[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Repost] JDNI Authentication

Thanks for the response Kurt...

Here's what I get with logging set to level 4:

slapd starting
==> bdb_bind: dn: cn=Manager,dc=careerfish,dc=com
send_ldap_result: err=0 matched="" text=""
SRCH "uid=ross,ou=people,dc=careerfish,dc=com" 0 3 0 0 0
filter: (objectClass=*)
attrs: userPassword
base_candidates: base: "uid=ross,ou=people,dc=careerfish,dc=com" (0x00000008)
send_ldap_result: err=0 matched="" text=""
SRCH "ou=groups,dc=careerfish,dc=com" 1 3 0 0 0
filter: (?=undefined)
attrs: cn
bdb_idl_fetch_key: *

bdb_idl_fetch_key: %ou=groups,dc=careerfish,dc=com
send_ldap_result: err=0 matched="" text=""

And with -d 32:
begin get_filter
end get_filter 0
=> test_filter
<= test_filter 6
begin get_filter
get_ava: unknown attributeType \28uniqueMember
end get_filter 0
=> bdb_filter_candidates
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_filter_candidates
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
<= bdb_filter_candidates: id=0 first=0 last=0
<= bdb_list_candidates: id=0 first=9 last=0
<= bdb_filter_candidates: id=0 first=9 last=0

and finally -d 256 (which I think it was you mean by Stats):

slapd starting
conn=0 fd=10 ACCEPT from IP= (IP=
conn=0 op=0 BIND dn="cn=Manager,dc=careerfish,dc=com" method=128
conn=0 op=0 BIND dn="cn=Manager,dc=careerfish,dc=com" mech=SIMPLE ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="uid=ross,ou=people,dc=careerfish,dc=com" scope=0 deref=3 filter="(objectClass=*)"
conn=0 op=1 SRCH attr=userPassword
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=2 SRCH base="ou=groups,dc=careerfish,dc=com" scope=1 deref=3 filter="(?=undefined)"
conn=0 op=2 SRCH attr=cn
conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=

What's up with that filter="(?=undefined)"  Is that the issue?

Kurt D. Zeilenga wrote:

At 05:33 PM 10/11/2004, Ross Rankin wrote:

The OS is Fedora Core 2 and I'm using OpenLDAP 2.2.17. The difference between the two boxes is the OS version Red Hat 9 verus Fedora and 2.1 OpenLdap on the older box.

Okay, the boxes do differ significantly. So you can said aside your assumption that they should behave the same.

Actually, If I do an ldapsearch for cn=user, it works fine. I am not sure what to use to replicate the the lookup that JNDI is using.
I thought there might be something telling and obvious that I was missing in the trace or in the config files... If there is another type of search I can do to try to replicate the issue, please let me know and I'll run it. Anyone out there using Java/JDNI?

First, let me be clear that you need to separate questions
specific to Tocmat/JNDI from questions specific to OpenLDAP
Software. Discussions specific to the Tomcat/JNDI, such as
why doesn't my Tomcat/JNDI configuration work as I expect? why is Tomcat/JNDI doing X?
why is Tomcat/JNDI expecting Y?
are simply off-topic here and hence should be taken elsewhere.
However, asking questions such as:
what operation(s) do these logs indicate the client issued to
the slapd(8)?
how do I use ldapsearch(1) (or other OpenLDAP client tool) to
issue a particular operation?
slapd(8) responded to a particular ldapsearch(1) command
in a manner I didn't unexpected (detail expected and
actual behavior), why?

In regards to the log information you provided, I'm unable to
determine the particulars of the operation issued.  I suggest
you enable some additional logging, such as STATS.  See slapd(8)
for details.