[Date Prev][Date Next] [Chronological] [Thread] [Top]

"allow bind_v2" but "requested protocol version not allowed"

Hi all,

I am working on a project to port openldap to a embedded system. (Not
really that embedded. It is x86 based and running a heavily modified
version of rh 7.2 and 2.4.18 kernel.)

Now I'm encountering a problem that I compiled openldap-2.1.22 on a
regular rh 7.2 box, stripped all libraries, tested it, and it works well
with the following configuration:

env CPPFLAGS=-I/usr/local/BerkeleyDB.4.1/include \
    LDFLAGS=-L/usr/local/BerkeleyDB.4.1/lib \
./configure \
    --prefix=$INSTALL \
    --enable-debug \
    --disable-syslog \
    --enable-dynamic \
    --disable-ipv6 \
    --without-cyrus-sasl \
    --without-kerberos \
    --without-threads \
    --without-tls \
    --enable-slapd \
    --enable-bdb \
    --disable-slurpd

and of course with the "allow bind_v2" in slapd.conf.

Then I put all the related libs (because I "enable-dynamic" to save
space) and other executables including slapd into our embedded system,
it works, but with the following strange error:

bash-2.05# ldapsearch -P 2 -x
ldap_bind: Protocol error (2)
        additional info: requested protocol version not allowed

while the same command runs correctly on our regular 7.2 box.

slapd -d 1 shows these:

connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=2 dn="" method=128
send_ldap_result: conn=0 op=0 p=2
send_ldap_response: msgid=1 tag=97 err=2
ber_flush: 52 bytes to sd 9
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: conn=0 sd=9

So I traced bind.c, and get the following code:

} else if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
	version < LDAP_VERSION3 )
{
	send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
		NULL, "requested protocol version not allowed", NULL, NULL );
	goto cleanup;
}

I think (!( global_allows & SLAP_ALLOW_BIND_V2 )) is true while it
should not.

Any ideas would be must appreciated. Thanks in advance.

I'll report any progress about this issue.


Regards,
John Lee