[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4144) Strange problem in client libs with SSL connect



This is a multi-part message in MIME format.
--------------020207070106030606090906
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I'd like to add more details with an anonymized log file. Sorry, it is a
munge of web2ldap, python-ldap and OpenLDAP log messages. I was in a
hurry when taking this. It's not my LDAP server.

The really strange thing is: I would expect the SSL connection to fail
or to work. But I would not expect something to fail and work after
another error happened.

Note that all necessary CA certs were in place. With wrong configuration
other debug messages indicated the parameters for CA path/file locations
are correctly passed to OpenLDAP libs.

Here's my observation which you can hopefully follow in the logs:

1. The application trys to connect to ldaps://directory.example.com. It
fails. It seems failure is at TCP level although the server is perfectly
reachable. I can't see why this fails. This is already strange.

2. The application trys to connect to ldaps://ldap.example.com which
fails since the CN attribute of the subject name in the server cert
contains directory.example.com.

3. The application trys to connect to ldaps://directory.example.com. Now
this works! This is strange! Why?

Notes:
1. openssl s_client perfectly works.
2. ldapsearch of RE23 fails when connecting ldaps://directory.example.com.
3. ldapsearch of 2.2.27 works when connecting ldaps://directory.example.com.

Ciao, Michael.


--------------020207070106030606090906
Content-Type: text/plain;
 name="openldap-its-4144.log"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline;
 filename="openldap-its-4144.log"

2005-11-04 10:55:32 Started multi-threaded web server on localhost:1760 w=
ith SSL disabled
Accepted IP address ranges: 127.0.0.0/255.0.0.0,172.16.15.0/255.255.255.0=
Read MIME-type mapping from file /etc/mime.types.

Point your favourite browser to

http://localhost:1760/web2ldap

to access the web application.
127.0.0.1 - - [04/Nov/2005 10:55:37] "GET /web2ldap?ldaps://directory.exa=
mple.com HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:=
1.7.12) Gecko/20050920"
ldap_create
ldap_url_parse_ext(ldaps://directory.example.com)
*** ldaps://directory.example.com - LDAPObject.set_option ((17, 3),{})
*** ldaps://directory.example.com - LDAPObject.set_option ((20485, 110),{=
})
*** ldaps://directory.example.com - LDAPObject.set_option ((17, 3),{})
*** ldaps://directory.example.com - LDAPObject.simple_bind (('', '', None=
, None),{})
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP directory.example.com:636
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 53.113.82.59:636
ldap_connect_timeout: fd: 6 tm: 110 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_err2string
=3D> LDAPError - SERVER_DOWN: {'desc': "Can't contact LDAP server"}
*** ldaps://directory.example.com - LDAPObject.unbind_ext (([], None),{})=

127.0.0.1 - - [04/Nov/2005 10:55:39] "GET /web2ldap HTTP/1.1" 200 - "-" "=
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920"
127.0.0.1 - - [04/Nov/2005 10:55:41] "GET /web2ldap?ldaps://ldap.example.=
com HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.1=
2) Gecko/20050920"
ldap_create
ldap_url_parse_ext(ldaps://ldap.example.com)
*** ldaps://ldap.example.com - LDAPObject.set_option ((17, 3),{})
*** ldaps://ldap.example.com - LDAPObject.set_option ((20485, 110),{})
*** ldaps://ldap.example.com - LDAPObject.set_option ((17, 3),{})
*** ldaps://ldap.example.com - LDAPObject.simple_bind (('', '', None, Non=
e),{})
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.example.com:636
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 53.113.82.59:636
ldap_connect_timeout: fd: 6 tm: 110 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 2, err: 0, subject: /C=3DUS/O=3DGTE =
Corporation/OU=3DGTE CyberTrust Solutions, Inc./CN=3DGTE CyberTrust Globa=
l Root, issuer: /C=3DUS/O=3DGTE Corporation/OU=3DGTE CyberTrust Solutions=
, Inc./CN=3DGTE CyberTrust Global Root
TLS certificate verification: depth: 1, err: 0, subject: /C=3DDE/O=3DXXX/=
OU=3DYYY/CN=3DZZZ CA 4, issuer: /C=3DUS/O=3DGTE Corporation/OU=3DGTE Cybe=
rTrust Solutions, Inc./CN=3DGTE CyberTrust Global Root
TLS certificate verification: depth: 0, err: 0, subject: /O=3DXXXX/OU=3DY=
YYY/L=3DLLL/ST=3DAAA/C=3DDE/CN=3Ddirectory.example.com, issuer: /C=3DDE/O=
=3DXXX/OU=3DYYY/CN=3DZZZ CA 4
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
TLS: hostname (ldap.example.com) does not match common name in certificat=
e (directory.example.com).
ldap_err2string
=3D> LDAPError - SERVER_DOWN: {'info': 'TLS: hostname does not match CN i=
n peer certificate', 'desc': "Can't contact LDAP server"}
*** ldaps://ldap.example.com - LDAPObject.unbind_ext (([], None),{})
TLS trace: SSL3 alert write:warning:close notify
127.0.0.1 - - [04/Nov/2005 10:55:44] "GET /web2ldap HTTP/1.1" 200 - "-" "=
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920"
127.0.0.1 - - [04/Nov/2005 10:55:46] "GET /web2ldap?ldaps://directory.exa=
mple.com HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:=
1.7.12) Gecko/20050920"
ldap_create
ldap_url_parse_ext(ldaps://directory.example.com)
*** ldaps://directory.example.com - LDAPObject.set_option ((17, 3),{})
*** ldaps://directory.example.com - LDAPObject.set_option ((20485, 110),{=
})
*** ldaps://directory.example.com - LDAPObject.set_option ((17, 3),{})
*** ldaps://directory.example.com - LDAPObject.simple_bind (('', '', None=
, None),{})
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP directory.example.com:636
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 53.113.82.59:636
ldap_connect_timeout: fd: 6 tm: 110 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 2, err: 0, subject: /C=3DUS/O=3DGTE =
Corporation/OU=3DGTE CyberTrust Solutions, Inc./CN=3DGTE CyberTrust Globa=
l Root, issuer: /C=3DUS/O=3DGTE Corporation/OU=3DGTE CyberTrust Solutions=
, Inc./CN=3DGTE CyberTrust Global Root
TLS certificate verification: depth: 1, err: 0, subject: /C=3DDE/O=3DXXX/=
OU=3DYYY/CN=3DZZZ CA 4, issuer: /C=3DUS/O=3DGTE Corporation/OU=3DGTE Cybe=
rTrust Solutions, Inc./CN=3DGTE CyberTrust Global Root
TLS certificate verification: depth: 0, err: 0, subject: /O=3DXXXX/OU=3DY=
YYY/L=3DLLL/ST=3DAAA/C=3DDE/CN=3Ddirectory.example.com, issuer: /C=3DDE/O=
=3DXXX/OU=3DYYY/CN=3DZZZ CA 4
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
ldap_send_server_request
=3D> result: 1
*** ldaps://directory.example.com - LDAPObject.result3 ((1, 1, -1),{})
ldap_result ld 0x8309970 msgid 1
ldap_chkResponseList ld 0x8309970 msgid 1 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
wait4msg ld 0x8309970 msgid 1 (infinite timeout)
wait4msg continue ld 0x8309970 msgid 1 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
   Empty
ldap_chkResponseList ld 0x8309970 msgid 1 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 1 all 1
read1msg: ld 0x8309970 msgid 1 message type bind
read1msg: ld 0x8309970 0 new referrals
read1msg:  mark request completed, ld 0x8309970 msgid 1
request done: ld 0x8309970 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ldap_msgfree
=3D> result: (97, [], 1, [])
*** ldaps://directory.example.com - LDAPObject.set_option ((9, 0),{})
*** ldaps://directory.example.com - LDAPObject.set_option ((2, 0),{})
*** ldaps://directory.example.com - LDAPObject.set_option ((8, 0),{})
*** ldaps://directory.example.com - LDAPObject.search_ext (('', 0, '(obje=
ctClass=3D*)', ['altServer', 'namingContexts', 'ogSupportedProfile', 'sub=
schemaSubentry', 'supportedControl', 'supportedFeatures', 'supportedLDAPV=
ersion', 'supportedSASLMechanisms', 'vendorName', 'vendorVersion', 'confi=
gContext', 'monitorContext', 'configurationNamingContext', 'defaultNaming=
Context', 'defaultRnrDN', 'dnsHostName', 'schemaNamingContext', 'supporte=
dCapabilities', 'supportedLDAPPolicies', 'ibm-configurationnamingcontext'=
, 'objectClass'], 0, [], None, 110, 0),{})
ldap_search_ext
put_filter: "(objectClass=3D*)"
put_filter: simple
put_simple_filter: "objectClass=3D*"
ldap_send_initial_request
ldap_send_server_request
=3D> result: 2
*** ldaps://directory.example.com - LDAPObject.result3 ((2, 1, 110),{})
ldap_result ld 0x8309970 msgid 2
ldap_chkResponseList ld 0x8309970 msgid 2 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
wait4msg ld 0x8309970 msgid 2 (timeout 110000000 usec)
wait4msg continue ld 0x8309970 msgid 2 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
   Empty
ldap_chkResponseList ld 0x8309970 msgid 2 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 2 all 1
read1msg: ld 0x8309970 msgid 2 message type search-entry
wait4msg ld 0x8309970 110 secs to go
wait4msg continue ld 0x8309970 msgid 2 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
 * msgid 2,  type 100
ldap_chkResponseList ld 0x8309970 msgid 2 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 2 all 1
read1msg: ld 0x8309970 msgid 2 message type search-result
read1msg: ld 0x8309970 0 new referrals
read1msg:  mark request completed, ld 0x8309970 msgid 2
request done: ld 0x8309970 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
adding response ld 0x8309970 msgid 2 type 101:
ldap_parse_result
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_msgfree
=3D> result: (101, [('', {'supportedLDAPVersion': ['2', '3'], 'objectClas=
s': ['top'], 'namingContexts': ['c=3DDE', 'dc=3Dexample,dc=3Dcom', 'o=3DC=
ompany Name', 'o=3DAdmin', 'o=3DNaming Context 2'], 'supportedSASLMechani=
sms': ['EXTERNAL', 'GSSAPI', 'DIGEST-MD5'], 'vendorVersion': ['Sun-ONE-Di=
rectory/5.2_Patch_2'], 'subschemaSubentry': ['cn=3Dschema'], 'supportedCo=
ntrol': ['2.16.840.1.113730.3.4.2', '2.16.840.1.113730.3.4.3', '2.16.840.=
1.113730.3.4.4', '2.16.840.1.113730.3.4.5', '1.2.840.113556.1.4.473', '2.=
16.840.1.113730.3.4.9', '2.16.840.1.113730.3.4.16', '2.16.840.1.113730.3.=
4.15', '2.16.840.1.113730.3.4.17', '2.16.840.1.113730.3.4.19', '1.3.6.1.4=
=2E1.42.2.27.9.5.2', '1.3.6.1.4.1.42.2.27.9.5.6', '2.16.840.1.113730.3.4.=
14', '1.3.6.1.4.1.1466.29539.12', '2.16.840.1.113730.3.4.12', '2.16.840.1=
=2E113730.3.4.18', '2.16.840.1.113730.3.4.13'], 'vendorName': ['Sun Micro=
systems, Inc.']})], 2, [])
*** ldaps://directory.example.com - LDAPObject.get_option ((17,),{})
=3D> result: 3
*** ldaps://directory.example.com - LDAPObject.search_ext (('cn=3Dschema'=
, 0, '(objectClass=3Dsubschema)', ['ldapSyntaxes', 'matchingRuleUse', 'na=
meForms', 'attributeTypes', 'dITStructureRules', 'objectClasses', 'dITCon=
tentRules', 'matchingRules'], 0, [], None, 110, 0),{})
ldap_search_ext
put_filter: "(objectClass=3Dsubschema)"
put_filter: simple
put_simple_filter: "objectClass=3Dsubschema"
ldap_send_initial_request
ldap_send_server_request
=3D> result: 3
*** ldaps://directory.example.com - LDAPObject.result3 ((3, 1, 110),{})
ldap_result ld 0x8309970 msgid 3
ldap_chkResponseList ld 0x8309970 msgid 3 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
wait4msg ld 0x8309970 msgid 3 (timeout 110000000 usec)
wait4msg continue ld 0x8309970 msgid 3 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
   Empty
ldap_chkResponseList ld 0x8309970 msgid 3 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 3 all 1
read1msg: ld 0x8309970 msgid 3 message type search-result
read1msg: ld 0x8309970 0 new referrals
read1msg:  mark request completed, ld 0x8309970 msgid 3
request done: ld 0x8309970 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ldap_err2string
=3D> LDAPError - INSUFFICIENT_ACCESS: {'info': 'Search not permitted for =
that subtree', 'desc': 'Insufficient access'}
ldap_explode_dn
=3D> ldap_bv2dn(c=3DDE,0)
ldap_err2string
<=3D ldap_bv2dn(c=3DDE)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DCompany Name,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DCompany Name)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DAdmin,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DAdmin)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DNaming Context 2,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DNaming Context 2)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(dc=3Dexample,dc=3Dcom,0)
ldap_err2string
<=3D ldap_bv2dn(dc=3Dexample,dc=3Dcom)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(c=3DDE,0)
ldap_err2string
<=3D ldap_bv2dn(c=3DDE)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DCompany Name,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DCompany Name)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DAdmin,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DAdmin)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DNaming Context 2,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DNaming Context 2)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(dc=3Dexample,dc=3Dcom,0)
ldap_err2string
<=3D ldap_bv2dn(dc=3Dexample,dc=3Dcom)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(c=3DDE,0)
ldap_err2string
<=3D ldap_bv2dn(c=3DDE)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DCompany Name,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DCompany Name)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DAdmin,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DAdmin)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(o=3DNaming Context 2,0)
ldap_err2string
<=3D ldap_bv2dn(o=3DNaming Context 2)=3D0 Success
ldap_explode_dn
=3D> ldap_bv2dn(dc=3Dexample,dc=3Dcom,0)
ldap_err2string
<=3D ldap_bv2dn(dc=3Dexample,dc=3Dcom)=3D0 Success
*** ldaps://directory.example.com - LDAPObject.get_option ((17,),{})
=3D> result: 3
*** ldaps://directory.example.com - LDAPObject.search_ext (('', 0, '(obje=
ctClass=3D*)', None, 0, [], None, 110, 0),{})
ldap_search_ext
put_filter: "(objectClass=3D*)"
put_filter: simple
put_simple_filter: "objectClass=3D*"
ldap_send_initial_request
ldap_send_server_request
=3D> result: 4
*** ldaps://directory.example.com - LDAPObject.result3 ((4, 1, 110),{})
ldap_result ld 0x8309970 msgid 4
ldap_chkResponseList ld 0x8309970 msgid 4 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
wait4msg ld 0x8309970 msgid 4 (timeout 110000000 usec)
wait4msg continue ld 0x8309970 msgid 4 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
   Empty
ldap_chkResponseList ld 0x8309970 msgid 4 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 4 all 1
read1msg: ld 0x8309970 msgid 4 message type search-entry
wait4msg ld 0x8309970 110 secs to go
wait4msg continue ld 0x8309970 msgid 4 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
 * msgid 4,  type 100
ldap_chkResponseList ld 0x8309970 msgid 4 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 4 all 1
read1msg: ld 0x8309970 msgid 4 message type search-result
read1msg: ld 0x8309970 0 new referrals
read1msg:  mark request completed, ld 0x8309970 msgid 4
request done: ld 0x8309970 msgid 4
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
adding response ld 0x8309970 msgid 4 type 101:
ldap_parse_result
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_msgfree
=3D> result: (101, [('', {'supportedLDAPVersion': ['2', '3'], 'objectClas=
s': ['top'], 'namingContexts': ['c=3DDE', 'dc=3Dexample,dc=3Dcom', 'o=3DC=
ompany Name', 'o=3DAdmin', 'o=3DNaming Context 2'], 'dataversion': ['0200=
5100607311102005100607311102005100607311102005100607311102005100607311102=
0051006073111020051006073111020051006073111020051006073111020051006073111=
020051006073111020051006073111'], 'netscapemdsuffix': ['cn=3Dldap://dc=3D=
ldap2,dc=3Dexample,dc=3Dcom:10390'], 'supportedSASLMechanisms': ['EXTERNA=
L', 'GSSAPI', 'DIGEST-MD5'], 'vendorVersion': ['Sun-ONE-Directory/5.2_Pat=
ch_2'], 'supportedExtension': ['2.16.840.1.113730.3.5.7', '2.16.840.1.113=
730.3.5.8', '2.16.840.1.113730.3.5.3', '2.16.840.1.113730.3.5.5', '2.16.8=
40.1.113730.3.5.6', '2.16.840.1.113730.3.5.4', '1.3.6.1.4.1.42.2.27.9.6.1=
', '1.3.6.1.4.1.42.2.27.9.6.2', '1.3.6.1.4.1.42.2.27.9.6.3', '1.3.6.1.4.1=
=2E42.2.27.9.6.4', '1.3.6.1.4.1.42.2.27.9.6.5', '1.3.6.1.4.1.42.2.27.9.6.=
6', '1.3.6.1.4.1.42.2.27.9.6.7', '1.3.6.1.4.1.42.2.27.9.6.8', '1.3.6.1.4.=
1.42.2.27.9.6.9', '1.3.6.1.4.1.42.2.27.9.6.11', '1.3.6.1.4.1.42.2.27.9.6.=
12', '1.3.6.1.4.1.42.2.27.9.6.13', '1.3.6.1.4.1.42.2.27.9.6.14', '1.3.6.1=
=2E4.1.42.2.27.9.6.15', '1.3.6.1.4.1.42.2.27.9.6.16', '1.3.6.1.4.1.42.2.2=
7.9.6.17', '1.3.6.1.4.1.42.2.27.9.6.18', '1.3.6.1.4.1.42.2.27.9.6.19', '1=
=2E3.6.1.4.1.42.2.27.9.6.21', '1.3.6.1.4.1.42.2.27.9.6.22', '1.3.6.1.4.1.=
1466.20037', '1.3.6.1.4.1.4203.1.11.3'], 'supportedControl': ['2.16.840.1=
=2E113730.3.4.2', '2.16.840.1.113730.3.4.3', '2.16.840.1.113730.3.4.4', '=
2.16.840.1.113730.3.4.5', '1.2.840.113556.1.4.473', '2.16.840.1.113730.3.=
4.9', '2.16.840.1.113730.3.4.16', '2.16.840.1.113730.3.4.15', '2.16.840.1=
=2E113730.3.4.17', '2.16.840.1.113730.3.4.19', '1.3.6.1.4.1.42.2.27.9.5.2=
', '1.3.6.1.4.1.42.2.27.9.5.6', '2.16.840.1.113730.3.4.14', '1.3.6.1.4.1.=
1466.29539.12', '2.16.840.1.113730.3.4.12', '2.16.840.1.113730.3.4.18', '=
2.16.840.1.113730.3.4.13'], 'vendorName': ['Sun Microsystems, Inc.']})], =
4, [])
*** ldaps://directory.example.com - LDAPObject.search_ext (('', 0, '(obje=
ctClass=3D*)', ['creatorsName', 'lastModifiedBy', 'modifiersName', 'creat=
eTimeStamp', 'lastModifiedTime', 'modifyTimeStamp'], 0, [], None, 110, 0)=
,{})
ldap_search_ext
put_filter: "(objectClass=3D*)"
put_filter: simple
put_simple_filter: "objectClass=3D*"
ldap_send_initial_request
ldap_send_server_request
=3D> result: 5
*** ldaps://directory.example.com - LDAPObject.result3 ((5, 1, 110),{})
ldap_result ld 0x8309970 msgid 5
ldap_chkResponseList ld 0x8309970 msgid 5 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
wait4msg ld 0x8309970 msgid 5 (timeout 110000000 usec)
wait4msg continue ld 0x8309970 msgid 5 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 5,  origid 5, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
   Empty
ldap_chkResponseList ld 0x8309970 msgid 5 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 5 all 1
read1msg: ld 0x8309970 msgid 5 message type search-entry
wait4msg ld 0x8309970 110 secs to go
wait4msg continue ld 0x8309970 msgid 5 all 1
** ld 0x8309970 Connections:
* host: directory.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov  4 10:55:47 2005

** ld 0x8309970 Outstanding Requests:
 * msgid 5,  origid 5, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x8309970 Response Queue:
 * msgid 5,  type 100
ldap_chkResponseList ld 0x8309970 msgid 5 all 1
ldap_chkResponseList returns ld 0x8309970 NULL
ldap_int_select
read1msg: ld 0x8309970 msgid 5 all 1
read1msg: ld 0x8309970 msgid 5 message type search-result
read1msg: ld 0x8309970 0 new referrals
read1msg:  mark request completed, ld 0x8309970 msgid 5
request done: ld 0x8309970 msgid 5
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 5, msgid 5)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
adding response ld 0x8309970 msgid 5 type 101:
ldap_parse_result
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_msgfree
=3D> result: (101, [('', {'modifiersName': ['cn=3Dserver,cn=3Dplugins,cn=3D=
config'], 'createTimeStamp': ['20041118111241Z'], 'modifyTimeStamp': ['20=
041118111241Z'], 'creatorsName': ['cn=3Dserver,cn=3Dplugins,cn=3Dconfig']=
})], 5, [])
*** ldaps://directory.example.com - LDAPObject.get_option ((17,),{})
=3D> result: 3
127.0.0.1 - - [04/Nov/2005 10:55:53] "GET /web2ldap/disconnect/hvDyyl7L? =
HTTP/1.1" 200 - "http://localhost:1760/web2ldap?ldaps://directory.example=
=2Ecom" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/2005092=
0"
*** ldaps://directory.example.com - LDAPObject.unbind_ext (([], None),{})=

ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
TLS trace: SSL3 alert write:warning:close notify
127.0.0.1 - - [04/Nov/2005 10:55:53] "GET /web2ldap HTTP/1.1" 200 - "-" "=
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920"
Shutting down web server


--------------020207070106030606090906--