[KLUG Members] debug ldap failure

Richard Harding members@kalamazoolinux.org
Mon, 15 Dec 2003 09:12:19 -0500
Previous message: [KLUG Members] debug ldap failure
Next message: [KLUG Members] debug ldap failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
After looking more carefully at things. The option for bindDN and 
password are there as optional in case you do not allow anon bind for 
looking at attributes. It is just as you say, once the search finds a 
record it should attempt to bind with that user and the supplied password.

I am finding that I am not getting the search results I expect however. 
For some reason if I just list out the database I can see the user and 
the attribute mail (that is being search on) is there and valid. However 
when I perform a specific search on that mail attibute it comes up 
empty. I even tried searching on the uid value and still get no results. 
Any idea as to why my searches are coming up empty?


host:ldapsearch -a never -b "dc=home,dc=ricksweb,dc=info" -h localhost -x

<---snip--->
# rharding, home.ricksweb.info
dn: uid=rharding,dc=home,dc=ricksweb,dc=info
givenName: Richard
mail: rharding
uid: rharding
sn: Harding
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: top
objectClass: posixAccount
objectClass: CourierMailAccount
uidNumber: 2001
gidNumber: 2001
homeDirectory: /home/courier/rharding
cn: Richard Harding
<---snip--->

This is the search that returns nothing:
host:ldapsearch -a never -b "dc=home,dc=ricksweb,dc=info" -h localhost 
-x mail=rharding

# extended LDIF
#
# LDAPv3
# base <dc=home,dc=ricksweb,dc=info> with scope sub
# filter: mail=rharding
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

Adam Williams wrote:

>>I feel like I am getting much closer. I found several mistakes I was 
>>making. First when trying out the search as various user I was using cn 
>>instead of uid. Second I found one place in my courier confif where the 
>>baseDN was set up as a .com instead of a .info like the ldap server.
>>Now I am still not getting it to authenticate, but there is a lot more 
>>in the debug output.
>>Does any of this look blantantly wrong here? There are some lines that 
>>have "failed" in the output of level 1, but I can't make sense if that 
>>is normal or not.
>>Here is the output at level 4
>>:slapd -d4
>>connection_get(12)
>>==> bdb_bind: dn: cn=admin,dc=home,dc=ricksweb,dc=info
>>send_ldap_result: err=0 matched="" text=""
>>connection_get(12)
>>deferring operation
>>SRCH "dc=home,dc=ricksweb,dc=info" 2 0    0 0 0
>>     filter: (mail=rharding)
>>     attrs: homeDirectory Maildir cn userPassword uidNumber mail
> 
> 
> Other than I'm deeply concerned that it is reading userPassword, this
> looks normal. (except I also wonder why a MTA needs uidNumber or home
> directory).  The security of this authentication module has got to be a
> complete farce;  clearly written by someone who has no clue what their
> doing.  I'd recommend just scrapping this and finding someother software
> package that exhibits even moderate competence of design.
> 
> Below looks normal.  I'd suspect the module is getting the requisite
> module, and just not working.  Does it support the password crpyt method
> your using?  (Wouldn't matter if it was using userPassword attribute
> correctly - this software is VERY broken).
> 
> 
>>and finally back at 1 again
>>bdb_db_open: dbenv_open(/var/lib/ldap)
>>slapd starting
>>ldap_pvt_gethostbyname_a: host=localhost, r=0
>>put_filter: "(objectclass=*)"
>>put_filter: simple
>>put_simple_filter: "objectclass=*"
>>ber_scanf fmt (m) ber:
>>connection_get(12): got connid=0
>>connection_read(12): checking for input on id=0
>>ber_get_next
>>ber_get_next: tag 0x30 len 55 contents:
>>do_bind
>>ber_get_next
>>ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
>>ber_scanf fmt ({imt) ber:
>>ber_scanf fmt (m}) ber:
>> >>> dnPrettyNormal: <cn=admin,dc=home,dc=ricksweb,dc=info>
>>=> ldap_bv2dn(cn=admin,dc=home,dc=ricksweb,dc=info,0)
>><= ldap_bv2dn(cn=admin,dc=home,dc=ricksweb,dc=info,0)=0
>>=> ldap_dn2bv(272)
>><= ldap_dn2bv(cn=admin,dc=home,dc=ricksweb,dc=info,272)=0
>>=> ldap_dn2bv(272)
>><= ldap_dn2bv(cn=admin,dc=home,dc=ricksweb,dc=info,272)=0
>><<< dnPrettyNormal: <cn=admin,dc=home,dc=ricksweb,dc=info>, 
>><cn=admin,dc=home,dc=ricksweb,dc=info>
>>do_bind: version=2 dn="cn=admin,dc=home,dc=ricksweb,dc=info" method=128
>>bdb_dn2entry_rw("cn=admin,dc=home,dc=ricksweb,dc=info")
>>=> bdb_dn2id_matched( "cn=admin,dc=home,dc=ricksweb,dc=info" )
>><= bdb_dn2id_matched: id=0x00000002: entry 
>>cn=admin,dc=home,dc=ricksweb,dc=info
>>entry_decode: "cn=admin,dc=home,dc=ricksweb,dc=info"
>><= entry_decode(cn=admin,dc=home,dc=ricksweb,dc=info)
>>=> string_expand: pattern:  cn=admin,dc=home,dc=ricksweb,dc=info
>>=> string_expand: expanded: cn=admin,dc=home,dc=ricksweb,dc=info
>>=> regex_matches: string:
>>=> regex_matches: rc: 1 no matches
>>====> bdb_cache_return_entry_r( 2 ): created (0)
>>do_bind: v2 bind: "cn=admin,dc=home,dc=ricksweb,dc=info" to 
>>"cn=admin,dc=home,dc=ricksweb,dc=info"
>>send_ldap_result: conn=0 op=0 p=2
>>send_ldap_response: msgid=1 tag=97 err=0
>>ber_flush: 14 bytes to sd 12
>>connection_get(12): got connid=0
>>connection_read(12): checking for input on id=0
>>ber_get_next
>>ber_get_next: tag 0x30 len 128 contents:
>>ber_get_next
>>ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
>>do_search
>>ber_scanf fmt ({miiiib) ber:
>> >>> dnPrettyNormal: <dc=home,dc=ricksweb,dc=info>
>>=> ldap_bv2dn(dc=home,dc=ricksweb,dc=info,0)
>><= ldap_bv2dn(dc=home,dc=ricksweb,dc=info,0)=0
>>=> ldap_dn2bv(272)
>><= ldap_dn2bv(dc=home,dc=ricksweb,dc=info,272)=0
>>=> ldap_dn2bv(272)
>><= ldap_dn2bv(dc=home,dc=ricksweb,dc=info,272)=0
>><<< dnPrettyNormal: <dc=home,dc=ricksweb,dc=info>, 
>><dc=home,dc=ricksweb,dc=info>
>>ber_scanf fmt ({mm}) ber:
>>ber_scanf fmt ({M}}) ber:
>>=> bdb_back_search
>>bdb_dn2entry_rw("dc=home,dc=ricksweb,dc=info")
>>=> bdb_dn2id_matched( "dc=home,dc=ricksweb,dc=info" )
>><= bdb_dn2id_matched: id=0x00000001: entry dc=home,dc=ricksweb,dc=info
>>entry_decode: "dc=home,dc=ricksweb,dc=info"
>><= entry_decode(dc=home,dc=ricksweb,dc=info)
>>search_candidates: base="dc=home,dc=ricksweb,dc=info" (0x00000001) scope=2
>>=> bdb_dn2idl( "dc=home,dc=ricksweb,dc=info" )
>>=> bdb_equality_candidates (objectClass)
>>=> key_read
>><= bdb_index_read: failed (-30991)
>><= bdb_equality_candidates: id=0, first=0, last=0
>>=> bdb_equality_candidates (mail)
>>=> key_read
>><= bdb_index_read: failed (-30991)
>><= bdb_equality_candidates: id=0, first=0, last=0
>>bdb_search_candidates: id=0 first=1 last=0
>>====> bdb_cache_return_entry_r( 1 ): created (0)
>>bdb_search: no candidates
>>send_search_result: err=0 matched="" text=""
>>send_ldap_response: msgid=2 tag=101 err=0
>>ber_flush: 14 bytes to sd 12
> 
> 
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>
Previous message: [KLUG Members] debug ldap failure
Next message: [KLUG Members] debug ldap failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]