Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

NDS could be the problem (not to push it off on to the server, but Novell's LDAP
stuff has taken a while to get straightened out). It would help if you could
tell us what version you're using (I'm hoping that Jim Harle who use NDS LDAP
might be able to shed some light ;).

I've never used NDS LDAP so I can't say for sure. I thought that NDS wouldn't
even authenticate unless you connected to it via SSL.

One of the changes I plan to add in is to allow you to use compare instead of
bind, that might solve this problem.

BTW If you want to talk about the Apache modules at the OSS conference, I'd be
happy to talk about them.

Mark

Eamon Daly wrote:

> I just turned on some extra logging on the Novell side of things.
> Perhaps this is of value to someone. Also, I forgot to mention the
> Perl version I'm using: 5.005_03 built for sun4-solaris.
>
> I've tried adding unbinds to places that returned "fail" values in
> AuthNetLDAP, but that didn't seem to help any.
>
> 7-6-2000 9:11:01 pm Accepting TCP connection
> 7-6-2000 9:11:01 pm Starting new monitor thread
> 7-6-2000 9:11:01 pm Monitor thread 0x151 started
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:01 pm new connection on 0xd427bcc0
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd219a180
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:01 pm do_bind
> 7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128
> 7-6-2000 9:11:01 pm accepting NULL bind
> 7-6-2000 9:11:01 pm send_ldap_result 0::
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:01 pm do_search
> 7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm
> sizelimit 0 timelimit 0 attrsonly 0
> 7-6-2000 9:11:01 pm begin get_filter
> 7-6-2000 9:11:01 pm EQUALITY
> 7-6-2000 9:11:01 pm     filter: (uid=kpeterson)
> 7-6-2000 9:11:01 pm     attrs:7-6-2000 9:11:01 pm  dn7-6-2000 9:11:01 pm
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
> 7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context)
> 7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr
> (entry)
> 7-6-2000 9:11:01 pm <= acl_get: no match
> 7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry)
> 7-6-2000 9:11:01 pm send_ldap_result 0::
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:01 pm do_bind
> 7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context)
> method 128
> 7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN
> (CN=kpeterson.O=fw_context)
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
> 7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context",
> err = -217
> 7-6-2000 9:11:04 pm send_ldap_result 1::
> 7-6-2000 9:11:04 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:04 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1
> 7-6-2000 9:11:04 pm *** got 0 of 0 so far
> 7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt
> 0xd427bcc0 from opid -1
> 7-6-2000 9:11:04 pm called by "connection_activity"
> 7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread
> 0xd217d040
> 7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:04 pm  0xd219a180r7-6-2000 9:11:04 pm
> 7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151
> 7-6-2000 9:11:11 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:11 pm Monitor thread 0x151 terminated
>
> ________________________________________
> Eamon Daly
> FastWeb, Inc.
> 847 568 6410
>
> ----- Original Message -----
> From: "Mark Wilcox" <mew...@un...>
> To: "Eamon Daly" <ea...@fa...>
> Cc: <per...@li...>
> Sent: Thursday, July 06, 2000 9:01 PM
> Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?
>
> : Hi,
> : This could be a bug in my AuthNetLDAP module, probably with the opening or
> : closing of the LDAP connection. I haven't even really used the module in
> : production yet, so I don't know all of the bugs.
> :
> : Could you send a copy of the relevant Apache error log to
> ma...@mj...
> :
> : I'll be out of town for the next few days, but I'll try to take a look at
> : it when I get back.
> :
> : Mark
> :
> : Eamon Daly wrote:
> :
> : > A handful of our users are getting an LDAP_OPERATIONS_ERROR
> : > when they try to authenticate. I haven't seen anything close
> : > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
> : > so I'm kinda stumped. A 'debug => 3' trace follows. The name
> : > and password is correct.
> : >
> : > Apache 1.3.12
> : > Solaris 7
> : > Net::LDAP 0.19
> : > Apache::AuthNetLDAP 0.16
> : >
> : > Thanks in advance!
> : >
> : > [Thu Jul  6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
> : > reason: user kpeterson: failed bind: 1
> : > Net::LDAP=HASH(0x3fa2f8) sending:
> : >
> : > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
> : >
> : > Net::LDAP=HASH(0x3fa2f8) sending:
> : >
> : > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
> : > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
> : > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
> : > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
> : > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
> : >
> : > Net::LDAP=HASH(0x3fa2f8) sending:
> : >
> : > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
> : > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
> : > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
> : >
> : > ________________________________________
> : > Eamon Daly
> : > FastWeb, Inc.
> : > 847 568 6410
> :
> :