Open alexstuart opened 9 years ago
Turns out restarting slapd is only a temporary measure as the subsequent logins fail.
... and slapd is not logging to /var/log/slapd/slapd.log.
[root@cobweb-idp slapd]# grep slapd /etc/rsyslog.conf
local4.* /var/log/slapd/slapd.log
[root@cobweb-idp slapd]# chkconfig --list rsyslog
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@cobweb-idp slapd]# chkconfig --list slapd
slapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@cobweb-idp slapd]# ls -l /var/log/slapd/slapd.log
-rw-rw----. 1 ldap root 254513 Apr 12 22:47 /var/log/slapd/slapd.log
So... first get syslog working, then find out why slapd timing out...
Flow is: SP -> IdP login page -> Error: script could not be run. After restarting slapd, the login succeds (and uses an IdP session created during the first, failed login).
Authentication suceeds:
But the attribute resolution fails: