From: Iuri S. <iu...@iu...> - 2018-05-17 02:55:08
|
Yeah, that’s what I thought so. However, when I switched the host within config.tcl (i) to the host that literally appears in the processe's display (ii), I got (iii). I wonder if running LDAP without SSL could be the cause. However, I found nothing in the documentation that would reference so. i. #config.tcl ns_section ns/ldap/pool/ldap ns_param user "cn=admin,dc=ldap,dc=litli,dc=net" ns_param password “*****" ns_param host "ldap:///:389" ns_param connections 1 ns_param verbose On iii. caltek 22931 22675 0 22:42 pts/1 00:00:00 ps -ef openldap 23829 1 0 May14 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d iii. [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: nsldap: could not open connection to server ldap:///:389 on port 389: Inappropriate ioctl for device [16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: ns:interptrace[caltek]: deallocate nsproxy:cleanup a:(nil) [16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: ns:interptrace[caltek]: deallocate nsdb:releasehandles a:(nil) [16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: ns:interptrace[caltek]: deallocate ns:tcltrace ns_cleanup [16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: Ns_SockAccept returns sock 5, err NONE [16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: Ns_SockAccept returns sock -1, err Resource temporarily unavailable [16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: [0] dequeue thread connPtr 0x555f13d233e0 idle 2 state 4 create 0 [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ns:interptrace[caltek]: allocate ns:tcltrace ns_init [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: user agent is Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: OACS= sec_handler: enter [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ad_get_signed_cookie: Got signed cookie ad_session_id with value 350001,0,0,1526524659, signature 237 1526525859 B427AD47A039C798E4B2E29725B5456831F66EF3. [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Getting token_id 237, value 02627536A2D3BDF38A7049D9AC1555DFB219A281 ; [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Expire_Time is 1526525859 (compare to 1526524769), hash is B427AD47A039C798E4B2E29725B5456831F66EF3 [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Hash matches - Hash check OK [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Expiration time (1526525859) greater than current time (1526524769) - Expiration check OK [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ad_get_signed_cookie: Verification of cookie ad_session_id OK [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: Security: Insecure session OK: session_id 350001, untrusted_user_id 0, auth_level none, user_id 0 [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Notice: Running first LDAP script ... [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: nsldap: getting a handle for thread 0x7f915dd38700 [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: nsldap: connecting handle from pool ldap [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: nsldap: could not open connection to server ldap:///:389 on port 389: Inappropriate ioctl for device [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.00-database-procs.db_nextval.nextval --> using default SQL [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f91590db110 convert type none to sql <select nextval('t_acs_object_id_seq')> [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.dotlrn.tcl.dotlrn-security-procs.dotlrn::user_p.select_count --> using default SQL [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f91590d8a70 REUSE sql [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: we have the following editors registered: [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: Ns_ConnClose 0x555f13d233e0 stream 000000 chunk 000000 via writer 000000 sockPtr 0x7f91540012c0 [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: could not allocate 1 handle from pool "ldap" while executing "ns_ldap gethandle "ldap"" ("uplevel" body line 7) invoked from within "uplevel { ad_page_contract {} ns_log Notice "Running first LDAP script ..." set lh [ns_ldap gethandle "ldap"] doc_return 200 text/html "[ns_lda..." (procedure "code::tcl::/var/www/caltek//www/test-ldap" line 2) invoked from within "code::tcl::$__adp_stub" ("uplevel" body line 12) invoked from within "uplevel { if { [file exists $__adp_stub.tcl] } { # ensure that data source preparation procedure exists and is up-to-date ..." (procedure "adp_prepare" line 2) invoked from within "adp_prepare" invoked from within "template::adp_parse $themed_template {}" (procedure "adp_parse_ad_conn_file" line 14) invoked from within "$handler" ("uplevel" body line 2) invoked from within "uplevel $code" invoked from within "ad_try { $handler } ad_script_abort val { # do nothing }" invoked from within "rp_serve_concrete_file [ad_conn file]" (procedure "::nsf::procs::rp_serve_abstract_file" line 60) invoked from within "rp_serve_abstract_file "$root/$extra_url"" ("uplevel" body line 2) invoked from within "uplevel $code" invoked from within "ad_try { rp_serve_abstract_file "$root/$extra_url" set ::tcl_url2file([ad_conn url]) [ad_conn file] se..." called from rp_handler GET http://127.0.0.1:8080/test-ldap? referred by '' peer 127.0.0.1 user_id 0 X-Forwarded-For: 201.50.61.208 Host: 127.0.0.1:8080 Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: ad_session_id="350001%2c0%2c0%2c1526524659%20{237%201526525859%20B427AD47A039C798E4B2E29725B5456831F66EF3}"; style=null [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ns:interptrace[caltek]: deallocate nsproxy:cleanup a:(nil) [16/May/2018:22:39:29] > On May 16, 2018, at 09:51, Gustaf Neumann <ne...@wu...> wrote: > > i am probably not the best person to ask, since we do not use here ldap. > > however, my guess is that you have most likely a configuration problem: > under "host" you specify "ldap://...." <ldap://....>, when i look into the source i see: > Ns_DStringPrintf(&ds, "ldap://%s:%d", handlePtr->host, handlePtr->port ); > > so , i would think that "host " is really what it implies, and not a ldap URL. > > -gn > > On 14.05.18 17:56, Iuri Sampaio wrote: >> Hello Gustaf and all, >> >> So far, I’ve installed and configured all code required to run LDAP together with Naviserver. Plus, I’ve added and amended all necessary parameters in order to enable LDAP authentication. >> >> However, I still haven’t figured out what is blocking the connection to the server. However parametrization seems fine, I believe the error is because I've assigned wrong formats to the parameter within config.tcl. >> >> LDAP and NS instances are running in the same server. I have tried localhost, w/ and w/o declaring ports explicitly. >> >> >> ns_section ns/ldap/pool/ldap >> ns_param user “cn=web,dc=ldap,dc=litli,dc=net" >> ns_param password “*****" >> ns_param host "ldap://ldap.litli.net <http://litli.net/>" >> ns_param connections 1 >> ns_param verbose On >> >> >> >> Bellow you can see the logs of a successful boot up of NS. >> >> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Notice: modload: loading module nsldap from file /usr/local/ns/bin/nsldap.so >> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: allowing * -> pool ldap >> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: adding pool ldap to the list of allowed pools >> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: Registering LDAPCheckPools (600) >> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Notice: nsldap: version 0.9 loaded >> ... >> [14/May/2018:10:44:36][22834.7f4be4abf700][-main-] Notice: Loading packages/auth-ldap/tcl/auth-ldap-procs.tcl... >> [14/May/2018:10:44:36][22834.7f4be4abf700][-main-] Notice: Loaded packages/auth-ldap/tcl/auth-ldap-procs.tcl. >> ... >> >> >> >> Plus, LDAP instance is running just fine at http://ldap.litli.net <http://ldap.litli.net/>. Login is successful trough http and directly through command line: >> >> 1) >> ldapsearch -n -x -H ldap://ldap.litli.net <ldap://ldap.litli.net> -D “cn=web,dc=ldap,dc=litli,dc=net" "uid=iuri" -w **** >> # extended LDIF >> # >> # LDAPv3 >> # base <dc=ldap,dc=litli,dc=net> (default) with scope subtree >> # filter: uid=iuri >> # requesting: ALL >> # >> >> >> 2) >> ldapsearch -x -W -D ‘cn=web,dc=ldap,dc=litli,dc=net' -b "" -s base >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base <> with scope baseObject >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # >> dn: >> objectClass: top >> objectClass: OpenLDAProotDSE >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> >> >> ############## >> >> >> However, the connection failed in attempt to allocate handle from ldap pool, when I run the following TCL command: >> >> set lh [ns_ldap gethandle "ldap"] >> >> >> See logs: >> >> >> ### >> # NS ERROR logs: /log/error.log >> ### >> >> ... >> >> [14/May/2018:10:50:04][22834.7f4bd89ce700][-conn:caltek:0:1-] Error: could not allocate 1 handle from pool "ldap" >> while executing >> "ns_ldap gethandle "ldap"" >> ("uplevel" body line 2) >> invoked from within >> "uplevel { >> set lh [ns_ldap gethandle "ldap"] >> doc_return 200 text/html "[ns_ldap host $lh]" >> >> >> }" >> >> >> … >> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Debug: nsldap: getting a handle for thread 0x7f1653d03700 >> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Debug: nsldap: connecting handle from pool ldap >> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Error: nsldap: could not open connection to server ldap://ldap.litli.net <ldap://ldap.litli.net> on port 389: No such file or directory > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel |