Re: Re: [Openca-Users] LDAP response ...invalid DN

Wed, 20 Apr 2005 05:39:42 -0700 

 --- "M.-A. DARCHE" <[EMAIL PROTECTED]> schrieb: 
> Greedchen Mueller a �crit :
> > Hi List,
> > 
> > new in useing OpenCA.
> > 
> > My System is a i386 maschine with Debian Sage
> > Linux. I have made a installation according the
> howto
> > from dartmouth. One installation for CA and one
> for
> > RA,SCEP and LDAP on the other hand.
> > 
> > CA,RA is working, in addition SCEP works with
> > SCEP.
> > 
> > Now i want to use LDAP, but there are
> problems.
> > I'am a novice in LDAP.
> > 
> > If i update LDAP i get "invalid ...DN"
> > 
> > and in the logfile of openra you can
> see:
> > 
> > +++++++++++++++++++++++++++++++++
> 
> Please, do not post HTML, use simple text for your
> messages.
> 

Sorry this was an error
> 
> > OpenCA::LDAP->add_object: Cannot bind to server.
> > OpenCA::LDAP->add_object: Started add_object ...
> > OpenCA::LDAP->add_object: certificate present ...
> > OpenCA::LDAP->add_object: role ok ...
> > OpenCA::LDAP->add_object: Information of the
> Object:
> > OpenCA::LDAP->add_object: dn   
> > [EMAIL PROTECTED],CN=root,O=test,C=DE
> > OpenCA::LDAP->add_object: cn    root
> > OpenCA::LDAP->add_object: serID 2147483647
> > OpenCA::LDAP->add_object: email [EMAIL PROTECTED]
> > OpenCA::LDAP->add_object: ou    
> > OpenCA::LDAP->add_object: o     test
> > OpenCA::LDAP->add_object: l     
> > OpenCA::LDAP->add_object: st    
> > OpenCA::LDAP->add_object: c     DE
> > OpenCA::LDAP->add_object: End of the information
> of
> > the Object
> > OpenCA::LDAP->connect: ldap2://localhost:389
> > OpenCA::LDAP->setError: 34: invalid DN
> > OpenCA::LDAP->add_object: Cannot bind to server.
> >
> 
> It seems that the login and/or password that you
> provided
> in the OpenCA LDAP configuration is wrong.
> 
> 
> > i read the posting from Johnny Gonzalez
> > (msg05686.html)
> > 
> > I have edit slapd in this way:
> > +++++++++++++++++++++++++++++++++
> > database    bdb
> > suffix              "o=test,c=DE"
> > rootdn      
> > "cn=root,[EMAIL PROTECTED],o=test,c=DE"
> > # Cleartext passwords, especially for the rootdn,
> > should
> > # be avoid.  See slappasswd(8) and slapd.conf(5)
> for
> > details.
> > # Use of strong authentication encouraged.
> > rootpw              root
> > ++++++++++++++++++++++++++++++++++
> > 
> > and ldap.conf in openldap
> > +++++++++++++++++++++++++++++++++
> > BINDDN
> cn=root,[EMAIL PROTECTED],o=test,c=DE
> > BASE o=test,c=DE
> > 
> > HOST 172.16.98.92
> > PORT 389
> > 
> > ldaproot
> > "cn=root,[EMAIL PROTECTED],o=test,c=DE"
> > ldappwd "root"
> > ++++++++++++++++++++++++++++++++++
> > 
> > on my openca installation ldap.conf
> > ++++++++++++++++++++++++++++++++++
> > 
> > basedn "o=test, c=DE"
> > ldaproot
> > "cn=root,[EMAIL PROTECTED],o=test,c=DE"
> > ldappwd "root"
> > ++++++++++++++++++++++++++++++++++
> > 
> 
> Why do you use such a complicated DN for your
> LDAP administrator?
> 
> cn=root,[EMAIL PROTECTED],o=test,c=DE
> 
> Usually one will most likely use something like:
> cn=admin,o=test,c=DE
> 
> Could you try with this simpler DN?
> 
> 
> > My certificates use:
> > 
> > o=test,c=DE,cn=root,[EMAIL PROTECTED]
> > 
> > I hope there are idears :-)
> > 
> 
> I don't think there is any link between the DN of
> your
> LDAP admin and any certificate when it comes to your
> LDAP connexion.
> Someone else could maybe confirm this.
> 
> 
> Cheers,
> 
Now iam using cn=admin and now email adress, like here
in ldap directory "ldap.conf":
+++++++++++++++++++++++++++++++++
BINDDN o=Bintec,c=DE
BASE o=Bintec,c=DE

HOST 172.16.98.92
PORT 389

ldaproot "cn=admin,o=Bintec,c=DE"
ldappwd  "root"
+++++++++++++++++++++++++++++++++

But here i get the same error.



The LDAP debug shows:
+++++++++++++++++++++++++++++++++
ber_get_next
ldap_read: want=8, got=8
  0000:  30 15 02 01 01 60 10 02                      
     0....`..
ldap_read: want=15, got=15
  0000:  01 03 04 05 61 64 6d 69  6e 80 04 72 6f 6f 74
     ....admin..root
ber_get_next: tag 0x30 len 21 contents:
ber_dump: buf=0x08173910 ptr=0x08173910 end=0x08173925
len=21
  0000:  02 01 01 60 10 02 01 03  04 05 61 64 6d 69 6e
80   ...`......admin.
  0010:  04 72 6f 6f 74                               
     .root
ber_get_next
ldap_read: want=8 error=Resource temporarily
unavailable
ber_get_next on fd 11 failed errno=11 (Resource
temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x08173910 ptr=0x08173913 end=0x08173925
len=18
  0000:  60 10 02 01 03 04 05 61  64 6d 69 6e 80 04 72
6f   `......admin..ro
  0010:  6f 74                                        
     ot
ber_scanf fmt (m}) ber:
ber_dump: buf=0x08173910 ptr=0x0817391f end=0x08173925
len=6
  0000:  00 04 72 6f 6f 74                            
     ..root
>>> dnPrettyNormal: <admin>
=> ldap_bv2dn(admin,0)
ldap_err2string
<= ldap_bv2dn(admin)=-4 Decoding error
bind: invalid dn (admin)
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=34 matched="" text="invalid DN"
send_ldap_response: msgid=1 tag=97 err=34
ber_flush: 24 bytes to sd 11
  0000:  30 16 02 01 01 61 11 0a  01 22 04 00 04 0a 69
6e   0....a..."....in
  0010:  76 61 6c 69 64 20 44 4e                      
     valid DN
ldap_write: want=24, written=24
  0000:  30 16 02 01 01 61 11 0a  01 22 04 00 04 0a 69
6e   0....a..."....in
  0010:  76 61 6c 69 64 20 44 4e                      
     valid DN
conn=0 op=0 RESULT tag=97 err=34 text=invalid DN
daemon: activity on 1 descriptors
daemon: activity on: 11r
daemon: read activity on 11
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ldap_read: want=8, got=7
  0000:  30 05 02 01 02 42 00                         
     0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x08173ae0 ptr=0x08173ae0 end=0x08173ae5
len=5
  0000:  02 01 02 42 00                               
     ...B.
ber_get_next
ldap_read: want=8 error=Resource temporarily
unavailable
ber_get_next on fd 11 failed errno=11 (Resource
temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
do_unbind
conn=0 op=1 UNBIND
++++++++++++++++++++++++++++++++++++++

in config.xml i use

++++++++++++++++++++++++++++++++++++++
        <option>
            <name>ldaproot</name>
            <value>admin</value>
        </option>
        <option>
            <name>ldaprootpwd</name>
            <value>root</value>
        </option>
+++++++++++++++++++++++++++++++++++++


Thanks







> -- 
> Marc-Aur�le DARCHE
> NUXEO (Paris, France)                    
> http://nuxeo.com/
> Nuxeo Collaborative Portal Server (CPS)  
> http://www.cps-project.org/
> Gestion de contenu web / portail collaboratif /
> logiciel libre
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by: New Crystal
> Reports XI.
> Version 11 adds new functionality designed to reduce
> time involved in
> creating, integrating, and deploying reporting
> solutions. Free runtime info,
> new features, or free trial, at:
> http://www.businessobjects.com/devxi/728
> _______________________________________________
> Openca-Users mailing list
> [email protected]
>
https://lists.sourceforge.net/lists/listinfo/openca-users
>  


        
                
___________________________________________________________ 
Gesendet von Yahoo! Mail - Jetzt mit 250MB Speicher kostenlos - Hier anmelden: 
http://mail.yahoo.de


-------------------------------------------------------
This SF.Net email is sponsored by: New Crystal Reports XI.
Version 11 adds new functionality designed to reduce time involved in
creating, integrating, and deploying reporting solutions. Free runtime info,
new features, or free trial, at: http://www.businessobjects.com/devxi/728
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to