[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: iPlanet 4.1 and OpenLDAP 2.1.12

Thank you very much for your gentle and patient reply. Your "allow bind_v2"
suggestion was of course quite accurate, however, I uncovered that
information yesterday afternoon. If you would be so kind, I would appreciate
the opportunity to burden yourself and the rest of the community with some
additional information. Hopefully this will offer a touch more insight into
my issue. You will be relieved to discover that it is the tail end of an
OpenLDAP debug trace which was received by calling slapd with the "-d 65535"
option and then requesting the client to perform a query. I am sure this is
much more familiar territory for yourself and the others.

====> bdb_cache_find_entry_id( 6719 )
=bbbbb,dc=aaaaa,dc=com" (found) (1 tries)
=> access_allowed: auth access to
,dc=aaaaa,dc=com" "userPassword" requested
=> access_allowed: backend default auth access granted to ""
send_ldap_result: conn=0 op=23 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=173 tag=97 err=49
ber_flush: 15 bytes to sd 10
  0000:  30 0d 02 02 00 ad 61 07  0a 01 31 04 00 04 00      0.....a...1....
ldap_write: want=15, written=15
  0000:  30 0d 02 02 00 ad 61 07  0a 01 31 04 00 04 00      0.....a...1....
conn=0 op=23 RESULT tag=97 err=49 text=
====> bdb_cache_return_entry_r( 6719 ): returned (0)

This trace resulted from the client's request for user authentication
information from slapd. Would it be possible for you to take a moment to
explain what the various codes are implying about the tail end of this
particular transaction, and how you believe a properly functioning client
would interpret this information?

Thank you very much for your time and effort. It is most appreciated!


> -----Original Message-----
> From:	Howard Chu [SMTP:hyc@highlandsun.com]
> Sent:	Thursday, March 13, 2003 4:33 PM
> To:	'Mudry, Robert (N-aerotek)'; openldap-software@OpenLDAP.org
> Subject:	RE: iPlanet 4.1 and OpenLDAP 2.1.12
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Mudry, Robert
> > (N-aerotek)
> > Anyone know the secret to getting iPlanet 4.1 to authenticate against
> > OpenLDAP 2.1.12 ? I've done this before on a previous version
> > a year or so
> > ago, but we had some problems with other parts of our system
> > that caused us
> > to switch direction a bit. It's time to revisit, but I can't
> > for the life of
> > me get it to work with the latest version. Scanned through
> > the FAQ and it
> > only dealt with a much older version of OpenLDAP.
> >
> > The error that iPlanet is giving me is:
> Meaningless, there is nothing relevant to the actual LDAP transactions
> here.
> We work with OpenLDAP on this list. Even if there was any useful
> information
> to be gleaned from those messages, there's no reason to expect iPlanet
> diagnostics to be familiar or enlightening to an OpenLDAP user. Perhaps
> they
> would mean something on an iPlanet support list.
> Without knowing anything pertinent about your server configuration, I'd
> make
> a wild guess that iPlanet is making an LDAPv2 request to slapd. LDAPv2
> support is disabled by default, but you can add "allow bind_v2" to your
> slapd.conf to enable it.
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support