[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap 2.4.28 and "allow bind_v2"

On 2/1/12 10:55 AM, masarati@aero.polimi.it wrote:
>> I have built and upgraded one of my openldap servers from 2.4.26 to 2.4.28
>>  (on RHEL release
>> 5.7 x86_64) and with the identical configuration to my other servers, I am
>> seeing the following
>> messages in the slapd.log file:
>> slapd[4434]: conn=115331 fd=263 ACCEPT from IP=X.X.X.X:51856
>> (IP=
>> slapd[4434]: conn=115331 op=0 do_extended: protocol version (2) too low
>> slapd[4434]: conn=115331 op=0 DISCONNECT tag=120 err=2 text=requires
>> LDAPv3
>> slapd[4434]: conn=115331 fd=263 closed (operations error)
>> I'm not seeing anything leaping out at me from the change log for
>> 2.4.27/2.4.28 that indicates
>> what I have gotten wrong that worked until now.
>> As I said, I am running the same slapd.conf file on my 2.4.26
>> installations and not seeing
>> these failures there at all (and since I use an F5 load balancer, these
>> connections are sprayed
>> all across my pool of servers).
>> Where should I start looking?
> "do_extended" means an extended operation is being requested with protocol
> version set to LDAPv2, and LDAPv2 has no notion of extended operations. 
> Can you track what operation is being requested?

With guidance about how to, I can certainly do my best to.

I can use tcpdump to gather all traffic between the client and this server on port 389 - but,
I'm not going to be able to understand what I'm catching.  Is there a more preferred method of
capturing this?
> p.

Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)

Attachment: signature.asc
Description: OpenPGP digital signature