Menu
▾
▴
perl-ldap-dev
|
From: Drew R. <dr...@ph...> - 2002-01-23 22:16:31
|
I have a working script with changes users passwords in an OpenLDAP 2.0.18 database. Using version 0.25 of perl-ldap. However, I get an Operations error when I try to start_tls. Here's the snippet of code: my $ldap = Net::LDAP->new( 'ldap.phg.mc.vanderbilt.edu', version=>3, debug=>12 ) or error_msg($@); my $mesg = $ldap->start_tls( verify=>'optional', cafile=>"$cafile" ); error_msg( $mesg->code . "/" . $mesg->error ); $mesg = $ldap->bind( "uid=$username,ou=people,$DN", password=>$cur_pass) or error_msg($@); The $ldap->start_tls is what generates the error. I captured the output of the attempt, but don't know what it means. root@mays ( ~ )$ cat /tmp/ldappw_tls Net::LDAP=HASH(0x333a4c) sending: 0000 29: SEQUENCE { 0002 1: INTEGER = 1 0005 24: [APPLICATION 23] { 0007 22: [CONTEXT 0] 0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 1.3.6.1.4.1.1466 0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037 001F : } 001F : } Net::LDAP=HASH(0x333a4c) received: 0000 12: SEQUENCE { 0002 1: INTEGER = 1 0005 7: [APPLICATION 24] { 0007 1: ENUM = 0 000A 0: STRING = '' 000C 0: STRING = '' 000E : } 000E : } What's going on? -- Drew |
|
From: Graham B. <gb...@po...> - 2002-01-23 22:39:51
|
I don't see an Operations error here. The received packet has a code of 0x00 which is success Graham. On Wed, Jan 23, 2002 at 04:16:35PM -0600, Drew Raines wrote: > I have a working script with changes users passwords in an OpenLDAP > 2.0.18 database. Using version 0.25 of perl-ldap. > > However, I get an Operations error when I try to start_tls. Here's the > snippet of code: > > my $ldap = Net::LDAP->new( 'ldap.phg.mc.vanderbilt.edu', version=>3, > debug=>12 ) or error_msg($@); > my $mesg = $ldap->start_tls( verify=>'optional', > cafile=>"$cafile" ); > error_msg( $mesg->code . "/" . $mesg->error ); > $mesg = $ldap->bind( "uid=$username,ou=people,$DN", > password=>$cur_pass) or error_msg($@); > > The $ldap->start_tls is what generates the error. > > I captured the output of the attempt, but don't know what it means. > > root@mays ( ~ )$ cat /tmp/ldappw_tls > Net::LDAP=HASH(0x333a4c) sending: > 0000 29: SEQUENCE { > 0002 1: INTEGER = 1 > 0005 24: [APPLICATION 23] { > 0007 22: [CONTEXT 0] > 0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 > 1.3.6.1.4.1.1466 > 0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037 > 001F : } > 001F : } > Net::LDAP=HASH(0x333a4c) received: > 0000 12: SEQUENCE { > 0002 1: INTEGER = 1 > 0005 7: [APPLICATION 24] { > 0007 1: ENUM = 0 > 000A 0: STRING = '' > 000C 0: STRING = '' > 000E : } > 000E : } > > What's going on? > > -- > Drew > |
|
From: Drew R. <dr...@ra...> - 2002-01-24 15:01:04
|
Drew Raines: > > > > my $mesg = $ldap->start_tls( verify=>'optional', > > cafile=>"$cafile" ); > > error_msg( $mesg->code . "/" . $mesg->error ); Graham Barr <gb...@po...>: > > I don't see an Operations error here. The received packet has a code > of 0x00 which is success Hmm. I must not have successfully logged the debugging info. $mesg->code is 1 and $mesg->error is "Operations error" when I run my application. Perhaps the output I showed was just for the creation of the ldap object? Which works fine, hence the 0 return code. How do I debug the start_tls problem? -- Drew |
|
From: Graham B. <gb...@po...> - 2002-01-24 15:29:14
|
On Thu, Jan 24, 2002 at 09:00:59AM -0600, Drew Raines wrote: > Drew Raines: > > > > > > my $mesg = $ldap->start_tls( verify=>'optional', > > > cafile=>"$cafile" ); > > > error_msg( $mesg->code . "/" . $mesg->error ); > > Graham Barr <gb...@po...>: > > > > I don't see an Operations error here. The received packet has a code > > of 0x00 which is success > > Hmm. I must not have successfully logged the debugging info. > $mesg->code is 1 and $mesg->error is "Operations error" when I run my > application. > > Perhaps the output I showed was just for the creation of the ldap > object? Which works fine, hence the 0 return code. How do I debug the > start_tls problem? Hm, well [APPLICATION 23] is an ExtendedRequest (which is what start_tls is) and [APPLICATION 24] is an ExtendedResponse Can you do a debug=15 and send that, it may be a decoding problem. WHat version of Convert::ASN1 do you have installed ? Graham. |
|
From: Drew R. <dr...@ph...> - 2002-01-24 15:36:26
|
Graham Barr <gb...@po...>:
>
> Can you do a debug=15 and send that, it may be a decoding problem.
Net::LDAP=HASH(0x333a4c) sending:
30 1D 02 01 01 77 18 80 16 31 2E 33 2E 36 2E 31 0....w...1.3.6.1
2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 33 37 __ .4.1.1466.20037
0000 29: SEQUENCE {
0002 1: INTEGER = 1
0005 24: [APPLICATION 23] {
0007 22: [CONTEXT 0]
0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 1.3.6.1.4.1.1466
0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037
001F : }
001F : }
Net::LDAP=HASH(0x333a4c) received:
30 0C 02 01 01 78 07 0A 01 00 04 00 04 00 __ __ 0....x........
0000 12: SEQUENCE {
0002 1: INTEGER = 1
0005 7: [APPLICATION 24] {
0007 1: ENUM = 0
000A 0: STRING = ''
000C 0: STRING = ''
000E : }
000E : }
> WHat version of Convert::ASN1 do you have installed ?
0.14
--
Drew
|
|
From: Drew R. <dre...@ph...> - 2002-01-24 15:44:50
|
Drew Raines <dr...@ph...>: > > > WHat version of Convert::ASN1 do you have installed ? > > 0.14 The package is 0.14, but /usr/local/libdata/perl5/site_perl/Convert/ASN1.pm reveals # $Id: ASN1.pm,v 1.15 2001/09/10 18:03:47 gbarr Exp $ Not sure which you needed to know. -- Drew |
|
From: Graham B. <gb...@po...> - 2002-01-24 16:27:17
|
On Thu, Jan 24, 2002 at 09:44:57AM -0600, Drew Raines wrote: > Drew Raines <dr...@ph...>: > > > > > WHat version of Convert::ASN1 do you have installed ? > > > > 0.14 > > The package is 0.14, but > > /usr/local/libdata/perl5/site_perl/Convert/ASN1.pm The latest on CPAN and sourceforge is 0.15, so you might want to try that. But I don't think it will change anything. Graham. |
|
From: Graham B. <gb...@po...> - 2002-01-24 16:35:58
|
Clang!!!!
The start_tls extended operation is working, its that actual
changing the socket to SSL that is failing in this code
require Net::LDAPS;
$arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
IO::Socket::SSL::context_init( { Net::LDAPS::SSL_context_init_args($arg) } );
(IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 'IO::Socket::SSL', $sock)
? $mesg
: _error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $@);
Do you have the latest IO::Socket::SSL and Net::SSLeay packages ?
Graham.
On Thu, Jan 24, 2002 at 09:36:37AM -0600, Drew Raines wrote:
> Graham Barr <gb...@po...>:
> >
> > Can you do a debug=15 and send that, it may be a decoding problem.
>
> Net::LDAP=HASH(0x333a4c) sending:
>
> 30 1D 02 01 01 77 18 80 16 31 2E 33 2E 36 2E 31 0....w...1.3.6.1
> 2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 33 37 __ .4.1.1466.20037
>
> 0000 29: SEQUENCE {
> 0002 1: INTEGER = 1
> 0005 24: [APPLICATION 23] {
> 0007 22: [CONTEXT 0]
> 0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 1.3.6.1.4.1.1466
> 0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037
> 001F : }
> 001F : }
> Net::LDAP=HASH(0x333a4c) received:
>
> 30 0C 02 01 01 78 07 0A 01 00 04 00 04 00 __ __ 0....x........
>
> 0000 12: SEQUENCE {
> 0002 1: INTEGER = 1
> 0005 7: [APPLICATION 24] {
> 0007 1: ENUM = 0
> 000A 0: STRING = ''
> 000C 0: STRING = ''
> 000E : }
> 000E : }
>
> > WHat version of Convert::ASN1 do you have installed ?
>
> 0.14
>
> --
> Drew
>
|
|
From: Drew R. <dre...@ph...> - 2002-01-24 16:48:08
|
Graham Barr <gb...@po...>: > > The start_tls extended operation is working, its that actual > changing the socket to SSL that is failing in this code [...] Interesting. > Do you have the latest IO::Socket::SSL and Net::SSLeay packages ? The latest ones on my CPAN mirror. IO-Socket-SSL-0.80 Net_SSLeay.pm-1.12 -- Drew |
|
From: Chris R. <chr...@me...> - 2002-01-24 16:47:05
|
Drew Raines <dr...@ph...> wrote:
> Graham Barr <gb...@po...>:
>>
>> Can you do a debug=15 and send that, it may be a decoding problem.
>
> Net::LDAP=HASH(0x333a4c) sending:
>
> 30 1D 02 01 01 77 18 80 16 31 2E 33 2E 36 2E 31 0....w...1.3.6.1
> 2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 33 37 __ .4.1.1466.20037
>
> 0000 29: SEQUENCE {
> 0002 1: INTEGER = 1
> 0005 24: [APPLICATION 23] {
> 0007 22: [CONTEXT 0]
> 0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36
> 1.3.6.1.4.1.1466 0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __
> __ __ __ .20037 001F : }
> 001F : }
> Net::LDAP=HASH(0x333a4c) received:
>
> 30 0C 02 01 01 78 07 0A 01 00 04 00 04 00 __ __ 0....x........
>
> 0000 12: SEQUENCE {
> 0002 1: INTEGER = 1
> 0005 7: [APPLICATION 24] {
> 0007 1: ENUM = 0
> 000A 0: STRING = ''
> 000C 0: STRING = ''
> 000E : }
> 000E : }
>
>> WHat version of Convert::ASN1 do you have installed ?
>
> 0.14
>
> --
> Drew
>
Does the server you are using actually support startTLS? You will find some
servers support LDAPS but not startTLS, and some surprisingly recent
versions of some servers definitely do *not* support startTLS.
Cheers,
Chris
|
|
From: Drew R. <dre...@ph...> - 2002-01-24 16:50:50
|
Chris Ridd <chr...@me...>: > > Does the server you are using actually support startTLS? Pretty sure it does. I have a handful of Linux and Solaris machines who authenticate from it using pam_ldap and StartTLS. > You will find some servers support LDAPS but not startTLS, and some > surprisingly recent versions of some servers definitely do *not* > support startTLS. I'm using both on mine. They connect to port 636, but then also StartTLS once connected. -- Drew |
|
From: Chris R. <chr...@me...> - 2002-01-24 17:10:20
|
Drew Raines <dre...@ph...> wrote: > Chris Ridd <chr...@me...>: >> >> Does the server you are using actually support startTLS? > > Pretty sure it does. I have a handful of Linux and Solaris machines > who authenticate from it using pam_ldap and StartTLS. > >> You will find some servers support LDAPS but not startTLS, and some >> surprisingly recent versions of some servers definitely do *not* >> support startTLS. > > I'm using both on mine. They connect to port 636, but then also > StartTLS once connected. > > -- > Drew > Sounds like you're OK on that score then. It was worth checking though! Cheers, Chris |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X