[KLUG Members] debug ldap failure

Adam Williams members@kalamazoolinux.org
Mon, 15 Dec 2003 07:05:57 -0500
Previous message: [KLUG Members] debug ldap failure
Next message: [KLUG Members] debug ldap failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I feel like I am getting much closer. I found several mistakes I was 
> making. First when trying out the search as various user I was using cn 
> instead of uid. Second I found one place in my courier confif where the 
> baseDN was set up as a .com instead of a .info like the ldap server.
> Now I am still not getting it to authenticate, but there is a lot more 
> in the debug output.
> Does any of this look blantantly wrong here? There are some lines that 
> have "failed" in the output of level 1, but I can't make sense if that 
> is normal or not.
> Here is the output at level 4
> :slapd -d4
> connection_get(12)
> ==> bdb_bind: dn: cn=admin,dc=home,dc=ricksweb,dc=info
> send_ldap_result: err=0 matched="" text=""
> connection_get(12)
> deferring operation
> SRCH "dc=home,dc=ricksweb,dc=info" 2 0    0 0 0
>      filter: (mail=rharding)
>      attrs: homeDirectory Maildir cn userPassword uidNumber mail

Other than I'm deeply concerned that it is reading userPassword, this
looks normal. (except I also wonder why a MTA needs uidNumber or home
directory).  The security of this authentication module has got to be a
complete farce;  clearly written by someone who has no clue what their
doing.  I'd recommend just scrapping this and finding someother software
package that exhibits even moderate competence of design.

Below looks normal.  I'd suspect the module is getting the requisite
module, and just not working.  Does it support the password crpyt method
your using?  (Wouldn't matter if it was using userPassword attribute
correctly - this software is VERY broken).

> and finally back at 1 again
> bdb_db_open: dbenv_open(/var/lib/ldap)
> slapd starting
> ldap_pvt_gethostbyname_a: host=localhost, r=0
> put_filter: "(objectclass=*)"
> put_filter: simple
> put_simple_filter: "objectclass=*"
> ber_scanf fmt (m) ber:
> connection_get(12): got connid=0
> connection_read(12): checking for input on id=0
> ber_get_next
> ber_get_next: tag 0x30 len 55 contents:
> do_bind
> ber_get_next
> ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
> ber_scanf fmt ({imt) ber:
> ber_scanf fmt (m}) ber:
>  >>> dnPrettyNormal: <cn=admin,dc=home,dc=ricksweb,dc=info>
> => ldap_bv2dn(cn=admin,dc=home,dc=ricksweb,dc=info,0)
> <= ldap_bv2dn(cn=admin,dc=home,dc=ricksweb,dc=info,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=admin,dc=home,dc=ricksweb,dc=info,272)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=admin,dc=home,dc=ricksweb,dc=info,272)=0
> <<< dnPrettyNormal: <cn=admin,dc=home,dc=ricksweb,dc=info>, 
> <cn=admin,dc=home,dc=ricksweb,dc=info>
> do_bind: version=2 dn="cn=admin,dc=home,dc=ricksweb,dc=info" method=128
> bdb_dn2entry_rw("cn=admin,dc=home,dc=ricksweb,dc=info")
> => bdb_dn2id_matched( "cn=admin,dc=home,dc=ricksweb,dc=info" )
> <= bdb_dn2id_matched: id=0x00000002: entry 
> cn=admin,dc=home,dc=ricksweb,dc=info
> entry_decode: "cn=admin,dc=home,dc=ricksweb,dc=info"
> <= entry_decode(cn=admin,dc=home,dc=ricksweb,dc=info)
> => string_expand: pattern:  cn=admin,dc=home,dc=ricksweb,dc=info
> => string_expand: expanded: cn=admin,dc=home,dc=ricksweb,dc=info
> => regex_matches: string:
> => regex_matches: rc: 1 no matches
> ====> bdb_cache_return_entry_r( 2 ): created (0)
> do_bind: v2 bind: "cn=admin,dc=home,dc=ricksweb,dc=info" to 
> "cn=admin,dc=home,dc=ricksweb,dc=info"
> send_ldap_result: conn=0 op=0 p=2
> send_ldap_response: msgid=1 tag=97 err=0
> ber_flush: 14 bytes to sd 12
> connection_get(12): got connid=0
> connection_read(12): checking for input on id=0
> ber_get_next
> ber_get_next: tag 0x30 len 128 contents:
> ber_get_next
> ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
> do_search
> ber_scanf fmt ({miiiib) ber:
>  >>> dnPrettyNormal: <dc=home,dc=ricksweb,dc=info>
> => ldap_bv2dn(dc=home,dc=ricksweb,dc=info,0)
> <= ldap_bv2dn(dc=home,dc=ricksweb,dc=info,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(dc=home,dc=ricksweb,dc=info,272)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(dc=home,dc=ricksweb,dc=info,272)=0
> <<< dnPrettyNormal: <dc=home,dc=ricksweb,dc=info>, 
> <dc=home,dc=ricksweb,dc=info>
> ber_scanf fmt ({mm}) ber:
> ber_scanf fmt ({M}}) ber:
> => bdb_back_search
> bdb_dn2entry_rw("dc=home,dc=ricksweb,dc=info")
> => bdb_dn2id_matched( "dc=home,dc=ricksweb,dc=info" )
> <= bdb_dn2id_matched: id=0x00000001: entry dc=home,dc=ricksweb,dc=info
> entry_decode: "dc=home,dc=ricksweb,dc=info"
> <= entry_decode(dc=home,dc=ricksweb,dc=info)
> search_candidates: base="dc=home,dc=ricksweb,dc=info" (0x00000001) scope=2
> => bdb_dn2idl( "dc=home,dc=ricksweb,dc=info" )
> => bdb_equality_candidates (objectClass)
> => key_read
> <= bdb_index_read: failed (-30991)
> <= bdb_equality_candidates: id=0, first=0, last=0
> => bdb_equality_candidates (mail)
> => key_read
> <= bdb_index_read: failed (-30991)
> <= bdb_equality_candidates: id=0, first=0, last=0
> bdb_search_candidates: id=0 first=1 last=0
> ====> bdb_cache_return_entry_r( 1 ): created (0)
> bdb_search: no candidates
> send_search_result: err=0 matched="" text=""
> send_ldap_response: msgid=2 tag=101 err=0
> ber_flush: 14 bytes to sd 12
Previous message: [KLUG Members] debug ldap failure
Next message: [KLUG Members] debug ldap failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]