Menu
▾
▴
perl-ldap-dev
|
From: Eamon D. <ea...@fa...> - 2000-07-06 22:14:23
|
A handful of our users are getting an LDAP_OPERATIONS_ERROR when they try to authenticate. I haven't seen anything close in the archives, and LDAP_OPERATIONS_ERROR is fairly vague, so I'm kinda stumped. A 'debug => 3' trace follows. The name and password is correct. Apache 1.3.12 Solaris 7 Net::LDAP 0.19 Apache::AuthNetLDAP 0.16 Thanks in advance! [Thu Jul 6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147, reason: user kpeterson: failed bind: 1 Net::LDAP=HASH(0x3fa2f8) sending: 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........ Net::LDAP=HASH(0x3fa2f8) received: 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........ Net::LDAP=HASH(0x3fa2f8) sending: 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c)......... 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid. 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn Net::LDAP=HASH(0x3fa2f8) received: 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0. Net::LDAP=HASH(0x3fa2f8) received: 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........ Net::LDAP=HASH(0x3fa2f8) sending: 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh Net::LDAP=HASH(0x3fa2f8) received: 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........ ________________________________________ Eamon Daly FastWeb, Inc. 847 568 6410 |
|
From: Mark W. <mew...@un...> - 2000-07-07 02:06:39
|
Hi, This could be a bug in my AuthNetLDAP module, probably with the opening or closing of the LDAP connection. I haven't even really used the module in production yet, so I don't know all of the bugs. Could you send a copy of the relevant Apache error log to ma...@mj... I'll be out of town for the next few days, but I'll try to take a look at it when I get back. Mark Eamon Daly wrote: > A handful of our users are getting an LDAP_OPERATIONS_ERROR > when they try to authenticate. I haven't seen anything close > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague, > so I'm kinda stumped. A 'debug => 3' trace follows. The name > and password is correct. > > Apache 1.3.12 > Solaris 7 > Net::LDAP 0.19 > Apache::AuthNetLDAP 0.16 > > Thanks in advance! > > [Thu Jul 6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147, > reason: user kpeterson: failed bind: 1 > Net::LDAP=HASH(0x3fa2f8) sending: > > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........ > > Net::LDAP=HASH(0x3fa2f8) received: > > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........ > > Net::LDAP=HASH(0x3fa2f8) sending: > > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c)......... > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid. > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn > > Net::LDAP=HASH(0x3fa2f8) received: > > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0. > > Net::LDAP=HASH(0x3fa2f8) received: > > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........ > > Net::LDAP=HASH(0x3fa2f8) sending: > > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh > > Net::LDAP=HASH(0x3fa2f8) received: > > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........ > > ________________________________________ > Eamon Daly > FastWeb, Inc. > 847 568 6410 |
|
From: Eamon D. <ea...@fa...> - 2000-07-07 02:26:17
|
I just turned on some extra logging on the Novell side of things. Perhaps this is of value to someone. Also, I forgot to mention the Perl version I'm using: 5.005_03 built for sun4-solaris. I've tried adding unbinds to places that returned "fail" values in AuthNetLDAP, but that didn't seem to help any. 7-6-2000 9:11:01 pm Accepting TCP connection 7-6-2000 9:11:01 pm Starting new monitor thread 7-6-2000 9:11:01 pm Monitor thread 0x151 started 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0 7-6-2000 9:11:01 pm new connection on 0xd427bcc0 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 7-6-2000 9:11:01 pm read activity on 0xd219a180 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 9:11:01 pm 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 7-6-2000 9:11:01 pm read activity on 0xd427bcc0 7-6-2000 9:11:01 pm do_bind 7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128 7-6-2000 9:11:01 pm accepting NULL bind 7-6-2000 9:11:01 pm send_ldap_result 0:: 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 9:11:01 pm 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 7-6-2000 9:11:01 pm read activity on 0xd427bcc0 7-6-2000 9:11:01 pm do_search 7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm sizelimit 0 timelimit 0 attrsonly 0 7-6-2000 9:11:01 pm begin get_filter 7-6-2000 9:11:01 pm EQUALITY 7-6-2000 9:11:01 pm filter: (uid=kpeterson) 7-6-2000 9:11:01 pm attrs:7-6-2000 9:11:01 pm dn7-6-2000 9:11:01 pm 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 9:11:01 pm 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1 7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context) 7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr (entry) 7-6-2000 9:11:01 pm <= acl_get: no match 7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry) 7-6-2000 9:11:01 pm send_ldap_result 0:: 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 7-6-2000 9:11:01 pm read activity on 0xd427bcc0 7-6-2000 9:11:01 pm do_bind 7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context) method 128 7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN (CN=kpeterson.O=fw_context) 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 9:11:01 pm 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1 7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context", err = -217 7-6-2000 9:11:04 pm send_ldap_result 1:: 7-6-2000 9:11:04 pm select activity in monitor thread 0x151 7-6-2000 9:11:04 pm read activity on 0xd427bcc0 7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1 7-6-2000 9:11:04 pm *** got 0 of 0 so far 7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt 0xd427bcc0 from opid -1 7-6-2000 9:11:04 pm called by "connection_activity" 7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread 0xd217d040 7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151 on:7-6-2000 9:11:04 pm 0xd219a180r7-6-2000 9:11:04 pm 7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0 7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151 7-6-2000 9:11:11 pm select activity in monitor thread 0x151 7-6-2000 9:11:11 pm Monitor thread 0x151 terminated ________________________________________ Eamon Daly FastWeb, Inc. 847 568 6410 ----- Original Message ----- From: "Mark Wilcox" <mew...@un...> To: "Eamon Daly" <ea...@fa...> Cc: <per...@li...> Sent: Thursday, July 06, 2000 9:01 PM Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP? : Hi, : This could be a bug in my AuthNetLDAP module, probably with the opening or : closing of the LDAP connection. I haven't even really used the module in : production yet, so I don't know all of the bugs. : : Could you send a copy of the relevant Apache error log to ma...@mj... : : I'll be out of town for the next few days, but I'll try to take a look at : it when I get back. : : Mark : : Eamon Daly wrote: : : > A handful of our users are getting an LDAP_OPERATIONS_ERROR : > when they try to authenticate. I haven't seen anything close : > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague, : > so I'm kinda stumped. A 'debug => 3' trace follows. The name : > and password is correct. : > : > Apache 1.3.12 : > Solaris 7 : > Net::LDAP 0.19 : > Apache::AuthNetLDAP 0.16 : > : > Thanks in advance! : > : > [Thu Jul 6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147, : > reason: user kpeterson: failed bind: 1 : > Net::LDAP=HASH(0x3fa2f8) sending: : > : > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........ : > : > Net::LDAP=HASH(0x3fa2f8) received: : > : > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........ : > : > Net::LDAP=HASH(0x3fa2f8) sending: : > : > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c)......... : > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid. : > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn : > : > Net::LDAP=HASH(0x3fa2f8) received: : > : > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet : > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte : > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0. : > : > Net::LDAP=HASH(0x3fa2f8) received: : > : > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........ : > : > Net::LDAP=HASH(0x3fa2f8) sending: : > : > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k : > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co : > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh : > : > Net::LDAP=HASH(0x3fa2f8) received: : > : > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........ : > : > ________________________________________ : > Eamon Daly : > FastWeb, Inc. : > 847 568 6410 : : |
|
From: Mark W. <mew...@un...> - 2000-07-07 02:49:21
|
NDS could be the problem (not to push it off on to the server, but Novell's LDAP stuff has taken a while to get straightened out). It would help if you could tell us what version you're using (I'm hoping that Jim Harle who use NDS LDAP might be able to shed some light ;). I've never used NDS LDAP so I can't say for sure. I thought that NDS wouldn't even authenticate unless you connected to it via SSL. One of the changes I plan to add in is to allow you to use compare instead of bind, that might solve this problem. BTW If you want to talk about the Apache modules at the OSS conference, I'd be happy to talk about them. Mark Eamon Daly wrote: > I just turned on some extra logging on the Novell side of things. > Perhaps this is of value to someone. Also, I forgot to mention the > Perl version I'm using: 5.005_03 built for sun4-solaris. > > I've tried adding unbinds to places that returned "fail" values in > AuthNetLDAP, but that didn't seem to help any. > > 7-6-2000 9:11:01 pm Accepting TCP connection > 7-6-2000 9:11:01 pm Starting new monitor thread > 7-6-2000 9:11:01 pm Monitor thread 0x151 started > 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 > on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm > 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0 > 7-6-2000 9:11:01 pm new connection on 0xd427bcc0 > 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 > 7-6-2000 9:11:01 pm read activity on 0xd219a180 > 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 > on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 > 9:11:01 pm > 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0 > 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 > 7-6-2000 9:11:01 pm read activity on 0xd427bcc0 > 7-6-2000 9:11:01 pm do_bind > 7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128 > 7-6-2000 9:11:01 pm accepting NULL bind > 7-6-2000 9:11:01 pm send_ldap_result 0:: > 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 > on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 > 9:11:01 pm > 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0 > 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 > 7-6-2000 9:11:01 pm read activity on 0xd427bcc0 > 7-6-2000 9:11:01 pm do_search > 7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm > sizelimit 0 timelimit 0 attrsonly 0 > 7-6-2000 9:11:01 pm begin get_filter > 7-6-2000 9:11:01 pm EQUALITY > 7-6-2000 9:11:01 pm filter: (uid=kpeterson) > 7-6-2000 9:11:01 pm attrs:7-6-2000 9:11:01 pm dn7-6-2000 9:11:01 pm > 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 > on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 > 9:11:01 pm > 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1 > 7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context) > 7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr > (entry) > 7-6-2000 9:11:01 pm <= acl_get: no match > 7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry) > 7-6-2000 9:11:01 pm send_ldap_result 0:: > 7-6-2000 9:11:01 pm select activity in monitor thread 0x151 > 7-6-2000 9:11:01 pm read activity on 0xd427bcc0 > 7-6-2000 9:11:01 pm do_bind > 7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context) > method 128 > 7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN > (CN=kpeterson.O=fw_context) > 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151 > on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000 > 9:11:01 pm > 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1 > 7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context", > err = -217 > 7-6-2000 9:11:04 pm send_ldap_result 1:: > 7-6-2000 9:11:04 pm select activity in monitor thread 0x151 > 7-6-2000 9:11:04 pm read activity on 0xd427bcc0 > 7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1 > 7-6-2000 9:11:04 pm *** got 0 of 0 so far > 7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt > 0xd427bcc0 from opid -1 > 7-6-2000 9:11:04 pm called by "connection_activity" > 7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread > 0xd217d040 > 7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151 > on:7-6-2000 9:11:04 pm 0xd219a180r7-6-2000 9:11:04 pm > 7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0 > 7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151 > 7-6-2000 9:11:11 pm select activity in monitor thread 0x151 > 7-6-2000 9:11:11 pm Monitor thread 0x151 terminated > > ________________________________________ > Eamon Daly > FastWeb, Inc. > 847 568 6410 > > ----- Original Message ----- > From: "Mark Wilcox" <mew...@un...> > To: "Eamon Daly" <ea...@fa...> > Cc: <per...@li...> > Sent: Thursday, July 06, 2000 9:01 PM > Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP? > > : Hi, > : This could be a bug in my AuthNetLDAP module, probably with the opening or > : closing of the LDAP connection. I haven't even really used the module in > : production yet, so I don't know all of the bugs. > : > : Could you send a copy of the relevant Apache error log to > ma...@mj... > : > : I'll be out of town for the next few days, but I'll try to take a look at > : it when I get back. > : > : Mark > : > : Eamon Daly wrote: > : > : > A handful of our users are getting an LDAP_OPERATIONS_ERROR > : > when they try to authenticate. I haven't seen anything close > : > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague, > : > so I'm kinda stumped. A 'debug => 3' trace follows. The name > : > and password is correct. > : > > : > Apache 1.3.12 > : > Solaris 7 > : > Net::LDAP 0.19 > : > Apache::AuthNetLDAP 0.16 > : > > : > Thanks in advance! > : > > : > [Thu Jul 6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147, > : > reason: user kpeterson: failed bind: 1 > : > Net::LDAP=HASH(0x3fa2f8) sending: > : > > : > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........ > : > > : > Net::LDAP=HASH(0x3fa2f8) received: > : > > : > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........ > : > > : > Net::LDAP=HASH(0x3fa2f8) sending: > : > > : > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c)......... > : > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid. > : > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn > : > > : > Net::LDAP=HASH(0x3fa2f8) received: > : > > : > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet > : > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte > : > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0. > : > > : > Net::LDAP=HASH(0x3fa2f8) received: > : > > : > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........ > : > > : > Net::LDAP=HASH(0x3fa2f8) sending: > : > > : > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k > : > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co > : > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh > : > > : > Net::LDAP=HASH(0x3fa2f8) received: > : > > : > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........ > : > > : > ________________________________________ > : > Eamon Daly > : > FastWeb, Inc. > : > 847 568 6410 > : > : |
|
From: David B. <d.b...@ma...> - 2000-07-07 05:23:06
|
NDS has the option of turning on/off clear password or SSL connections as
part of the LDAP configuration. I'm using clear text at the moment, cause
I haven't figured out how to get SSL working with NET::LDAP. ...anyone
got a "NET::LDAP SSL For DUMMIES"?
David.
At 09:44 PM 7/6/00 -0500, Mark Wilcox wrote:
>NDS could be the problem (not to push it off on to the server, but
Novell's LDAP
>stuff has taken a while to get straightened out). It would help if you could
>tell us what version you're using (I'm hoping that Jim Harle who use NDS LDAP
>might be able to shed some light ;).
>
>I've never used NDS LDAP so I can't say for sure. I thought that NDS wouldn't
>even authenticate unless you connected to it via SSL.
>
>One of the changes I plan to add in is to allow you to use compare instead of
>bind, that might solve this problem.
>
>BTW If you want to talk about the Apache modules at the OSS conference,
I'd be
>happy to talk about them.
>
>Mark
>
>
>
>
>
>
>Eamon Daly wrote:
>
>> I just turned on some extra logging on the Novell side of things.
>> Perhaps this is of value to someone. Also, I forgot to mention the
>> Perl version I'm using: 5.005_03 built for sun4-solaris.
>>
>> I've tried adding unbinds to places that returned "fail" values in
>> AuthNetLDAP, but that didn't seem to help any.
>>
>> 7-6-2000 9:11:01 pm Accepting TCP connection
>> 7-6-2000 9:11:01 pm Starting new monitor thread
>> 7-6-2000 9:11:01 pm Monitor thread 0x151 started
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm new connection on 0xd427bcc0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd219a180
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_bind
>> 7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128
>> 7-6-2000 9:11:01 pm accepting NULL bind
>> 7-6-2000 9:11:01 pm send_ldap_result 0::
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_search
>> 7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm
>> sizelimit 0 timelimit 0 attrsonly 0
>> 7-6-2000 9:11:01 pm begin get_filter
>> 7-6-2000 9:11:01 pm EQUALITY
>> 7-6-2000 9:11:01 pm filter: (uid=kpeterson)
>> 7-6-2000 9:11:01 pm attrs:7-6-2000 9:11:01 pm dn7-6-2000 9:11:01 pm
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
>> 7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context)
>> 7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr
>> (entry)
>> 7-6-2000 9:11:01 pm <= acl_get: no match
>> 7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry)
>> 7-6-2000 9:11:01 pm send_ldap_result 0::
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_bind
>> 7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context)
>> method 128
>> 7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN
>> (CN=kpeterson.O=fw_context)
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
>> 7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context",
>> err = -217
>> 7-6-2000 9:11:04 pm send_ldap_result 1::
>> 7-6-2000 9:11:04 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:04 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1
>> 7-6-2000 9:11:04 pm *** got 0 of 0 so far
>> 7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt
>> 0xd427bcc0 from opid -1
>> 7-6-2000 9:11:04 pm called by "connection_activity"
>> 7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread
>> 0xd217d040
>> 7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:04 pm 0xd219a180r7-6-2000 9:11:04 pm
>> 7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151
>> 7-6-2000 9:11:11 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:11 pm Monitor thread 0x151 terminated
>>
>> ________________________________________
>> Eamon Daly
>> FastWeb, Inc.
>> 847 568 6410
>>
>> ----- Original Message -----
>> From: "Mark Wilcox" <mew...@un...>
>> To: "Eamon Daly" <ea...@fa...>
>> Cc: <per...@li...>
>> Sent: Thursday, July 06, 2000 9:01 PM
>> Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?
>>
>> : Hi,
>> : This could be a bug in my AuthNetLDAP module, probably with the
opening or
>> : closing of the LDAP connection. I haven't even really used the module in
>> : production yet, so I don't know all of the bugs.
>> :
>> : Could you send a copy of the relevant Apache error log to
>> ma...@mj...
>> :
>> : I'll be out of town for the next few days, but I'll try to take a look at
>> : it when I get back.
>> :
>> : Mark
>> :
>> : Eamon Daly wrote:
>> :
>> : > A handful of our users are getting an LDAP_OPERATIONS_ERROR
>> : > when they try to authenticate. I haven't seen anything close
>> : > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
>> : > so I'm kinda stumped. A 'debug => 3' trace follows. The name
>> : > and password is correct.
>> : >
>> : > Apache 1.3.12
>> : > Solaris 7
>> : > Net::LDAP 0.19
>> : > Apache::AuthNetLDAP 0.16
>> : >
>> : > Thanks in advance!
>> : >
>> : > [Thu Jul 6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
>> : > reason: user kpeterson: failed bind: 1
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
>> : > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
>> : > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
>> : > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
>> : > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
>> : > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
>> : > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
>> : >
>> : > ________________________________________
>> : > Eamon Daly
>> : > FastWeb, Inc.
>> : > 847 568 6410
>> :
>> :
>
>
>
>
--------------------------------------------------------------------
David Bussenschutt Email: D.B...@ma...
Senior Computing Support Officer & Systems Administrator/Programmer
Location: Griffith University. Information Technology Services
Brisbane Qld. Aust. (TEN bldg. rm 1.33) Ph:(07)38757079
--------------------------------------------------------------------
|
|
From: Chris R. <Chr...@me...> - 2000-07-07 07:53:39
|
On Fri, 07 Jul 2000 15:17:34 +1000, David Bussenschutt wrote: > NDS has the option of turning on/off clear password or SSL connections as > part of the LDAP configuration. I'm using clear text at the moment, cause > I haven't figured out how to get SSL working with NET::LDAP. ...anyone > got a "NET::LDAP SSL For DUMMIES"? > > David. You'll be wanting the Net::LDAPS module then, which will be in the next release of perl-ldap. :-) Does NDS support startTLS over LDAPv3? Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2000-07-07 08:05:36
|
On Fri, Jul 07, 2000 at 08:48:13AM +0100, Chris Ridd wrote: > On Fri, 07 Jul 2000 15:17:34 +1000, David Bussenschutt wrote: > > NDS has the option of turning on/off clear password or SSL connections as > > part of the LDAP configuration. I'm using clear text at the moment, cause > > I haven't figured out how to get SSL working with NET::LDAP. ...anyone > > got a "NET::LDAP SSL For DUMMIES"? > > > > David. > > You'll be wanting the Net::LDAPS module then, which will be in the next > release of perl-ldap. :-) And it is also in the CVS repository now, at http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/~checkout~/ldap/lib/Net/LDAPS.pm?rev=1.1&cvsroot=perl-ldap Graham. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X