Menu
▾
▴
Re: [naviserver-devel] nsldap: Installation and setup
|
From: Iuri S. <iu...@iu...> - 2018-05-17 02:55:08
|
Yeah, that’s what I thought so. However, when I switched the host within config.tcl (i) to the host that literally appears in the processe's display (ii), I got (iii).
I wonder if running LDAP without SSL could be the cause. However, I found nothing in the documentation that would reference so.
i. #config.tcl
ns_section ns/ldap/pool/ldap
ns_param user "cn=admin,dc=ldap,dc=litli,dc=net"
ns_param password “*****"
ns_param host "ldap:///:389"
ns_param connections 1
ns_param verbose On
iii. caltek 22931 22675 0 22:42 pts/1 00:00:00 ps -ef
openldap 23829 1 0 May14 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
iii. [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: nsldap: could not open connection to server ldap:///:389 on port 389: Inappropriate ioctl for device
[16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: ns:interptrace[caltek]: deallocate nsproxy:cleanup a:(nil)
[16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: ns:interptrace[caltek]: deallocate nsdb:releasehandles a:(nil)
[16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: ns:interptrace[caltek]: deallocate ns:tcltrace ns_cleanup
[16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: Ns_SockAccept returns sock 5, err NONE
[16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: Ns_SockAccept returns sock -1, err Resource temporarily unavailable
[16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: [0] dequeue thread connPtr 0x555f13d233e0 idle 2 state 4 create 0
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ns:interptrace[caltek]: allocate ns:tcltrace ns_init
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: user agent is Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: OACS= sec_handler: enter
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ad_get_signed_cookie: Got signed cookie ad_session_id with value 350001,0,0,1526524659, signature 237 1526525859 B427AD47A039C798E4B2E29725B5456831F66EF3.
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Getting token_id 237, value 02627536A2D3BDF38A7049D9AC1555DFB219A281 ;
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Expire_Time is 1526525859 (compare to 1526524769), hash is B427AD47A039C798E4B2E29725B5456831F66EF3
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Hash matches - Hash check OK
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: __ad_verify_signature: Expiration time (1526525859) greater than current time (1526524769) - Expiration check OK
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ad_get_signed_cookie: Verification of cookie ad_session_id OK
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: Security: Insecure session OK: session_id 350001, untrusted_user_id 0, auth_level none, user_id 0
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Notice: Running first LDAP script ...
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: nsldap: getting a handle for thread 0x7f915dd38700
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: nsldap: connecting handle from pool ldap
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: nsldap: could not open connection to server ldap:///:389 on port 389: Inappropriate ioctl for device
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.00-database-procs.db_nextval.nextval --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f91590db110 convert type none to sql <select nextval('t_acs_object_id_seq')>
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.dotlrn.tcl.dotlrn-security-procs.dotlrn::user_p.select_count --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f91590d8a70 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO FULLQUERY FOR dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: we have the following editors registered:
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: Ns_ConnClose 0x555f13d233e0 stream 000000 chunk 000000 via writer 000000 sockPtr 0x7f91540012c0
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: could not allocate 1 handle from pool "ldap"
while executing
"ns_ldap gethandle "ldap""
("uplevel" body line 7)
invoked from within
"uplevel {
ad_page_contract {}
ns_log Notice "Running first LDAP script ..."
set lh [ns_ldap gethandle "ldap"]
doc_return 200 text/html "[ns_lda..."
(procedure "code::tcl::/var/www/caltek//www/test-ldap" line 2)
invoked from within
"code::tcl::$__adp_stub"
("uplevel" body line 12)
invoked from within
"uplevel {
if { [file exists $__adp_stub.tcl] } {
# ensure that data source preparation procedure exists and is up-to-date
..."
(procedure "adp_prepare" line 2)
invoked from within
"adp_prepare"
invoked from within
"template::adp_parse $themed_template {}"
(procedure "adp_parse_ad_conn_file" line 14)
invoked from within
"$handler"
("uplevel" body line 2)
invoked from within
"uplevel $code"
invoked from within
"ad_try {
$handler
} ad_script_abort val {
# do nothing
}"
invoked from within
"rp_serve_concrete_file [ad_conn file]"
(procedure "::nsf::procs::rp_serve_abstract_file" line 60)
invoked from within
"rp_serve_abstract_file "$root/$extra_url""
("uplevel" body line 2)
invoked from within
"uplevel $code"
invoked from within
"ad_try {
rp_serve_abstract_file "$root/$extra_url"
set ::tcl_url2file([ad_conn url]) [ad_conn file]
se..."
called from rp_handler
GET http://127.0.0.1:8080/test-ldap? referred by '' peer 127.0.0.1 user_id 0
X-Forwarded-For: 201.50.61.208
Host: 127.0.0.1:8080
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: ad_session_id="350001%2c0%2c0%2c1526524659%20{237%201526525859%20B427AD47A039C798E4B2E29725B5456831F66EF3}"; style=null
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: ns:interptrace[caltek]: deallocate nsproxy:cleanup a:(nil)
[16/May/2018:22:39:29]
> On May 16, 2018, at 09:51, Gustaf Neumann <ne...@wu...> wrote:
>
> i am probably not the best person to ask, since we do not use here ldap.
>
> however, my guess is that you have most likely a configuration problem:
> under "host" you specify "ldap://...." <ldap://....>, when i look into the source i see:
> Ns_DStringPrintf(&ds, "ldap://%s:%d", handlePtr->host, handlePtr->port );
>
> so , i would think that "host " is really what it implies, and not a ldap URL.
>
> -gn
>
> On 14.05.18 17:56, Iuri Sampaio wrote:
>> Hello Gustaf and all,
>>
>> So far, I’ve installed and configured all code required to run LDAP together with Naviserver. Plus, I’ve added and amended all necessary parameters in order to enable LDAP authentication.
>>
>> However, I still haven’t figured out what is blocking the connection to the server. However parametrization seems fine, I believe the error is because I've assigned wrong formats to the parameter within config.tcl.
>>
>> LDAP and NS instances are running in the same server. I have tried localhost, w/ and w/o declaring ports explicitly.
>>
>>
>> ns_section ns/ldap/pool/ldap
>> ns_param user “cn=web,dc=ldap,dc=litli,dc=net"
>> ns_param password “*****"
>> ns_param host "ldap://ldap.litli.net <http://litli.net/>"
>> ns_param connections 1
>> ns_param verbose On
>>
>>
>>
>> Bellow you can see the logs of a successful boot up of NS.
>>
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Notice: modload: loading module nsldap from file /usr/local/ns/bin/nsldap.so
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: allowing * -> pool ldap
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: adding pool ldap to the list of allowed pools
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: Registering LDAPCheckPools (600)
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Notice: nsldap: version 0.9 loaded
>> ...
>> [14/May/2018:10:44:36][22834.7f4be4abf700][-main-] Notice: Loading packages/auth-ldap/tcl/auth-ldap-procs.tcl...
>> [14/May/2018:10:44:36][22834.7f4be4abf700][-main-] Notice: Loaded packages/auth-ldap/tcl/auth-ldap-procs.tcl.
>> ...
>>
>>
>>
>> Plus, LDAP instance is running just fine at http://ldap.litli.net <http://ldap.litli.net/>. Login is successful trough http and directly through command line:
>>
>> 1)
>> ldapsearch -n -x -H ldap://ldap.litli.net <ldap://ldap.litli.net> -D “cn=web,dc=ldap,dc=litli,dc=net" "uid=iuri" -w ****
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=ldap,dc=litli,dc=net> (default) with scope subtree
>> # filter: uid=iuri
>> # requesting: ALL
>> #
>>
>>
>> 2)
>> ldapsearch -x -W -D ‘cn=web,dc=ldap,dc=litli,dc=net' -b "" -s base
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <> with scope baseObject
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> #
>> dn:
>> objectClass: top
>> objectClass: OpenLDAProotDSE
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>>
>> ##############
>>
>>
>> However, the connection failed in attempt to allocate handle from ldap pool, when I run the following TCL command:
>>
>> set lh [ns_ldap gethandle "ldap"]
>>
>>
>> See logs:
>>
>>
>> ###
>> # NS ERROR logs: /log/error.log
>> ###
>>
>> ...
>>
>> [14/May/2018:10:50:04][22834.7f4bd89ce700][-conn:caltek:0:1-] Error: could not allocate 1 handle from pool "ldap"
>> while executing
>> "ns_ldap gethandle "ldap""
>> ("uplevel" body line 2)
>> invoked from within
>> "uplevel {
>> set lh [ns_ldap gethandle "ldap"]
>> doc_return 200 text/html "[ns_ldap host $lh]"
>>
>>
>> }"
>>
>>
>> …
>> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Debug: nsldap: getting a handle for thread 0x7f1653d03700
>> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Debug: nsldap: connecting handle from pool ldap
>> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Error: nsldap: could not open connection to server ldap://ldap.litli.net <ldap://ldap.litli.net> on port 389: No such file or directory
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
> naviserver-devel mailing list
> nav...@li...
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
|
