Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

NDS has the option of turning on/off clear password or SSL connections as
part of the LDAP configuration.  I'm using clear text at the moment, cause
I haven't figured out how to get SSL working with NET::LDAP.   ...anyone
got a "NET::LDAP SSL For DUMMIES"?  

David.

At 09:44 PM 7/6/00 -0500, Mark Wilcox wrote:
>NDS could be the problem (not to push it off on to the server, but
Novell's LDAP
>stuff has taken a while to get straightened out). It would help if you could
>tell us what version you're using (I'm hoping that Jim Harle who use NDS LDAP
>might be able to shed some light ;).
>
>I've never used NDS LDAP so I can't say for sure. I thought that NDS wouldn't
>even authenticate unless you connected to it via SSL.
>
>One of the changes I plan to add in is to allow you to use compare instead of
>bind, that might solve this problem.
>
>BTW If you want to talk about the Apache modules at the OSS conference,
I'd be
>happy to talk about them.
>
>Mark
>
>
>
>
>
>
>Eamon Daly wrote:
>
>> I just turned on some extra logging on the Novell side of things.
>> Perhaps this is of value to someone. Also, I forgot to mention the
>> Perl version I'm using: 5.005_03 built for sun4-solaris.
>>
>> I've tried adding unbinds to places that returned "fail" values in
>> AuthNetLDAP, but that didn't seem to help any.
>>
>> 7-6-2000 9:11:01 pm Accepting TCP connection
>> 7-6-2000 9:11:01 pm Starting new monitor thread
>> 7-6-2000 9:11:01 pm Monitor thread 0x151 started
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm new connection on 0xd427bcc0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd219a180
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_bind
>> 7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128
>> 7-6-2000 9:11:01 pm accepting NULL bind
>> 7-6-2000 9:11:01 pm send_ldap_result 0::
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_search
>> 7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm
>> sizelimit 0 timelimit 0 attrsonly 0
>> 7-6-2000 9:11:01 pm begin get_filter
>> 7-6-2000 9:11:01 pm EQUALITY
>> 7-6-2000 9:11:01 pm     filter: (uid=kpeterson)
>> 7-6-2000 9:11:01 pm     attrs:7-6-2000 9:11:01 pm  dn7-6-2000 9:11:01 pm
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
>> 7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context)
>> 7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr
>> (entry)
>> 7-6-2000 9:11:01 pm <= acl_get: no match
>> 7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry)
>> 7-6-2000 9:11:01 pm send_ldap_result 0::
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_bind
>> 7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context)
>> method 128
>> 7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN
>> (CN=kpeterson.O=fw_context)
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
>> 7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context",
>> err = -217
>> 7-6-2000 9:11:04 pm send_ldap_result 1::
>> 7-6-2000 9:11:04 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:04 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1
>> 7-6-2000 9:11:04 pm *** got 0 of 0 so far
>> 7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt
>> 0xd427bcc0 from opid -1
>> 7-6-2000 9:11:04 pm called by "connection_activity"
>> 7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread
>> 0xd217d040
>> 7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:04 pm  0xd219a180r7-6-2000 9:11:04 pm
>> 7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151
>> 7-6-2000 9:11:11 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:11 pm Monitor thread 0x151 terminated
>>
>> ________________________________________
>> Eamon Daly
>> FastWeb, Inc.
>> 847 568 6410
>>
>> ----- Original Message -----
>> From: "Mark Wilcox" <mew...@un...>
>> To: "Eamon Daly" <ea...@fa...>
>> Cc: <per...@li...>
>> Sent: Thursday, July 06, 2000 9:01 PM
>> Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?
>>
>> : Hi,
>> : This could be a bug in my AuthNetLDAP module, probably with the
opening or
>> : closing of the LDAP connection. I haven't even really used the module in
>> : production yet, so I don't know all of the bugs.
>> :
>> : Could you send a copy of the relevant Apache error log to
>> ma...@mj...
>> :
>> : I'll be out of town for the next few days, but I'll try to take a look at
>> : it when I get back.
>> :
>> : Mark
>> :
>> : Eamon Daly wrote:
>> :
>> : > A handful of our users are getting an LDAP_OPERATIONS_ERROR
>> : > when they try to authenticate. I haven't seen anything close
>> : > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
>> : > so I'm kinda stumped. A 'debug => 3' trace follows. The name
>> : > and password is correct.
>> : >
>> : > Apache 1.3.12
>> : > Solaris 7
>> : > Net::LDAP 0.19
>> : > Apache::AuthNetLDAP 0.16
>> : >
>> : > Thanks in advance!
>> : >
>> : > [Thu Jul  6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
>> : > reason: user kpeterson: failed bind: 1
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
>> : > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
>> : > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
>> : > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
>> : > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
>> : > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
>> : > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
>> : >
>> : > ________________________________________
>> : > Eamon Daly
>> : > FastWeb, Inc.
>> : > 847 568 6410
>> :
>> :
>
>
>
>

--------------------------------------------------------------------
David Bussenschutt          Email: D.B...@ma...
Senior Computing Support Officer & Systems Administrator/Programmer
Location:  Griffith University. Information Technology Services
           Brisbane Qld. Aust.  (TEN bldg. rm 1.33) Ph:(07)38757079
--------------------------------------------------------------------