Full_Name: Andrew Findlay
Version: HEAD 23 Sept 2002
OS: Linux
URL:
Submission from: (NULL) (217.206.98.194)
When a modification request is submitted to a slave server, the server returns a
referral pointing to the master server. If referral chasing is on (e.g. -C flag
on ldapmodify, setting LDAP_OPT_REFERRALS on) then the client library will
connect to the master server and re-try the operation.
If the operation requires authentication (as all modify operations tend to) then
there is a problem, as the client library binds to the master server as NULLDN.
It does not re-use the authentication data that it used when making the initial
connection to the slave server.
I append a client trace using master and slave servers both running on the local
machine. It looks to me as if ldap_chase_v3referrals should be calling
ldap_bind_s or similar rather than going in at a low level with
ldap_send_server_request, though I cannot immediately see where it should get
hold of the authentication credentials.
Andrew
----------------------------------------------------------------------------------
ldapmodify -H ldap://localhost:2389/ -d 1 -d 8 -C -r -c -x -D
cn=DSAmgr,dc=example,dc=org -W -f franco.ldif
ldap_create
ldap_url_parse_ext(ldap://localhost:2389/)
Enter LDAP Password:
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:2389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 127.0.0.1:2389
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_ndelay_on: 4
ldap_is_sock_ready: 4
ldap_ndelay_off: 4
ldap_int_sasl_open: host=brick.skills-1st.co.uk
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 47 bytes to sd 4
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost port: 2389 (default)
refcnt: 2 status: Connected
last used: Mon Sep 23 12:16:28 2002
** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({iaa}) ber:
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
modifying entry "cn=Robert Franco+uid=u000182,dc=example,dc=org"
ldap_modify_ext
ldap_send_initial_request
ldap_send_server_request
ber_flush: 307 bytes to sd 4
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: localhost port: 2389 (default)
refcnt: 2 status: Connected
last used: Mon Sep 23 12:16:28 2002
** Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 2, all 1
ber_get_next
ber_get_next: tag 0x30 len 86 contents:
ldap_read: message type modify msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({v}) ber:
ldap_chase_v3referrals
ldap_url_parse_ext(ldap://localhost:3389/cn=Robert%20Franco+uid=u000182,dc=example,dc=org)
re_encode_request: new msgid 3, new dn <cn=Robert
Franco+uid=u000182,dc=example,dc=org>
ber_scanf fmt ({it) ber:
ber_scanf fmt ({a) ber:
ldap_chase_v3referral: msgid 2, url
"ldap://localhost:3389/cn=Robert%20Franco+uid=u000182,dc=example,dc=org";
ldap_send_server_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:3389
ldap_new_socket: 5
ldap_prepare_socket: 5
ldap_connect_to_host: Trying 127.0.0.1:3389
ldap_connect_timeout: fd: 5 tm: -1 async: 0
ldap_ndelay_on: 5
ldap_is_sock_ready: 5
ldap_ndelay_off: 5
ldap_int_sasl_open: host=brick.skills-1st.co.uk
anonymous rebind via ldap_bind_s
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 14 bytes to sd 5
ldap_result msgid 4
ldap_chkResponseList for msgid=4, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 4
wait4msg continue, msgid 4, all 1
** Connections:
* host: localhost port: 3389
refcnt: 2 status: Connected
last used: Mon Sep 23 12:16:28 2002
rebind in progress
queue is empty
* host: localhost port: 2389 (default)
refcnt: 2 status: Connected
last used: Mon Sep 23 12:16:28 2002
** Outstanding Requests:
* msgid 4, origid 4, status InProgress
outstanding referrals 0, parent count 0
* msgid 2, origid 2, status InProgress
outstanding referrals 1, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=4, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 4, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 4, original id 4
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({iaa}) ber:
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 4
request 4 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ber_flush: 307 bytes to sd 5
read1msg: referral chased, mark request completed, id = 2
read1msg: 1 new referrals
wait4msg continue, msgid 2, all 1
** Connections:
* host: localhost port: 3389
refcnt: 1 status: Connected
last used: Mon Sep 23 12:16:28 2002
* host: localhost port: 2389 (default)
refcnt: 2 status: Connected
last used: Mon Sep 23 12:16:28 2002
** Outstanding Requests:
* msgid 3, origid 2, status InProgress
outstanding referrals 0, parent count 1
* msgid 2, origid 2, status Request Completed
outstanding referrals 1, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 2, all 1
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
ldap_read: message type modify msgid 3, original id 2
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({iaa}) ber:
ldap_chase_referrals
read1msg: V2 referral chased, mark request completed, id = 3
new result: res_errno: 8, res_error: <modifications require authentication>,
res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 3
merged parent (id 2) error info: result errno 8, error <modifications require
authentication>, matched <>
request 2 done
res_errno: 8, res_error: <modifications require authentication>, res_matched:
<>
ldap_free_request (origid 2, msgid 2)
ldap_free_request (origid 2, msgid 3)
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 5
ldap_free_connection: actually freed
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldapmodify: update failed: cn=Robert Franco+uid=u000182,dc=example,dc=org
ldap_perror
ldap_modify: Strong(er) authentication required (8)
additional info: modifications require authentication
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 4
ldap_free_connection: actually freed