
olcTLSCertificateKeyFile: /etc/ssl/private/ldap-key.pem
olcTLSCertificateFile: /etc/ssl/certs/ldap-cert.pem

Csak arra kell ugyelni, hogy mindegyik gepen meglegyen a symlink. Igy nem dol a kardjaba szerencsetlen.

Le tudnál írni egy példát?
Mit, honnan,hova milyen névre pontosan?
Ezt a cert-es részt nem látom át?
Így tulajdonképpen a két szervernek egy közös certje van, tehát mindkét gépen ugyan az a 3 fájl kell?

Kicsit kezdőbb szinten írd már le kérlek, sokat segítene.

köszi

Generalsz cert-et mindegyik ldap szervernek. Gondolom self-signed. A rootCA-t telepited a gepekre, hogy mukodjon is. A certeket mindenki ugy nevezi el, ahogy akarja (naming policy).

Felmasolod a certeket a helyukre, ahol tarolod oket, en itt:
/etc/ssl/private/ldap-key.pem
/etc/ssl/certs/ldap-cert.pem

Vagyis ezek nalam symlinkek a valodi certekre.

Amikor bekonfiguralod az SSL-t, TLS-t, akkor az a cn=config replikacioja miatt mindegyik ldap-ban azonos lesz. Ezert kell a symlink, vagy atnevezes, ... Igy mukodi fog.

pl.:
az egyik gepen: 


lrwxrwxrwx 1 root root 45 Aug 24  2013 /etc/ssl/certs/ldap-cert.pem -> /etc/ssl/certs/server1.example.com-cert.pem

a masik gepen: 


lrwxrwxrwx 1 root root 44 Aug 24  2013 /etc/ssl/certs/ldap-cert.pem -> /etc/ssl/certs/server2.example.com-cert.pem

Vagy melyik resze nem vilagos?

Én azt nem értem mitől romlik el ha nincs symlink v átnevezés?
Ugye mindkét gépnek készül saját cert, az ldapba nem a cert kerül bele, csak a rá utaló konfig bejegyzés, hogy hol éri el.
Mit segít a symlink? Nem elég ha mindkét gép a saját konfigjában azonos nevet használ és a certek is azonos nevűek?

Ott romlik el, ohgy a cn=config-ban benne van az utvonal, hogy hol eri el a cert-et. Ha az osszes node-on nem ugyanott van es ugyanugy hivjak, akkor hal meg, mivel replikalod a cn=config-ot, amiben benne van a cert eleresi utvonala. De ha ugyanugy hivod mindegyik szervereden a certet (nem kell ugyanannak lennie, csak az allomany eleresenek) akkor jo.

Masik megoldas, hogy nem replikalod a cn=config-ot.

Ezt a leirast: https://help.ubuntu.com/12.04/serverguide/openldap-server.html
probaltam kovetni, de ez nem multi masteres, ezert valtottam erre

http://www.opensolutions.ie/blog/2013/01/multi-master-ldap-replication/
Amit viszont nem ertek, hogy miert kellene a ket serveren mas mas
SLAPD_SERVICES= erteket beallitani amikor ez replikalodni fog? Nem eleg csak ha magara mutat mindketto?

Vagy ide be lehet rakni ket erteket es errol van szo?

Ha netan van jobb, netan sajat leiras, kuldjetek.
Koszi

miert kellene a ket serveren mas mas SLAPD_SERVICES= erteket beallitani amikor ez replikalodni fog?

A SLAPD_SERVICES nem fog replikálódni, az ugyanis nem az OpenLDAP konfigurációja, hanem a host oprendszer futtatókörnyezeté; innen veszi a slapd indítóscriptje, hogy milyen CLI paraméterekkel kell futtatni a slapd binárist, a slapd bináris pedig a CLI paraméterekből fogja tudni, hogy milyen hálózati címe(ke)n kell neki figyelnie. Ergó itt mondod meg, hogy milyen IP címre/portra bindoljon. Ez lehet a gépeken eltérő (pl. ha konkrét IP címre akarsz bindolni), de lehet ugyanaz is, ha mondjuk a 0.0.0.0 címre bindolsz. Ez utóbbinak azért SSL esetén nincs túl sok értelme, mivel úgyis csak a tanúsítványban benne levő hostnévre connectálva fog rinyálás nélkül menni az SSL.

Nem eleg csak ha magara mutat mindketto?

De, elég, sőt, nem is fog működni, ha olyan nevet/IP címet írsz be, ami annak a gépnek nem a sajátja - nyilván a 0.0.0.0 mindegyiken működik.
Egyébként személy szerint nem tartom szerencsésnek, ha ide hostnév kerül IP cím helyet.

( openstep | 2014. 12. 15., h – 10:56 )

Meg valami:
A ket ldap server kozti TLS titkostashoz keszult certeken felul kell meg masik cert is ahhoz, hogy a kliens gepek szinten TLS-en kereztul kapcsolodhassanak mindket LDAP szerverhez?

Esetleg tudnal e nekem lepesreol-lepesre utasitast adni a TLS kialakitashoz?
A replikacio mar mukodik titkositas nelkul.

( Cajga | 2014. 12. 16., k – 16:07 )

Amikor nekem kellett multimaster set-up-ot csinalni OpenLDAP-al, akkor ez a cikk viszonylag sokat segitett.

( openstep | 2014. 12. 16., k – 18:06 )

Láttok ebben valamit ami arra utalhat, hogy a config miért csak az egyik irányba szinkronoz?

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
olcRootPW: blabla
olcSyncrepl: {0}rid=002 provider=ldap://server2/ binddn="cn=config" bindmetho
d=simple credentials=blabla searchbase="cn=config" type=refreshAndPersist r
etry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=003 provider=ldap://server3/ binddn="cn=config" bindmetho
d=simple credentials=blabla searchbase="cn=config" type=refreshAndPersist r
etry="5 5 300 5" timeout=1
olcMirrorMode: TRUE

dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov

dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=example,dc=com" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by *
read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: blablablablablablablabla
olcSyncrepl: {0}rid=004 provider=ldap://ipcim2 binddn="cn=admin,dc=exampl
e,dc=com" bindmethod=simple credentials=blabla searchbase="dc=example,dc=com
" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=005 provider=ldap://ipcim3 binddn="cn=admin,dc=exampl
e,dc=com" bindmethod=simple credentials=blabla searchbase="dc=example,dc=com
" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid eq,pres,sub

dn: olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov

Hello

kb 2 hete csináltam ilyet.

Ez egy jó leírás szerintem:
http://www.opensolutions.ie/blog/2013/01/multi-master-ldap-replication/

Amit hiányolok, az az olcServerID
Így add hozzá ha SSL felett akarsz replikálni:

cat < < EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldaps://serverX/
olcServerID: 2 ldaps://ServerY/
EOF

Arra figyelj, hogy a common name legyen a ServerX és ServerY helyén, különben debug lesz belőle :-)

Én is ezt a leírást használtam, és ez benne is volt a configomban. TLS nélkül szépen replikált mindkét irányba a config és a hdb is. Ezután a legyárott certeket élesítettem, de elmaradt a certek megfelelő joggal való ellátása és a chown is. Ekkor mindkét szerver megfeküdt. Szerintem ekkor zavarodott meg az egész és már nem találtam a hibát.

Holnap kipróbálom, csak azt nem értem, hogy akkor most mégis mitől tud replkálni egyik irányba de a másikba nem ha az
olcServerID: 1 ldaps://serverX/
olcServerID: 2 ldaps://ServerY/

rész nincs ott?
Ja és a hdb részen mindkét irányba replikál.

Ezek tenyleg kimaradtak
olcServerID: 1 ldaps://serverX/
olcServerID: 2 ldaps://ServerY/

igy mar mukodik TLS nelkul, viszont miutan a TLS-t beallitottam itt:
dn: olcDatabase={1}hdb,cn=config
........
olcSyncrepl: {0}rid=004 provider=ldap://ipcim binddn="cn=admin,dc=exampl
e,dc=com" bindmethod=simple credentials=titkos searchbase="dc=example,dc=com
" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1 sta
rttls=critical tls_reqcert=demand
olcSyncrepl: {1}rid=005 provider=ldap://ipcim binddn="cn=admin,dc=exampl
e,dc=com" bindmethod=simple credentials=titkos searchbase="dc=example,dc=com
" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1 sta
rttls=critical tls_reqcert=demand

a syslog ezt mutatja:
Dec 17 09:56:47 server2 slapd[1819]: slap_client_connect: URI=ldap://ipcim Error, ldap_start_tls failed (-11)

A replikacio azert megy.

Hogy lehetne tudni, hogy akkor mi is van?

Az olc-s hülyéskedés nélkül itt van egy működő multi-master setupot tesztelő script:
http://pastebin.com/fDjQkNyd

Kell neki egy könyvtár (BASEDIR), amiben alkothat, meg két szabad IP cím/hostname (LDAP1HOST/LDAP2HOST) a gépen. Fel lehet persze ugyanezt két gépen is húzni, de akkor nyilván a script felét az egyik gépen, a másik felét meg a másik gépen kéne futtatni.
A binárisok meg a gyári sémafájlok helye szintén ott van a script elején, nem tudom, hogy Ubuntun mi hol lakik, azokat utána kell majd húzni.

Ha valakinek kedve van, átírhatja olc-s verzióra is akár, de a lényeget szerintem ebből is (jobban) meg lehet érteni.

Az oda-vissza szinkronhoz mindkét szervernek be kell jelentkeznie a másikra, ez ugye nem egyidőben indított szervereknél nem fog egyszerre megtörténni, hiszen amelyik először indul, az nem tud rákapcsolódni a másikra kapásból, és majd valami timeout után talál csak oda. Rendes körülmények között ez a timeout akár perces nagyságrendű is lehet, azalatt az egyik irányba nem lesz szinkronizálás. (A teszt scriptben 2 másodpercre van letekerve a timeout)

Ha az ldap.conf fájlba (szintén disztribúciófüggő, hogy hol lakik) berakja az ember az TLS_CACERT <cacert.pem> sort, akkor environment hekkelés nélkül is menni fognak az ldap* kliens parancsok. A TLS_REQCERT allow is működik ugyanott, de azzal csak azt lehet elérni, hogy a kliensek ne ellenőrizzék a szerver tanúsítványt.

na most ott tartok, hogy a certeket felraktam mindkét gépre, az elsőt sikerült újraindítani, a másodikat nem, hiba:
main: TLS init def ctx failed: -1

Az első gépen készült a CA amit átmásoltam a másodikra, megfelelő helyekre, de nem találom okát, hogy mi a gond.
első gépen
ls -ls /etc/ssl/
total 52
4 -rw-r--r-- 1 root root 33 Dec 20 19:37 ca.info
28 drwxr-xr-x 2 root root 24576 Dec 20 20:53 certs
12 -rw-r--r-- 1 root root 10835 Jun 20 2014 openssl.cnf
4 drwx--x--- 2 root ssl-cert 4096 Dec 20 20:25 private
4 -rw-r--r-- 1 root root 122 Dec 20 19:43 uldap1.info

másodikon:
ls -la
total 52
drwxr-xr-x 4 root root 4096 Dec 20 15:16 .
drwxr-xr-x 90 root root 4096 Dec 20 20:55 ..
drwxr-xr-x 2 root root 24576 Dec 20 21:26 certs
-rw-r--r-- 1 root root 10835 Jun 20 2014 openssl.cnf
drwx--x--- 2 root ssl-cert 4096 Dec 20 20:58 private

ez szerint jártam el miután TLS nélkül működött a replikáció:
https://help.ubuntu.com/12.04/serverguide/openldap-server.html

We will generate the key/certificate on the Provider, to avoid having to create another CA certificate, and then transfer the necessary material over to the Consumer.
On the Provider,

Create a holding directory (which will be used for the eventual transfer) and then the Consumer's private key:

mkdir ldap02-ssl
cd ldap02-ssl
sudo certtool --generate-privkey \
--bits 1024 \
--outfile ldap02_slapd_key.pem
Create an info file, ldap02.info, for the Consumer server, adjusting it's values accordingly:

organization = Example Company
cn = ldap02.example.com
tls_www_server
encryption_key
signing_key
expiration_days = 3650
Create the Consumer's certificate:

sudo certtool --generate-certificate \
--load-privkey ldap02_slapd_key.pem \
--load-ca-certificate /etc/ssl/certs/cacert.pem \
--load-ca-privkey /etc/ssl/private/cakey.pem \
--template ldap02.info \
--outfile ldap02_slapd_cert.pem
Get a copy of the CA certificate:

cp /etc/ssl/certs/cacert.pem .
We're done. Now transfer the ldap02-ssl directory to the Consumer. Here we use scp (adjust accordingly):

cd ..
scp -r ldap02-ssl user@consumer:

A strace majd megmutatja, hogy mit nem talál meg a szerver. Valószínűleg valamelyik könyvtár vagy fájl neve, esetleg a permissionök nem stimmelnek. Vagy valahol nem írtad át az example.com-ot :D

Egyébként a mellékelt doksi Provider-Consumer, azaz master-slave replikációról ír folyamatosan, ami nem egyezik meg a master-master replikációval.

köszi
+++++++++++++++++++++
strace -v -f slapd
execve("/usr/sbin/slapd", ["slapd"], ["XDG_SESSION_ID=1", "SHELL=/bin/bash", "TERM=xterm-256color", "USER=root", "LS_COLORS=rs=0:di=01;34:ln=01;36"..., "MAIL=/var/mail/root", "PATH=/usr/local/sbin:/usr/local/"..., "PWD=/etc/ssl/private", "LANG=en_US.UTF-8", "SHLVL=1", "HOME=/root", "LANGUAGE=en_US:en", "LOGNAME=root", "LESSOPEN=| /usr/bin/lesspipe %s", "XDG_RUNTIME_DIR=/run/user/1000", "LESSCLOSE=/usr/bin/lesspipe %s %"..., "_=/usr/bin/strace", "OLDPWD=/etc/ssl"]) = 0
brk(0) = 0x7f957c9c4000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace6000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_dev=makedev(252, 0), st_ino=138337, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18657, st_atime=2014/12/20-22:18:42, st_mtime=2014/12/20-22:18:42, st_ctime=2014/12/20-22:18:42}) = 0
mmap(NULL, 18657, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f957ace1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\320\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280747, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=632, st_size=323056, st_atime=2014/12/20-15:15:31, st_mtime=2014/03/18-00:31:26, st_ctime=2014/12/20-15:15:27}) = 0
mmap(NULL, 2427656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957a875000
mprotect(0x7f957a8c2000, 2093056, PROT_NONE) = 0
mmap(0x7f957aac1000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4c000) = 0x7f957aac1000
mmap(0x7f957aac4000, 6920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f957aac4000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/liblber-2.4.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0+\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280748, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=120, st_size=59640, st_atime=2014/12/20-15:15:31, st_mtime=2014/03/18-00:31:26, st_ctime=2014/12/20-15:15:27}) = 0
mmap(NULL, 2154984, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957a666000
mprotect(0x7f957a673000, 2097152, PROT_NONE) = 0
mmap(0x7f957a873000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f957a873000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/libslp.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0PF\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=284137, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=144, st_size=73024, st_atime=2014/12/20-17:13:01, st_mtime=2012/05/03-08:40:03, st_ctime=2014/12/20-17:12:56}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace0000
mmap(NULL, 2168504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957a454000
mprotect(0x7f957a465000, 2093056, PROT_NONE) = 0
mmap(0x7f957a664000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0x7f957a664000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libsasl2.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`+\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280744, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=216, st_size=109296, st_atime=2014/12/20-15:15:31, st_mtime=2013/11/02-18:29:53, st_ctime=2014/12/20-15:15:27}) = 0
mmap(NULL, 2204624, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957a239000
mprotect(0x7f957a252000, 2097152, PROT_NONE) = 0
mmap(0x7f957a452000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f957a452000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\f\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=190, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=88, st_size=43368, st_atime=2014/12/20-15:10:58, st_mtime=2014/04/12-12:38:29, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 2327072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957a000000
mprotect(0x7f957a009000, 2097152, PROT_NONE) = 0
mmap(0x7f957a209000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f957a209000
mmap(0x7f957a20b000, 184864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f957a20b000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libslapi-2.4.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pu\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=284227, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=240, st_size=121128, st_atime=2014/12/20-17:13:01, st_mtime=2014/03/18-00:31:29, st_ctime=2014/12/20-17:12:57}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acdf000
mmap(NULL, 2217272, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9579de2000
mprotect(0x7f9579dff000, 2093056, PROT_NONE) = 0
mmap(0x7f9579ffe000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f9579ffe000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libltdl.so.7", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260$\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=261734, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=80, st_size=39496, st_atime=2014/12/20-17:13:01, st_mtime=2014/02/11-13:58:52, st_ctime=2014/12/20-17:12:55}) = 0
mmap(NULL, 2134736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9579bd8000
mprotect(0x7f9579be1000, 2093056, PROT_NONE) = 0
mmap(0x7f9579de0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x7f9579de0000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libwrap.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p-\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=16741, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=72, st_size=36632, st_atime=2014/12/20-15:16:37, st_mtime=2014/01/13-00:11:33, st_ctime=2014/12/20-15:15:34}) = 0
mmap(NULL, 2134176, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95799ce000
mprotect(0x7f95799d6000, 2093056, PROT_NONE) = 0
mmap(0x7f9579bd5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f9579bd5000
mmap(0x7f9579bd7000, 160, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9579bd7000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0po\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=270, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=280, st_size=141574, st_atime=2014/12/20-15:10:58, st_mtime=2014/04/12-12:38:32, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acde000
mmap(NULL, 2217264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95797b0000
mprotect(0x7f95797c9000, 2093056, PROT_NONE) = 0
mmap(0x7f95799c8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7f95799c8000
mmap(0x7f95799ca000, 13616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f95799ca000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\37\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=180, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=3608, st_size=1845024, st_atime=2014/12/20-15:10:57, st_mtime=2014/04/12-12:38:28, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 3953344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95793ea000
mprotect(0x7f95795a6000, 2093056, PROT_NONE) = 0
mmap(0x7f95797a5000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bb000) = 0x7f95797a5000
mmap(0x7f95797ab000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f95797ab000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320:\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=274, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=200, st_size=101240, st_atime=2014/12/20-15:10:59, st_mtime=2014/04/12-12:38:29, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 2206376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95791cf000
mprotect(0x7f95791e6000, 2097152, PROT_NONE) = 0
mmap(0x7f95793e6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f95793e6000
mmap(0x7f95793e8000, 6824, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f95793e8000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libgssapi.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\331\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280737, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=496, st_size=251872, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:26}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acdd000
mmap(NULL, 2347352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9578f91000
mprotect(0x7f9578fcb000, 2097152, PROT_NONE) = 0
mmap(0x7f95791cb000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3a000) = 0x7f95791cb000
mmap(0x7f95791ce000, 344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f95791ce000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libgnutls.so.26", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0d\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=264717, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=1520, st_size=775112, st_atime=2014/12/20-15:12:40, st_mtime=2014/06/01-20:35:18, st_ctime=2014/12/20-15:10:44}) = 0
mmap(NULL, 2872304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9578cd3000
mprotect(0x7f9578d89000, 2097152, PROT_NONE) = 0
mmap(0x7f9578f89000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb6000) = 0x7f9578f89000
mmap(0x7f9578f90000, 1008, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9578f90000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgcrypt.so.11", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\177\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=206, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=1024, st_size=520608, st_atime=2014/12/20-15:12:40, st_mtime=2013/12/17-13:18:26, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 2616960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9578a54000
mprotect(0x7f9578acf000, 2097152, PROT_NONE) = 0
mmap(0x7f9578ccf000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7b000) = 0x7f9578ccf000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=196, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=32, st_size=14664, st_atime=2014/12/20-15:10:58, st_mtime=2014/04/12-12:38:29, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acdc000
mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9578850000
mprotect(0x7f9578853000, 2093056, PROT_NONE) = 0
mmap(0x7f9578a52000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f9578a52000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libnsl.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`A\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=233, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=192, st_size=97296, st_atime=2014/12/20-15:10:58, st_mtime=2014/04/12-12:38:28, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 2202328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9578636000
mprotect(0x7f957864d000, 2093056, PROT_NONE) = 0
mmap(0x7f957884c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f957884c000
mmap(0x7f957884e000, 6872, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f957884e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libheimntlm.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300*\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280734, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=72, st_size=35856, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:26}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acdb000
mmap(NULL, 2130960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957842d000
mprotect(0x7f9578435000, 2093056, PROT_NONE) = 0
mmap(0x7f9578634000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f9578634000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libkrb5.so.26", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\304\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280731, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=1080, st_size=552584, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:26}) = 0
mmap(NULL, 2650544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95781a5000
mprotect(0x7f9578227000, 2093056, PROT_NONE) = 0
mmap(0x7f9578426000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x7f9578426000
mmap(0x7f957842c000, 432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f957842c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libasn1.so.8", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\234\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280698, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=1288, st_size=657712, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:25}) = 0
mmap(NULL, 2752816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9577f04000
mprotect(0x7f9577fa1000, 2097152, PROT_NONE) = 0
mmap(0x7f95781a1000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9d000) = 0x7f95781a1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libcom_err.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\24\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=189, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=32, st_size=14592, st_atime=2014/12/20-15:12:07, st_mtime=2014/02/19-12:31:01, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acda000
mmap(NULL, 2109896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9577d00000
mprotect(0x7f9577d03000, 2093056, PROT_NONE) = 0
mmap(0x7f9577f02000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f9577f02000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libhcrypto.so.4", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300g\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280719, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=400, st_size=204104, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:26}) = 0
mmap(NULL, 2303048, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9577acd000
mprotect(0x7f9577afd000, 2097152, PROT_NONE) = 0
mmap(0x7f9577cfd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x30000) = 0x7f9577cfd000
mmap(0x7f9577cff000, 1096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9577cff000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libroken.so.18", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pL\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280695, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=168, st_size=85680, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:25}) = 0
mmap(NULL, 2181216, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95778b8000
mprotect(0x7f95778cc000, 2093056, PROT_NONE) = 0
mmap(0x7f9577acb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x7f9577acb000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\36\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=298, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=200, st_size=100728, st_atime=2014/12/20-15:10:59, st_mtime=2013/05/13-14:42:58, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd9000
mmap(NULL, 2195784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957769f000
mprotect(0x7f95776b7000, 2093056, PROT_NONE) = 0
mmap(0x7f95778b6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f95778b6000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libtasn1.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320)\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=264743, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=160, st_size=80256, st_atime=2014/12/20-15:12:40, st_mtime=2014/07/18-22:20:09, st_ctime=2014/12/20-15:10:44}) = 0
mmap(NULL, 2176040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957748b000
mprotect(0x7f957749d000, 2097152, PROT_NONE) = 0
mmap(0x7f957769d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7f957769d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libp11-kit.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\321\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=264729, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=528, st_size=268368, st_atime=2014/12/20-15:12:40, st_mtime=2014/03/20-18:34:02, st_ctime=2014/12/20-15:10:44}) = 0
mmap(NULL, 2364496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9577249000
mprotect(0x7f9577284000, 2093056, PROT_NONE) = 0
mmap(0x7f9577483000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3a000) = 0x7f9577483000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\t\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=208, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18416, st_atime=2014/12/20-15:12:40, st_mtime=2013/12/03-13:28:25, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd8000
mmap(NULL, 2113648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9577044000
mprotect(0x7f9577048000, 2093056, PROT_NONE) = 0
mmap(0x7f9577247000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f9577247000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libwind.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280725, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=328, st_size=166040, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:26}) = 0
mmap(NULL, 2261152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9576e1b000
mprotect(0x7f9576e42000, 2097152, PROT_NONE) = 0
mmap(0x7f9577042000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x27000) = 0x7f9577042000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libheimbase.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20)\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280722, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=112, st_size=56768, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:26}) = 0
mmap(NULL, 2153112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9576c0d000
mprotect(0x7f9576c1a000, 2093056, PROT_NONE) = 0
mmap(0x7f9576e19000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f9576e19000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libhx509.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=280728, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=584, st_size=295816, st_atime=2014/12/20-15:15:31, st_mtime=2014/02/19-14:40:52, st_ctime=2014/12/20-15:15:26}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd7000
mmap(NULL, 2392104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95769c4000
mprotect(0x7f9576a09000, 2093056, PROT_NONE) = 0
mmap(0x7f9576c08000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x44000) = 0x7f9576c08000
mmap(0x7f9576c0c000, 40, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9576c0c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libsqlite3.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\235\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=264739, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=1480, st_size=754880, st_atime=2014/12/20-15:12:40, st_mtime=2014/01/02-17:52:08, st_ctime=2014/12/20-15:10:44}) = 0
mmap(NULL, 2851544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f957670b000
mprotect(0x7f95767bf000, 2097152, PROT_NONE) = 0
mmap(0x7f95769bf000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb4000) = 0x7f95769bf000
mmap(0x7f95769c3000, 728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f95769c3000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libffi.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\26\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=264701, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=64, st_size=30944, st_atime=2014/12/20-15:12:40, st_mtime=2014/03/28-10:50:09, st_ctime=2014/12/20-15:10:44}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd6000
mmap(NULL, 2127304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9576503000
mprotect(0x7f957650a000, 2093056, PROT_NONE) = 0
mmap(0x7f9576709000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f9576709000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd4000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd3000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957acd1000
arch_prctl(ARCH_SET_FS, 0x7f957acd1780) = 0
mprotect(0x7f95797a5000, 16384, PROT_READ) = 0
mprotect(0x7f9576709000, 4096, PROT_READ) = 0
mprotect(0x7f95799c8000, 4096, PROT_READ) = 0
mprotect(0x7f9578a52000, 4096, PROT_READ) = 0
mprotect(0x7f95769bf000, 8192, PROT_READ) = 0
mprotect(0x7f9577f02000, 4096, PROT_READ) = 0
mprotect(0x7f95793e6000, 4096, PROT_READ) = 0
mprotect(0x7f957a209000, 4096, PROT_READ) = 0
mprotect(0x7f9577acb000, 4096, PROT_READ) = 0
mprotect(0x7f95781a1000, 4096, PROT_READ) = 0
mprotect(0x7f9577cfd000, 4096, PROT_READ) = 0
mprotect(0x7f9577042000, 4096, PROT_READ) = 0
mprotect(0x7f9576e19000, 4096, PROT_READ) = 0
mprotect(0x7f9576c08000, 8192, PROT_READ) = 0
mprotect(0x7f9577247000, 4096, PROT_READ) = 0
mprotect(0x7f9577483000, 24576, PROT_READ) = 0
mprotect(0x7f957769d000, 4096, PROT_READ) = 0
mprotect(0x7f95778b6000, 4096, PROT_READ) = 0
mprotect(0x7f9578426000, 12288, PROT_READ) = 0
mprotect(0x7f9578634000, 4096, PROT_READ) = 0
mprotect(0x7f957884c000, 4096, PROT_READ) = 0
mprotect(0x7f9578ccf000, 4096, PROT_READ) = 0
mprotect(0x7f9578f89000, 24576, PROT_READ) = 0
mprotect(0x7f95791cb000, 4096, PROT_READ) = 0
mprotect(0x7f9579bd5000, 4096, PROT_READ) = 0
mprotect(0x7f9579de0000, 4096, PROT_READ) = 0
mprotect(0x7f9579ffe000, 4096, PROT_READ) = 0
mprotect(0x7f957a452000, 4096, PROT_READ) = 0
mprotect(0x7f957a664000, 4096, PROT_READ) = 0
mprotect(0x7f957a873000, 4096, PROT_READ) = 0
mprotect(0x7f957aac1000, 8192, PROT_READ) = 0
mprotect(0x7f957b014000, 16384, PROT_READ) = 0
mprotect(0x7f957ace8000, 4096, PROT_READ) = 0
munmap(0x7f957ace1000, 18657) = 0
set_tid_address(0x7f957acd1a50) = 6708
set_robust_list(0x7f957acd1a60, 24) = 0
futex(0x7fff6404f160, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f957acd1780) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f95797b69f0, [], SA_RESTORER|SA_SIGINFO, 0x7f95797c0340}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f95797b6a80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f95797c0340}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(0) = 0x7f957c9c4000
brk(0x7f957c9e5000) = 0x7f957c9e5000
futex(0x7f957748a400, FUTEX_WAKE_PRIVATE, 2147483647) = 0
uname({sysname="Linux", nodename="uldap2", release="3.13.0-32-generic", version="#57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014", machine="x86_64", domainname="(none)"}) = 0
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_dev=makedev(0, 16), st_ino=8481, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=170, st_atime=2014/12/20-15:54:51, st_mtime=2014/12/20-15:54:51, st_ctime=2014/12/20-15:54:51}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(3, "# Dynamic resolv.conf(5) file fo"..., 4096) = 170
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f957ace5000, 4096) = 0
uname({sysname="Linux", nodename="uldap2", release="3.13.0-32-generic", version="#57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014", machine="x86_64", domainname="(none)"}) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_dev=makedev(252, 0), st_ino=131318, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=475, st_atime=2014/12/20-15:10:58, st_mtime=2014/02/20-03:43:56, st_ctime=2014/12/20-15:10:42}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 475
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f957ace5000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_dev=makedev(252, 0), st_ino=138337, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18657, st_atime=2014/12/20-22:18:42, st_mtime=2014/12/20-22:18:42, st_ctime=2014/12/20-22:18:42}) = 0
mmap(NULL, 18657, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f957ace1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_dev=makedev(252, 0), st_ino=239, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=96, st_size=47712, st_atime=2014/12/20-15:10:58, st_mtime=2014/04/12-12:38:28, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 2144392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f95762f7000
mprotect(0x7f9576302000, 2093056, PROT_NONE) = 0
mmap(0x7f9576501000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f9576501000
close(3) = 0
mprotect(0x7f9576501000, 4096, PROT_READ) = 0
munmap(0x7f957ace1000, 18657) = 0
open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_dev=makedev(252, 0), st_ino=131118, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=92, st_atime=2014/12/20-15:13:20, st_mtime=2014/02/20-03:43:56, st_ctime=2014/12/20-15:10:42}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(3, "# The \"order\" line is only used "..., 4096) = 92
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f957ace5000, 4096) = 0
futex(0x7f95797ae3d0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_dev=makedev(252, 0), st_ino=138227, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=290, st_atime=2014/12/20-18:56:42, st_mtime=2014/12/20-18:55:59, st_ctime=2014/12/20-18:55:59}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(3, "#127.0.0.1\tlocalhost\n127.0.1.1\tu"..., 4096) = 290
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f957ace5000, 4096) = 0
open("/etc/ldap/ldap.conf", O_RDONLY) = 3
fstat(3, {st_dev=makedev(252, 0), st_ino=138258, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=353, st_atime=2014/12/20-21:18:32, st_mtime=2014/12/20-21:17:48, st_ctime=2014/12/20-21:17:48}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(3, "#\n# LDAP Defaults\n#\n\n# See ldap."..., 4096) = 353
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f957ace5000, 4096) = 0
geteuid() = 0
getuid() = 0
open("/root/ldaprc", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/root/.ldaprc", O_RDONLY) = -1 ENOENT (No such file or directory)
open("ldaprc", O_RDONLY) = -1 ENOENT (No such file or directory)
socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = 0
open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_dev=makedev(252, 0), st_ino=131269, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=2407, st_atime=2014/12/20-15:11:03, st_mtime=2014/12/20-15:11:01, st_ctime=2014/12/20-15:11:01}) = 0
fstat(4, {st_dev=makedev(252, 0), st_ino=131269, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=2407, st_atime=2014/12/20-15:11:03, st_mtime=2014/12/20-15:11:01, st_ctime=2014/12/20-15:11:01}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0"..., 4096) = 2407
lseek(4, -1536, SEEK_CUR) = 871
read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0"..., 4096) = 1536
close(4) = 0
munmap(0x7f957ace5000, 4096) = 0
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 162, MSG_NOSIGNAL, NULL, 0) = 162
uname({sysname="Linux", nodename="uldap2", release="3.13.0-32-generic", version="#57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014", machine="x86_64", domainname="(none)"}) = 0
stat("/etc/resolv.conf", {st_dev=makedev(0, 16), st_ino=8481, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=170, st_atime=2014/12/20-15:54:51, st_mtime=2014/12/20-15:54:51, st_ctime=2014/12/20-15:54:51}) = 0
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_dev=makedev(0, 16), st_ino=8481, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=170, st_atime=2014/12/20-15:54:51, st_mtime=2014/12/20-15:54:51, st_ctime=2014/12/20-15:54:51}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(4, "# Dynamic resolv.conf(5) file fo"..., 4096) = 170
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f957ace5000, 4096) = 0
uname({sysname="Linux", nodename="uldap2", release="3.13.0-32-generic", version="#57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014", machine="x86_64", domainname="(none)"}) = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_dev=makedev(252, 0), st_ino=138227, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=290, st_atime=2014/12/20-18:56:42, st_mtime=2014/12/20-18:55:59, st_ctime=2014/12/20-18:55:59}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(4, "#127.0.0.1\tlocalhost\n127.0.1.1\tu"..., 4096) = 290
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f957ace5000, 4096) = 0
getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=4*1024}) = 0
pipe([4, 5]) = 0
fcntl(5, F_GETFL) = 0x1 (flags O_WRONLY)
fcntl(5, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
epoll_create(1024) = 6
open("/etc/gai.conf", O_RDONLY|O_CLOEXEC) = 7
fstat(7, {st_dev=makedev(252, 0), st_ino=131115, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=2584, st_atime=2014/12/20-15:13:20, st_mtime=2012/10/10-17:35:46, st_ctime=2014/12/20-15:10:42}) = 0
fstat(7, {st_dev=makedev(252, 0), st_ino=131115, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=2584, st_atime=2014/12/20-15:13:20, st_mtime=2012/10/10-17:35:46, st_ctime=2014/12/20-15:10:42}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(7, "# Configuration for getaddrinfo("..., 4096) = 2584
read(7, "", 4096) = 0
close(7) = 0
munmap(0x7f957ace5000, 4096) = 0
futex(0x7f95797ac3c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(PF_NETLINK, SOCK_RAW, 0) = 7
bind(7, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(7, {sa_family=AF_NETLINK, pid=6708, groups=00000000}, [12]) = 0
sendto(7, "\24\0\0\0\26\0\1\3E\371\225T\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(7, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"D\0\0\0\24\0\2\0E\371\225T4\32\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 148
recvmsg(7, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0E\371\225T4\32\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(7, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0E\371\225T4\32\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(7) = 0
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 7
connect(7, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
getsockname(7, {sa_family=AF_INET6, sin6_port=htons(45400), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
connect(7, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
connect(7, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
getsockname(7, {sa_family=AF_INET6, sin6_port=htons(33452), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
close(7) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 7
setsockopt(7, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(7, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 8
setsockopt(8, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(8, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
bind(8, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
brk(0x7f957ca06000) = 0x7f957ca06000
open("/etc/ldap/sasl2/slapd.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/sasl2/slapd.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid() = 0
geteuid() = 0
getgid() = 0
getegid() = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/sasl2", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
getdents(9, {{d_ino=281474, d_off=399636166797045409, d_reclen=40, d_name="libntlm.so.2.0.25", d_type=DT_REG} {d_ino=281488, d_off=569643296481896748, d_reclen=40, d_name="libplain.so.2", d_type=DT_LNK} {d_ino=281482, d_off=1143639586141173993, d_reclen=32, d_name="liblogin.so", d_type=DT_LNK} {d_ino=281485, d_off=3005349473584177010, d_reclen=40, d_name="libcrammd5.so.2", d_type=DT_LNK} {d_ino=264427, d_off=3138838904056002916, d_reclen=24, d_name="..", d_type=DT_DIR} {d_ino=281479, d_off=3428283314944010375, d_reclen=40, d_name="libanonymous.so.2", d_type=DT_LNK} {d_ino=281486, d_off=3468328247182417489, d_reclen=40, d_name="libdigestmd5.so", d_type=DT_LNK} {d_ino=281470, d_off=3791885155798352620, d_reclen=40, d_name="libcrammd5.so.2.0.25", d_type=DT_REG} {d_ino=281472, d_off=5961068607234581313, d_reclen=40, d_name="liblogin.so.2.0.25", d_type=DT_REG} {d_ino=281471, d_off=6039175524808616099, d_reclen=40, d_name="libplain.so.2.0.25", d_type=DT_REG} {d_ino=281478, d_off=6238889278445020148, d_reclen=40, d_name="libanonymous.so", d_type=DT_LNK} {d_ino=281484, d_off=6647204439853444603, d_reclen=32, d_name="libntlm.so.2", d_type=DT_LNK} {d_ino=281487, d_off=7026098069011971300, d_reclen=40, d_name="libcrammd5.so", d_type=DT_LNK} {d_ino=280742, d_off=7256178463898551582, d_reclen=32, d_name="libsasldb.so", d_type=DT_LNK} {d_ino=281477, d_off=7258661367642104808, d_reclen=32, d_name="libntlm.so", d_type=DT_LNK} {d_ino=280743, d_off=7598412477394108419, d_reclen=40, d_name="libsasldb.so.2", d_type=DT_LNK} {d_ino=280741, d_off=8162582308095296230, d_reclen=40, d_name="libsasldb.so.2.0.25", d_type=DT_REG} {d_ino=281473, d_off=8388569936036063163, d_reclen=48, d_name="libdigestmd5.so.2.0.25", d_type=DT_REG} {d_ino=281483, d_off=8445457424879158369, d_reclen=40, d_name="liblogin.so.2", d_type=DT_LNK} {d_ino=281475, d_off=8537470477263743391, d_reclen=48, d_name="libanonymous.so.2.0.25", d_type=DT_REG} {d_ino=281480, d_off=8782767498341268714, d_reclen=40, d_name="libdigestmd5.so.2", d_type=DT_LNK} {d_ino=280740, d_off=8959538882952904184, d_reclen=24, d_name=".", d_type=DT_DIR} {d_ino=281481, d_off=9223372036854775807, d_reclen=32, d_name="libplain.so", d_type=DT_LNK}}, 32768) = 864
futex(0x7f9578a530d0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\17\0\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=281472, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18496, st_atime=2014/12/20-17:13:02, st_mtime=2013/11/02-18:29:54, st_ctime=2014/12/20-15:15:39}) = 0
mmap(NULL, 2113776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f95760f2000
mprotect(0x7f95760f6000, 2093056, PROT_NONE) = 0
mmap(0x7f95762f5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x3000) = 0x7f95762f5000
close(10) = 0
mprotect(0x7f95762f5000, 4096, PROT_READ) = 0
open("/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\31\0\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=281473, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=112, st_size=55752, st_atime=2014/12/20-17:13:02, st_mtime=2013/11/02-18:29:54, st_ctime=2014/12/20-15:15:39}) = 0
mmap(NULL, 2151048, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f9575ee4000
mprotect(0x7f9575ef1000, 2093056, PROT_NONE) = 0
mmap(0x7f95760f0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0xc000) = 0x7f95760f0000
close(10) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 10
fstat(10, {st_dev=makedev(252, 0), st_ino=138337, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18657, st_atime=2014/12/20-22:18:42, st_mtime=2014/12/20-22:18:42, st_ctime=2014/12/20-22:18:42}) = 0
mmap(NULL, 18657, PROT_READ, MAP_PRIVATE, 10, 0) = 0x7f957ace1000
close(10) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\355\5\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=192, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=3768, st_size=1926432, st_atime=2014/12/20-15:12:40, st_mtime=2014/06/20-20:58:39, st_ctime=2014/12/20-15:10:43}) = 0
mmap(NULL, 4036760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f9575b0a000
mprotect(0x7f9575cbb000, 2093056, PROT_NONE) = 0
mmap(0x7f9575eba000, 155648, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x1b0000) = 0x7f9575eba000
mmap(0x7f9575ee0000, 14488, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9575ee0000
close(10) = 0
mprotect(0x7f9575eba000, 110592, PROT_READ) = 0
mprotect(0x7f95760f0000, 4096, PROT_READ) = 0
munmap(0x7f957ace1000, 18657) = 0
open("/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \20\0\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=281475, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18496, st_atime=2014/12/20-17:13:02, st_mtime=2013/11/02-18:29:54, st_ctime=2014/12/20-15:15:39}) = 0
mmap(NULL, 2113776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f9575905000
mprotect(0x7f9575909000, 2093056, PROT_NONE) = 0
mmap(0x7f9575b08000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x3000) = 0x7f9575b08000
close(10) = 0
mprotect(0x7f9575b08000, 4096, PROT_READ) = 0
open("/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\20\0\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=281470, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=48, st_size=22592, st_atime=2014/12/20-17:13:02, st_mtime=2013/11/02-18:29:53, st_ctime=2014/12/20-15:15:39}) = 0
mmap(NULL, 2117872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f95756ff000
mprotect(0x7f9575703000, 2097152, PROT_NONE) = 0
mmap(0x7f9575903000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x4000) = 0x7f9575903000
close(10) = 0
mprotect(0x7f9575903000, 4096, PROT_READ) = 0
open("/usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\22\0\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=280741, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=56, st_size=26536, st_atime=2014/12/20-17:13:02, st_mtime=2013/11/02-18:29:54, st_ctime=2014/12/20-15:15:27}) = 0
mmap(NULL, 2121816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f95754f8000
mprotect(0x7f95754fd000, 2097152, PROT_NONE) = 0
mmap(0x7f95756fd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x5000) = 0x7f95756fd000
close(10) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 10
fstat(10, {st_dev=makedev(252, 0), st_ino=138337, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18657, st_atime=2014/12/20-22:18:42, st_mtime=2014/12/20-22:18:42, st_ctime=2014/12/20-22:18:42}) = 0
mmap(NULL, 18657, PROT_READ, MAP_PRIVATE, 10, 0) = 0x7f957ace1000
close(10) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libdb-5.3.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\3\2\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=264691, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=3344, st_size=1711568, st_atime=2014/12/20-15:12:40, st_mtime=2014/04/08-02:07:01, st_ctime=2014/12/20-15:10:44}) = 0
mmap(NULL, 3806664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f9575156000
mprotect(0x7f95752f1000, 2093056, PROT_NONE) = 0
mmap(0x7f95754f0000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x19a000) = 0x7f95754f0000
close(10) = 0
mprotect(0x7f95754f0000, 28672, PROT_READ) = 0
mprotect(0x7f95756fd000, 4096, PROT_READ) = 0
munmap(0x7f957ace1000, 18657) = 0
open("/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\26\0\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=281474, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=72, st_size=34880, st_atime=2014/12/20-17:13:02, st_mtime=2013/11/02-18:29:54, st_ctime=2014/12/20-15:15:39}) = 0
mmap(NULL, 2130160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f9574f4d000
mprotect(0x7f9574f55000, 2093056, PROT_NONE) = 0
mmap(0x7f9575154000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x7000) = 0x7f9575154000
close(10) = 0
mprotect(0x7f9575154000, 4096, PROT_READ) = 0
open("/usr/lib/x86_64-linux-gnu/sasl2/libplain.so", O_RDONLY|O_CLOEXEC) = 10
read(10, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\20\0\0\0\0\0\0"..., 832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=281471, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40, st_size=18496, st_atime=2014/12/20-17:13:02, st_mtime=2013/11/02-18:29:54, st_ctime=2014/12/20-15:15:39}) = 0
mmap(NULL, 2113776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10, 0) = 0x7f9574d48000
mprotect(0x7f9574d4c000, 2093056, PROT_NONE) = 0
mmap(0x7f9574f4b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x3000) = 0x7f9574f4b000
close(10) = 0
mprotect(0x7f9574f4b000, 4096, PROT_READ) = 0
getdents(9, {}, 32768) = 0
close(9) = 0
openat(AT_FDCWD, "/usr/lib/sasl2", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
getdents(9, {{d_ino=262218, d_off=8782767498341268714, d_reclen=24, d_name="..", d_type=DT_DIR} {d_ino=400321, d_off=9223372036854775807, d_reclen=24, d_name=".", d_type=DT_DIR}}, 32768) = 48
getdents(9, {}, 32768) = 0
close(9) = 0
brk(0x7f957ca27000) = 0x7f957ca27000
stat("/etc/ldap/slapd.d", {st_dev=makedev(252, 0), st_ino=138150, st_mode=S_IFDIR|0755, st_nlink=3, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-21:18:32, st_ctime=2014/12/20-21:18:32}) = 0
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957abd0000
open("/etc/ldap/slapd.d/cn=config.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138240, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=846, st_atime=2014/12/20-21:18:32, st_mtime=2014/12/20-21:18:32, st_ctime=2014/12/20-21:18:32}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 847) = 846
read(9, "", 1) = 0
close(9) = 0
brk(0x7f957ca4f000) = 0x7f957ca4f000
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
getdents(9, {{d_ino=131705, d_off=775647177397703482, d_reclen=40, d_name="cn=module{0}.ldif", d_type=DT_REG} {d_ino=138166, d_off=816499537891209832, d_reclen=48, d_name="olcDatabase={1}hdb.ldif", d_type=DT_REG} {d_ino=138073, d_off=3005349473584177010, d_reclen=32, d_name="cn=schema", d_type=DT_DIR} {d_ino=138150, d_off=3024956273371620616, d_reclen=24, d_name="..", d_type=DT_DIR} {d_ino=133334, d_off=4198028239377025937, d_reclen=56, d_name="olcDatabase={-1}frontend.ldif", d_type=DT_REG} {d_ino=138223, d_off=4446948612295190140, d_reclen=48, d_name="olcDatabase={0}config.ldif", d_type=DT_REG} {d_ino=138238, d_off=6843511678465521447, d_reclen=40, d_name="olcDatabase={1}hdb", d_type=DT_DIR} {d_ino=138085, d_off=8782767498341268714, d_reclen=48, d_name="olcDatabase={0}config", d_type=DT_DIR} {d_ino=132507, d_off=9081868842702713998, d_reclen=24, d_name=".", d_type=DT_DIR} {d_ino=138162, d_off=9097508783202651957, d_reclen=48, d_name="olcBackend={0}hdb.ldif", d_type=DT_REG} {d_ino=137445, d_off=9223372036854775807, d_reclen=40, d_name="cn=schema.ldif", d_type=DT_REG}}, 32768) = 448
getdents(9, {}, 32768) = 0
close(9) = 0
open("/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=131705, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=512, st_atime=2014/12/20-18:56:42, st_mtime=2014/12/20-17:18:50, st_ctime=2014/12/20-17:18:50}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 513) = 512
read(9, "", 1) = 0
close(9) = 0
open("/usr/lib/ldap/back_hdb.la", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=284207, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=960, st_atime=2014/12/20-17:13:02, st_mtime=2014/03/18-00:31:20, st_ctime=2014/12/20-17:12:57}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(9, "# back_hdb.la - a libtool librar"..., 4096) = 960
read(9, "", 4096) = 0
close(9) = 0
munmap(0x7f957ace5000, 4096) = 0
open("/usr/lib/ldap/back_hdb-2.4.so.2", O_RDONLY|O_CLOEXEC) = 9
read(9, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000`\0\0\0\0\0\0"..., 832) = 832
fstat(9, {st_dev=makedev(252, 0), st_ino=284213, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=368, st_size=188120, st_atime=2014/12/20-17:13:02, st_mtime=2014/03/18-00:31:29, st_ctime=2014/12/20-17:12:57}) = 0
mmap(NULL, 2383528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 9, 0) = 0x7f9574b02000
mprotect(0x7f9574b2e000, 2097152, PROT_NONE) = 0
mmap(0x7f9574d2e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 9, 0x2c000) = 0x7f9574d2e000
mmap(0x7f9574d30000, 97960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9574d30000
close(9) = 0
mprotect(0x7f9574d2e000, 4096, PROT_READ) = 0
open("/usr/lib/ldap/syncprov.la", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=284211, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=960, st_atime=2014/12/20-17:18:50, st_mtime=2014/03/18-00:31:20, st_ctime=2014/12/20-17:12:57}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f957ace5000
read(9, "# syncprov.la - a libtool librar"..., 4096) = 960
read(9, "", 4096) = 0
close(9) = 0
munmap(0x7f957ace5000, 4096) = 0
open("/usr/lib/ldap/syncprov-2.4.so.2", O_RDONLY|O_CLOEXEC) = 9
read(9, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220(\0\0\0\0\0\0"..., 832) = 832
fstat(9, {st_dev=makedev(252, 0), st_ino=284203, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=104, st_size=51616, st_atime=2014/12/20-17:18:50, st_mtime=2014/03/18-00:31:29, st_ctime=2014/12/20-17:12:57}) = 0
mmap(NULL, 2147544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 9, 0) = 0x7f95748f5000
mprotect(0x7f9574901000, 2093056, PROT_NONE) = 0
mmap(0x7f9574b00000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 9, 0xb000) = 0x7f9574b00000
close(9) = 0
mprotect(0x7f9574b00000, 4096, PROT_READ) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/cn=module{0}", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/cn=schema.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=137445, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=378, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-17:13:46, st_ctime=2014/12/20-17:13:46}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 379) = 378
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/cn=schema", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
getdents(9, {{d_ino=132507, d_off=3662860407962180088, d_reclen=24, d_name="..", d_type=DT_DIR} {d_ino=138122, d_off=6255282682866703213, d_reclen=40, d_name="cn={1}cosine.ldif", d_type=DT_REG} {d_ino=138147, d_off=7720854019320915801, d_reclen=40, d_name="cn={2}nis.ldif", d_type=DT_REG} {d_ino=138113, d_off=8701025918559470023, d_reclen=40, d_name="cn={0}core.ldif", d_type=DT_REG} {d_ino=138149, d_off=8782767498341268714, d_reclen=48, d_name="cn={3}inetorgperson.ldif", d_type=DT_REG} {d_ino=138073, d_off=9223372036854775807, d_reclen=24, d_name=".", d_type=DT_DIR}}, 32768) = 216
getdents(9, {}, 32768) = 0
close(9) = 0
open("/etc/ldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138113, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=32, st_size=15527, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-17:13:46, st_ctime=2014/12/20-17:13:46}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 15528) = 15527
read(9, "", 1) = 0
close(9) = 0
brk(0x7f957ca70000) = 0x7f957ca70000
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/cn=schema/cn={0}core", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138122, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=24, st_size=11361, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-17:13:46, st_ctime=2014/12/20-17:13:46}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 11362) = 11361
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/cn=schema/cn={1}cosine", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/cn=schema/cn={2}nis.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138147, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=16, st_size=6491, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-17:13:46, st_ctime=2014/12/20-17:13:46}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 6492) = 6491
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/cn=schema/cn={2}nis", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138149, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=2855, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-17:13:46, st_ctime=2014/12/20-17:13:46}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 2856) = 2855
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/cn=schema/cn={3}inetorgperson", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/olcBackend={0}hdb.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138162, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=396, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-17:13:46, st_ctime=2014/12/20-17:13:46}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 397) = 396
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/olcBackend={0}hdb", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=133334, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=657, st_atime=2014/12/20-17:13:46, st_mtime=2014/12/20-17:13:46, st_ctime=2014/12/20-17:13:46}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 658) = 657
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138223, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=989, st_atime=2014/12/20-18:56:42, st_mtime=2014/12/20-17:50:57, st_ctime=2014/12/20-17:50:57}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 990) = 989
read(9, "", 1) = 0
close(9) = 0
brk(0x7f957ca91000) = 0x7f957ca91000
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
getdents(9, {{d_ino=132507, d_off=4076642393755623703, d_reclen=24, d_name="..", d_type=DT_DIR} {d_ino=132505, d_off=8622795955532571834, d_reclen=48, d_name="olcOverlay={1}syncprov.ldif", d_type=DT_REG} {d_ino=138158, d_off=8782767498341268714, d_reclen=48, d_name="olcOverlay={0}syncprov.ldif", d_type=DT_REG} {d_ino=138085, d_off=9223372036854775807, d_reclen=24, d_name=".", d_type=DT_DIR}}, 32768) = 144
getdents(9, {}, 32768) = 0
close(9) = 0
open("/etc/ldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138158, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=530, st_atime=2014/12/20-18:56:42, st_mtime=2014/12/20-17:21:30, st_ctime=2014/12/20-17:21:30}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 531) = 530
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={1}syncprov.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=132505, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=530, st_atime=2014/12/20-21:18:33, st_mtime=2014/12/20-18:56:42, st_ctime=2014/12/20-18:56:42}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 531) = 530
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={1}syncprov", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138166, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=1847, st_atime=2014/12/20-21:18:33, st_mtime=2014/12/20-21:16:07, st_ctime=2014/12/20-21:16:07}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 1848) = 1847
read(9, "", 1) = 0
close(9) = 0
open("/var/lib/ldap/DUMMY", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 9
close(9) = 0
unlink("/var/lib/ldap/DUMMY") = 0
open("/var/lib/ldap/DB_CONFIG", O_RDONLY) = 9
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
getdents(9, {{d_ino=132507, d_off=8622795955532571834, d_reclen=24, d_name="..", d_type=DT_DIR} {d_ino=138239, d_off=8782767498341268714, d_reclen=48, d_name="olcOverlay={0}syncprov.ldif", d_type=DT_REG} {d_ino=138238, d_off=9223372036854775807, d_reclen=24, d_name=".", d_type=DT_DIR}}, 32768) = 96
getdents(9, {}, 32768) = 0
close(9) = 0
open("/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={0}syncprov.ldif", O_RDONLY) = 9
fstat(9, {st_dev=makedev(252, 0), st_ino=138239, st_mode=S_IFREG|0600, st_nlink=1, st_uid=106, st_gid=113, st_blksize=4096, st_blocks=8, st_size=530, st_atime=2014/12/20-21:18:33, st_mtime=2014/12/20-19:06:11, st_ctime=2014/12/20-19:06:11}) = 0
read(9, "# AUTO-GENERATED FILE - DO NOT E"..., 531) = 530
read(9, "", 1) = 0
close(9) = 0
openat(AT_FDCWD, "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={0}syncprov", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
munmap(0x7f957abd0000, 1052672) = 0
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 104, MSG_NOSIGNAL, NULL, 0) = 104
sendto(3, "<39>Dec 20 23:33:41 slapd[6708]:"..., 60, MSG_NOSIGNAL, NULL, 0) = 60
munmap(0x7f9574d48000, 2113776) = 0
munmap(0x7f9574f4d000, 2130160) = 0
munmap(0x7f95754f8000, 2121816) = 0
munmap(0x7f95756ff000, 2117872) = 0
munmap(0x7f9575905000, 2113776) = 0
munmap(0x7f9575ee4000, 2151048) = 0
munmap(0x7f9575b0a000, 4036760) = 0
munmap(0x7f95760f2000, 2113776) = 0
munmap(0x7f95748f5000, 2147544) = 0
munmap(0x7f9574b02000, 2383528) = 0
munmap(0x7f9575156000, 3806664) = 0
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 49, MSG_NOSIGNAL, NULL, 0) = 49
close(3) = 0
socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = 0
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 75, MSG_NOSIGNAL, NULL, 0) = 75
shutdown(5, SHUT_RDWR) = -1 ENOTSOCK (Socket operation on non-socket)
close(5) = 0
shutdown(4, SHUT_RDWR) = -1 ENOTSOCK (Socket operation on non-socket)
close(4) = 0
close(6) = 0
exit_group(1) = ?
+++ exited with 1 +++

>grep sendto openlap_tls_replication,_this_is_ok.txt
sendto(3, "<167>Dec 20 23:31:52 slapd[4762]"..., 162, MSG_NOSIGNAL, NULL, 0) = 162
sendto(3, "<167>Dec 20 23:31:52 slapd[4762]"..., 91, MSG_NOSIGNAL, NULL, 0) = 91
sendto(3, "<167>Dec 20 23:31:52 slapd[4762]"..., 104, MSG_NOSIGNAL, NULL, 0) = 104
sendto(3, "<39>Dec 20 23:31:52 slapd[4762]:"..., 60, MSG_NOSIGNAL, NULL, 0) = 60
sendto(3, "<167>Dec 20 23:31:52 slapd[4762]"..., 49, MSG_NOSIGNAL, NULL, 0) = 49
sendto(3, "<167>Dec 20 23:31:52 slapd[4762]"..., 75, MSG_NOSIGNAL, NULL, 0) = 75

>grep sendto openldap_tls_replication.txt
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 162, MSG_NOSIGNAL, NULL, 0) = 162
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 104, MSG_NOSIGNAL, NULL, 0) = 104
sendto(3, "<39>Dec 20 23:33:41 slapd[6708]:"..., 60, MSG_NOSIGNAL, NULL, 0) = 60
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 49, MSG_NOSIGNAL, NULL, 0) = 49
sendto(3, "<167>Dec 20 23:33:41 slapd[6708]"..., 75, MSG_NOSIGNAL, NULL, 0) = 75

Akkor ezeket az üzeneteket a logból bemásolhatnád, mert nagy különbséget én nem látok a kettő között.

Ne keresd tovább, megvan:

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 7
setsockopt(7, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(7, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)
sendto(3, "<167>Dec 20 23:31:52 slapd[4762]"..., 91, MSG_NOSIGNAL, NULL, 0) = 91

Ugyanazon a gépen akarsz több példányt futtatni, de nem adtál meg bind címet nekik.

Mit nem értesz ezen?

A 0.0.0.0:389-es portra akar bindolni a konfig, de nem tud, mert ott már egy másik daemon fut. Nem futhat ugyanazon az ip címen:porton kettő darab szoftver. Ez a példány konkrétan a gép összes ip címén rá akar tenyerelni a 389-es portra, ami nem jön össze neki. Lehet, hogy a másiknak sem jön össze, és lehet, hogy úgy tesz, mintha menne, de ez így biztosan nem fog jól működni.

KÖszi a segítséget, de sajnos nem látok ilyen beállítást sehol.

Ez a két configom van tudtommal, a többi az ldap-ban van belül, de ott nincs szó sehol szerintem arról amit írtál. Vagy nem veszek észre valamit.

root@uldap1:~# cat /etc/ldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT allow

root@uldap1:~# cat /etc/default/slapd
# Default location of the slapd.conf file or slapd.d cn=config directory. If
# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
# /etc/ldap/slapd.conf).
SLAPD_CONF=

# System account to run the slapd server under. If empty the server
# will run as root.
SLAPD_USER="openldap"

# System group to run the slapd server under. If empty the server will
# run in the primary group of its user.
SLAPD_GROUP="openldap"

# Path to the pid file of the slapd server. If not set the init.d script
# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
# default)
SLAPD_PIDFILE=

# slapd normally serves ldap only on all TCP-ports 389. slapd can also
# service requests on TCP-port 636 (ldaps) and requests via unix
# sockets.
# Example usage:
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
SLAPD_SERVICES="ldap://uldap1/ ldapi:///"

# If SLAPD_NO_START is set, the init script will not start or restart
# slapd (but stop will still work). Uncomment this if you are
# starting slapd via some other means or if you don't want slapd normally
# started at boot.
#SLAPD_NO_START=1

# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
# the init script will not start or restart slapd (but stop will still
# work). Use this for temporarily disabling startup of slapd (when doing
# maintenance, for example, or through a configuration management system)
# when you don't want to edit a configuration file.
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd

# For Kerberos authentication (via SASL), slapd by default uses the system
# keytab file (/etc/krb5.keytab). To use a different keytab file,
# uncomment this line and change the path.
#export KRB5_KTNAME=/etc/krb5.keytab

# Additional options to pass to slapd
SLAPD_OPTIONS=""

A SLAPD_SERVICES az.

De persze ha egynél több példányt akarsz ugyanazon a gépen futtatni, akkor ugye azokhoz egynél több ilyen beállításra lesz szükséged, mert ez el kell térjen az egyes példányok között. Hogy ezt az oprendszereden hogyan lehet megcsinálni, na azt más valakitől kell megkérdezni :)

Akkor szar van a palacsintában.
A strace kimenet, amit felposztoltál, azt tartalmazza, hogy azért nem tud a 389-es portra bindolni, mert már valaki lakik azon a porton.
Ez kb. úgy lehetséges, hogy megpróbáltál beindítani egy slapd-t, miközben ugyanazon a gépen már futott egy másik slapd. Ez ugye minimum kettő darab.

Másrészt a leírás, amit belinkeltél, nem multi-master setupot demonstrál, hanem master-slave setupot. Persze ez a TLS-környéki dolgoktól tök független, az csak a replikálás mikéntjét befolyásolja.

Átnéztem a slapd -d -1 kimenetet mindkét szerveren:

Furcsa, hogy pont az írja: 54963209 daemon: bind(7) failed errno=98 (Address already in use) amelyik bekapcsol.....

első, ami bekapcsol:

root@uldap1:~# slapd -d -1
54963209 @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $
buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd
ldap_pvt_gethostbyname_a: host=uldap1, r=0
54963209 daemon_init:
54963209 daemon_init: listen on ldap:///
54963209 daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
54963209 daemon: bind(7) failed errno=98 (Address already in use)
54963209 daemon: listener initialized ldap:///
54963209 daemon_init: 2 listeners opened
ldap_create
54963209 slapd init: initiated server.
54963209 slap_sasl_init: initialized!
54963209 backend_startup_one: starting "cn=config"
54963209 ldif_read_file: read entry file: "/etc/ldap/slapd.d/cn=config.ldif"

második, ami nem kapcsol be:

root@uldap2:~# slapd -d -1
549738ef @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $
buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd
ldap_pvt_gethostbyname_a: host=uldap2, r=0
549738ef daemon_init:
549738ef daemon_init: listen on ldap:///
549738ef daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
549738ef daemon: listener initialized ldap:///
549738ef daemon_init: 2 listeners opened
ldap_create
549738ef slapd init: initiated server.
549738ef slap_sasl_init: initialized!
549738ef backend_startup_one: starting "cn=config"
549738ef ldif_read_file: read entry file: "/etc/ldap/slapd.d/cn=config.ldif"

Értem én, hogy azon már fut, de a másikon meg egy se, nem indul el. Ez a gond.
működö gép:

root@uldap1:~# netstat -atpn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.98:389 0.0.0.0:* LISTEN 5193/slapd
tcp 0 0 127.0.1.1:389 0.0.0.0:* LISTEN 5193/slapd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 834/sshd
tcp 0 0 192.168.1.98:22 192.168.1.122:56578 ESTABLISHED 4997/sshd: xxxx [p
tcp 0 0 192.168.1.98:22 192.168.1.122:55927 ESTABLISHED 4812/sshd: xxxx [p
tcp6 0 0 :::22 :::* LISTEN 834/sshd

root@uldap1:~# cat /etc/hosts
#127.0.0.1 localhost
127.0.1.1 uldap1.xxxxxxxxxx uldap1
192.168.1.98 uldap1.xxxxxxxxxx uldap1
192.168.1.99 uldap2.xxxxxxxxxx uldap2

nem működő gép:

root@uldap2:~# netstat -atpn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 782/sshd
tcp 0 0 192.168.1.99:22 192.168.1.122:57048 ESTABLISHED 1258/sshd: xxxx [p
tcp 0 0 192.168.1.99:22 192.168.1.122:57047 ESTABLISHED 1067/sshd: xxxx [p
tcp6 0 0 :::22 :::* LISTEN 782/sshd

root@uldap2:~# cat /etc/hosts
#127.0.0.1 localhost
127.0.1.1 uldap2.xxxxxxxxxx uldap2
192.168.1.99 uldap2.xxxxxxxxxx uldap2
192.168.1.98 uldap1.xxxxxxxxxx uldap1

( battila | 2014. 12. 22., h – 20:56 )

Na ahogy kerted, de en nem tls-sel csinaltam, hanem ldaps-sel. Auditalasnal konnyebb elmagyarazni, hogy ez titkositott.

1, Telepites (az osszes gepen amire akarod az ldap-ot):

apt-get install ldap-utils gnutls-bin slapd ldapscripts

2, Mivel a telepito nem mindig azt csinalja, amit en szeretek, ezert:

dpkg --reconfigure slapd

3, Erdemes loggolast is bekapcsolni, mert ha bajsagra fut az ember, akkor halas tud lenni:


cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
EOF

4, ha nincs alapbol tiltva az ipv6, es ldapnal nincs ra szukseged:

sed -i -e '/^SLAPD_OPTIONS/c SLAPD_OPTIONS="-4"' /etc/default/slapd

5, Titkositatlan kommunikacio csak localhostrol, minden mas csak SSL-en keresztul:

sed -i -e '/^SLAPD_SERVICES/c SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"' /etc/default/slapd

6, Ha mar akarunk ldaps-t, akkor kell hozza cert is:


cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/ldap-key.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/ldap-cert.pem
EOF

Ahogy mondtam, en minden host-on csinaltam egy symlinket a valodi certre, es a linkeket a fent emlitett nevekre kereszteltem. Tehat van egy szerver1-key.pem, van szerver2-key.pem, szerver3-key.pem, szerver1-cert.pem, szerver2-cert.pem, szerver3-cert.pem. Termeszetesen a szerver1-en az egyes van, a szerver2-on a kettes, ...

7, A slapd -nek olvasasi jogok a certekre:

usermod -a -G ssl-cert openldap

Igy mostmar el is tudja majd oket olvasni, es nem hasal el inditaskor.

8, Indexek. Mivel az indexeleshez restart kell, ezert en meg elotte meg szoktam csinalni:


cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uid eq
-
add: olcDbIndex
olcDbIndex: cn eq
-
add: olcDbIndex
olcDbIndex: ou eq
-
add: olcDbIndex
olcDbIndex: dc eq
-
add: olcDbIndex
olcDbIndex: uniqueMember eq
-
add: olcDbIndex
olcDbIndex: uidNumber eq
-
add: olcDbIndex
olcDbIndex: gidNumber eq
-
add: olcDbIndex
olcDbIndex: mail eq
EOF

9, /etc/ldap/ldap.conf


# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=example,dc=com
URI ldap://127.0.0.1 ldaps://szerver1.example.com ldaps://szerver2.example.com ldaps://szerver3.example.com

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

TLS_CACERT /etc/ssl/certs/ca-certificates.crt"

10, Ujraindexeles, meg elso teszt:

/etc/init.d/slapd stop
/etc/init.d/slapd start

Na most ugrik a majom a vizbe! Ha elindul, es tudunk lekerdezni ldapsearch-csel, akkor kiraly. Ha viszont nem, akkor viszonylag egyszeru javitani, mert meg sok dolgot nem csinaltunk.

11, Admin jelszo csere.

Az elejen is kerdezett egyet, de jobban szeretem a generalt, hosszu, es bonyolult jjelszavakat. Azt meg utalom begepelni.


cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: HosszuEsBonyolultAdminJelszo
EOF

Kezdodik a replikacio konfiguralas
=========================

11, Server id

Minden gepnek kell egy egyedi azonosito a replikaciohoz. Mind a harmon kulonbozot allits be:

cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 1
EOF

12, Replikacios modul betoltese

cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}syncprov.la
EOF

13, Szerveridk terjesztese

cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldaps://szerver1.example.com/
olcServerID: 2 ldaps://szerver2.example.com/
olcServerID: 3 ldaps://szerver3.example.com/
EOF

14, config adatbazis replikalasa

cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
EOF


cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldaps://szerver1.example.com/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=HosszuEsBonyolultAdminJelszo
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldaps://szerver2.example.com/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=HosszuEsBonyolultAdminJelszo
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=003 provider=ldaps://szerver3.example.com/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=HosszuEsBonyolultAdminJelszo
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
EOF

15, hdb adatbazis replikalasa. EZT MAR CSAK AZ EGYIK GEPEN KELL, MERT REPLIKALJUK A cn=config ADATBAZIST

cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcLimits
olcLimits: dn.exact="cn=admin,dc=example,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
-
add: olcSyncRepl
olcSyncRepl: rid=004 provider=ldaps://szerver1.example.com/ binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials=HosszuEsBonyolultAdminJelszo searchbase="dc=example,dc=com"
type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=005 provider=ldaps://szerver2.example.com/ binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials=HosszuEsBonyolultAdminJelszo searchbase="dc=example,dc=com"
type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=006 provider=ldaps://szerver3.example.com/ binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials=HosszuEsBonyolultAdminJelszo searchbase="dc=example,dc=com"
type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
EOF

== Es orulunk, itt a vege! ==

+1 teszteles

ldapsearch -x

Lehet egyesevel leallitgatni a slapd-ket, igy nezegetni, hogy mit dob vissza az ldapsearch.

Ha ezek utan sem mukodik neked, akkor jo penzert tudok ra embert.

Köszi, egyenlőre én szeretném.
Egyébként a certek létrehozására akartam utalni, pl.: openssl v gnutls stb. ezeket hiányoltam, a többit értem.
Én ezt próbáltam követni:
https://help.ubuntu.com/12.04/serverguide/openldap-server.html
meg ezt: http://www.zytrax.com/books/ldap/ch15/

csak összekavarodtam, mit hova másolni stb.

de köszi

Az LDAP titkosítási része ok, maga az SSL TLS rész nem.
Nekem az nem világos, hogy maga az SSL TLS hogy működik pontosan: azok a lépések lennének az érdekesek. Mik a lépések, mit hova melyik gépről melyik gépre másolok stb.?

Egymás certjeit a gépeknek nem kell átadni, hogy működjön a kulcsos kommunikáció?

Ezt a két doksit kombináltam:

Ebből magát a telepítést és a TLS-t
https://help.ubuntu.com/12.04/serverguide/openldap-server.html

ebből meg a multi master replikációt
http://www.opensolutions.ie/blog/2013/01/multi-master-ldap-replication/

Valami apróság hiányozhat a titkosítás körül, csak nem tudok rájönni hogy mi.

Generalsz egy sajat root CA-t, ennek van publikus es privat resze. A publikus reszet kell felrakni az osszes gepre ahonnan el akarod majd erni a szolgaltatasaidat.
Ha kesz vagy a root CA-val, akkor csinalni kell a gepeknek is certet, amit a rootCA-val irsz ala, hitelesitesz. Majd ezeket az alairt certeket fogod hasznalni, ezeket kell megadni az ldap-nak. A kliens a rootCA-val fogja ellenorizni a hitelesseguket.

Ha nem akarsz gepenkent kulon certet, akkor hasznald a SAN-t, es ott sorold fel a hostneveket. Nem vagyok benne 100%-ig biztos, de szerintem az ldap is tamogatja.

Masik megoldas, hogy veszel cert-et, peldaul toluk ingyert: https://www.startssl.com es akkor a rootCA-val nem kell jatszani, meg a vilag is felismeri.

Addig eljutottam, hogy a két szerverhez tudok TLS-sen keresztül pl apache dir stúdióval is kapcsolódni.
De a kommunikáció nem stabil, talán ez a legjobb kifejezés. Az apache dir stúdió sűrűn kifagy és a replikálás csak az 2-->1 felé megy.
Az 1-es írja, hogy TLS established tls_ssf=128 ... amikor valamit a 2-esen változtatok, és át is kertül az 1-esbe.
A 2-es meg, hogy error.... ldap_start_tls failed (-11)

Az apache dir stúdió TLS-sel való kapcsolódáskor azt is kiírja, hogy a host név nem passzol a certhez de ettől még kapcsolódik. Ez utóbbi az miatt lehet, hogy ip címmel kapcsolódok a certben meg hostnév van?

Valami apróság még lehet amit nem veszek észre.
Ötlet?

Az 1-es gépen készültek a certek.

Ha mindkét gépen a slapd-t restartolom akkor mindkét irányba megy a config rész replikálása viszont az adatok replikálásának iránya megfordul.

Ötlet?