Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:ldap_c7:ldaps [16.07.2015 12:46. ] – [ldap.conf] django
+++ centos:ldap_c7:ldaps [16.07.2015 14:06. ] – [ldap.conf] django
@@ Zeile 1615: / Zeile 1615: @@
 Wollen wir von unserem Server aus, mittels **ldapsearch** muss natürlich der Client auch wissen, wie er das bzw. die Zertifikate auf das Vertrauen hin prüfen soll.
-Wir werden daher in der Konfigurationsdate des LDAP-Clients das Chainfile der CA-Root-Zertifikate verwenden soll.
+Wir werden daher in der Konfigurationsdatei des LDAP-Clients vermerken, dass die im Abschnitt **[[centos:ldap_c7:ldaps?&#vertrauensmodelle_in_public-key-infrastrukturen|CA Trust Vertrauensmodelle in Public-Key-Infrastrukturen]]** erstellte Datei mit den vertrauenswürdigen Root-Zertifikaten verwenden soll.
    # vim /etc/openldap/ldap.conf
@@ Zeile 1891: / Zeile 1891: @@
    # less /var/log/ldap.log
-FIXME FIXME FIXME FIXME FIXME FIXME FIXME FIXME FIXME FIXME
+<code>Jul 16 14:43:38 vml000037 openssl: ssl-params: renewed diffie-hellman parameters 4096bit
+Jul 16 14:43:38 vml000037 slapd[5002]: daemon: shutdown requested and initiated.
+Jul 16 14:43:38 vml000037 slapd[5002]: slapd shutdown: waiting for 0 operations/tasks to finish
+Jul 16 14:43:38 vml000037 slapd[5002]: slapd stopped.
+Jul 16 14:43:39 vml000037 slapd[7344]: @(#) $OpenLDAP: slapd 2.4.39 (Mar  6 2015 04:35:49) $
+        mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd
+Jul 16 14:43:39 vml000037 slapd[7346]: slapd starting</code>
 Nun müssen wir nur noch über die Directive **olcTLSDHParamFile** unserem OpenLDAP-Server beibringen, die Parameterdatei auch zu verwenden.
@@ Zeile 1953: / Zeile 1958: @@
 # numEntries: 1
 </code>
+===== LDAPs Verbindungstests =====
+==== openssl ====
+Beim ersten Test bauen wir eine Verbindung mit Hilfe des Befehls **openssl** auf und prüfen, ob auch wirklich das angegebene Protokoll verwendet wurde und welcher **Cipher** zum Einsatz kam.
+   # openssl s_client -connect openldap.dmz.nausch.org:636 -showcerts -tls1_2
+<code>CONNECTED(00000003)
+depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support@cacert.org
+verify return:1
+depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root
+verify return:1
+depth=0 CN = openldap.dmz.nausch.org
+verify return:1
+---
+Certificate chain
+s:/CN=openldap.dmz.nausch.org
+   i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgIDAm8BMA0GCSqGSIb3DQEBDQUAMFQxFDASBgNVBAoTC0NB
+Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTUwNzE1MTgzOTUxWhcNMTcwNzE0
+MTgzOTUxWjAiMSAwHgYDVQQDExdvcGVubGRhcC5kbXoubmF1c2NoLm9yZzCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMUdsfKPIpr3Ma0gpTJdIdKFJ9Wj
+oc7tRO5D67WgXm4Txwd17wK51BkCsXPc7tNHHTTfEJ17UPfqge4bH5kH+Vfg4dAb
+DG0xDtcJibQ0k4dbZEidTET41Iqd2m6xgGOAfEOpZmSUA2Awn4GBKFHjg3RzZ6YG
+n6CTCTaCGiRsRWiGq0KBk4lXmvfAy+/dABXWwMlQsufMwvNxYp7fy/1K7ZMiSfRs
+yMuqMWOO+e3YcUauZVhqhKlcH2AWi8+V6j4wp2G72fuuxOpZkU2vJcNKH3sHYj9G
+p+Z7VHmzgDlz7Y00f93M6VVnC91RhDBwgQzGDMNRTSLyEnOFw7rtHgB/9QkD8dc8
+kley/+LQL4kIm1a8Vvm6wefiSKQOvuoFN5lN3x65JrrP8AB3KmhY+9ADI8w4P2Q
+sPvsPt/ZREqB6mgy/IDEdRglMZYlOheacPnfe/JLBquIdW0kU3KKiRRZnugvkhti
+GW0uJtWpNcvfx0FIPyFfDUAcCLiBnXym+4E4ekXEHH9aZxLgNhX81dw9lBzAmv1I
+AAt2TMbwk74WedYVPN0nToGkTJu3iv1Y6sKQrbClpp4xl43bl11WFHFvJI0o7CC8
+NiAYfXztTXqxlJEOoltTaAXh9Zo8qNagrzlGOM/2lJT4T720mzmCKtNuxzMqF
++Z3YzIuTtz6gCHwPAgMBAAGjggESMIIBDjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
+/wQEAwIDqDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIE
+AQYKKwYBBAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6
+Ly9vY3NwLmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwu
+Y2FjZXJ0Lm9yZy9jbGFzczMtcmV2b2tlLmNybDBJBgNVHREEQjBAghdvcGVubGRh
+cC5kbXoubmF1c2NoLm9yZ6AlBggrBgEFBQcIBaAZDBdvcGVubGRhcC5kbXoubmF1
+c2NoLm9yZzANBgkqhkiG9w0BAQ0FAAOCAgEAQpFKrP2/1/iGFUyC6Sjz4JPI93xN
+qoWhRMZM/SkpwarzBMwsGQ6yKHEoim9Zo4owb38q4yurlUgMcJ2XtNoB0uZK/jZQ
+dVJysG+VbCh9YD5poHRVPMC5zAHWQ13m4BhaOcSXu1Vvh7lb/BcbIA2hlnuRtoOR
+eyY28nTD1fLjTMfp6PbYFTK+asxq0TPqrP9j0qSy1M+0SQnLvlLkr1/bPWDeGH9k
+L5c7FlTQAYE0q6sTdpAPNX2icGHECtylCohlnpNoLCchboH9y9s7FtPzMbDENWvA
+FM1gooanqbo66adN7psnw2gXJbDLShaIwgjRzM8+82I4nXVO5CcD3FWqQIPwYpec
+Rqk/iSB7UobY5h0/R1oQSCqrpGdMwXq7dwGMvyWlxWDikQrR2ptDWO9HENrUpwCN
+LBvmGZedITZ3+NqmJTbSp3R4bEYESmznNUdD8BnBvg3alkzjb6Cinnb30TJtehbQ
+yBaEhzq8KsOZpzcLT7ldN3Y6dxu8qj+p67nGD+A8brrII1s4TIcnEvnPBCWuku/r
+a5iSsSt3US1dOocFJM3CJyuaNfWIqDbutE702fREPriNPxqRSdTkH5Ub4Rb4CiRW
+bHHSqh0QekUMpNi6n7+thG46EKJk1WgeNhhsqRKqy5MDLth7iN5gHE2CCbSIe4qW
+g2KkrggW2eBNzv4=
+-----END CERTIFICATE-----
+s:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
+   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
+-----BEGIN CERTIFICATE-----
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+GGSt/M3mMS+lqO3ig==
+-----END CERTIFICATE-----
+s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
+   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+---
+Server certificate
+subject=/CN=openldap.dmz.nausch.org
+issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
+---
+No client certificate CA names sent
+Server Temp Key: ECDH, prime256v1, 256 bits
+---
+SSL handshake has read 6065 bytes and written 399 bytes
+---
+New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
+Server public key is 4096 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : ECDHE-RSA-AES128-SHA
+    Session-ID: 1CB2A6EEF8A21B2239B011CFA0FF156F76A477FE8F883550762FDB0B2DACDBEC
+    Session-ID-ctx:
+    Master-Key: FFA99DDC9829B6171367B7428647D13F6D7BFA65582810158A10CEDF8B38C2295A4E6C3F8B3212672EC1974DCD1DDAB3
+    Key-Arg   : None
+    Krb5 Principal: None
+    PSK identity: None
+    PSK identity hint: None
+    Start Time: 1437051157
+    Timeout   : 7200 (sec)
+    Verify return code: 0 (ok)
+---</code>
+Mit der Tastenkombination **Strg + c** beenden wir die Verbindung.
+Im obigen Beispiel sehen wir, dass:
+   * **Protokoll**: TLSv1.2
+   * **Cipher**   : ECDHE-RSA-AES128-SHA
+und als temporärer Server-Key **ECDH, prime256v1, 256 bits** verwendet wurden.
+In der Logdatei unseres OpenLDAP-Servers wird der Connect entsprechend vermerkt.
+   # less /var/log/ldap.log
+  Jul 16 14:53:37 vml000037 slapd[7346]: conn=1002 fd=13 ACCEPT from IP=10.0.0.37:41958 (IP=0.0.0.0:636)
+  Jul 16 14:53:37 vml000037 slapd[7346]: conn=1002 fd=13 TLS established tls_ssf=128 ssf=128
+  Jul 16 14:53:45 vml000037 slapd[7346]: conn=1002 fd=13 closed (connection lost)
+==== ldapsearch ====
+Beim nächsten Test verwenden wir den Befehl **ldapsearch** und richten über eine geschützte TLS-Verbindung eine Anfrage an unseren OpenLDAP-Verzeichnisdienst.
+   # ldapsearch -W -x -D cn=config -b cn=config "(objectclass=olcGlobal)" -LLL -H ldaps://openldap.dmz.nausch.org
+  Enter LDAP Password:
+<code>dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcArgsFile: /var/run/openldap/slapd.args
+olcIdleTimeout: 30
+olcPidFile: /var/run/openldap/slapd.pid
+olcReferral: ldap://openldap.dmz.nausch.org
+olcTimeLimit: 15
+olcTLSCACertificateFile: /etc/pki/tls/certs/CAcert_chain.pem
+olcTLSCACertificatePath: /etc/openldap/certs
+olcTLSCertificateFile: /etc/pki/tls/certs/openldap.dmz.nausch.org.pem
+olcTLSCertificateKeyFile: /etc/pki/tls/private/openldap_serverkey.pem
+olcTLSCipherSuite: HIGH
+olcTLSDHParamFile: /etc/pki/tls/private/dh_4096.pem
+olcTLSProtocolMin: 3.1
+</code>
+Der Verbindungsauf- wie auch -abbau und natürlich auch die Abfrage an sich, wird im LDAP-Log //**/var/log/ldap.log**// dokumentiert.
+   # less /var/log/ldap.log
+<code>Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 fd=13 ACCEPT from IP=10.0.0.37:43011 (IP=0.0.0.0:636)
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 fd=13 TLS established tls_ssf=128 ssf=128
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 op=0 BIND dn="cn=config" method=128
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 op=0 BIND dn="cn=config" mech=SIMPLE ssf=0
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 op=0 RESULT tag=97 err=0 text=
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 op=1 SRCH base="cn=config" scope=2 deref=0 filter="(objectClass=olcGlobal)"
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 op=2 UNBIND
+Jul 16 15:49:32 vml000037 slapd[11436]: conn=1006 fd=13 closed</code>