Re: [naviserver-devel] nsldap: Installation and setup

Iuri Sampaio Wed, 16 May 2018 19:55:42 -0700

Yeah, that’s what I thought so. However, when I switched the host within 
config.tcl (i) to the host that literally appears in the processe's display 
(ii),  I got (iii).


I wonder if running LDAP without SSL could be the cause. However, I found 
nothing in the documentation that would reference so.




i. #config.tcl
ns_section ns/ldap/pool/ldap
        ns_param user "cn=admin,dc=ldap,dc=litli,dc=net"
        ns_param password “*****"
        ns_param host "ldap:///:389";
        ns_param connections 1
        ns_param verbose On


iii. caltek   22931 22675  0 22:42 pts/1    00:00:00 ps -ef
openldap 23829     1  0 May14 ?        00:00:00 /usr/sbin/slapd -h ldap:/// 
ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d


iii. [16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: 
nsldap: could not open connection to server ldap:///:389 on port 389: 
Inappropriate ioctl for device



[16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: 
ns:interptrace[caltek]: deallocate nsproxy:cleanup a:(nil)
[16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: 
ns:interptrace[caltek]: deallocate nsdb:releasehandles a:(nil)
[16/May/2018:22:39:27][22732.7f914effd700][-sched:8-] Debug: 
ns:interptrace[caltek]: deallocate ns:tcltrace ns_cleanup
[16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: 
Ns_SockAccept returns sock 5, err NONE
[16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: 
Ns_SockAccept returns sock -1, err Resource temporarily unavailable
[16/May/2018:22:39:29][22732.7f915cd36700][-driver:nssock:0-] Debug: [0] 
dequeue thread connPtr 0x555f13d233e0 idle 2 state 4 create 0
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
ns:interptrace[caltek]: allocate ns:tcltrace ns_init
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: user 
agent is Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: OACS= 
sec_handler: enter
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
ad_get_signed_cookie: Got signed cookie ad_session_id with value 
350001,0,0,1526524659, signature 237 1526525859 
B427AD47A039C798E4B2E29725B5456831F66EF3.
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
__ad_verify_signature: Getting token_id 237, value 
02627536A2D3BDF38A7049D9AC1555DFB219A281 ; 
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
__ad_verify_signature: Expire_Time is 1526525859 (compare to 1526524769), hash 
is B427AD47A039C798E4B2E29725B5456831F66EF3
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
__ad_verify_signature: Hash matches - Hash check OK
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
__ad_verify_signature: Expiration time (1526525859) greater than current time 
(1526524769) - Expiration check OK
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
ad_get_signed_cookie: Verification of cookie ad_session_id OK
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: Security: 
Insecure session OK: session_id 350001, untrusted_user_id 0, auth_level none, 
user_id 0
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO 
FULLQUERY FOR 
dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p
 --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Notice: Running 
first LDAP script ...
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: nsldap: 
getting a handle for thread 0x7f915dd38700
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: nsldap: 
connecting handle from pool ldap
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: nsldap: 
could not open connection to server ldap:///:389 on port 389: Inappropriate 
ioctl for device
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO 
FULLQUERY FOR dbqd.acs-tcl.tcl.00-database-procs.db_nextval.nextval --> using 
default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
0x7f91590db110 convert type none to sql <select nextval('t_acs_object_id_seq')>
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO 
FULLQUERY FOR 
dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p
 --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO 
FULLQUERY FOR 
dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p
 --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO 
FULLQUERY FOR dbqd.dotlrn.tcl.dotlrn-security-procs.dotlrn::user_p.select_count 
--> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
0x7f91590d8a70 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: NO 
FULLQUERY FOR 
dbqd.acs-tcl.tcl.acs-permissions-procs.permission::permission_p_not_cached.select_permission_p
 --> using default SQL
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
0x7f915900c670 REUSE sql
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: we have 
the following editors registered: 
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
Ns_ConnClose 0x555f13d233e0 stream 000000 chunk 000000 via writer 000000 
sockPtr 0x7f91540012c0
[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Error: could not 
allocate 1 handle from pool "ldap"
    while executing
"ns_ldap gethandle "ldap""
    ("uplevel" body line 7)
    invoked from within
"uplevel {
    ad_page_contract {}

ns_log Notice "Running first LDAP script ..."


set lh [ns_ldap gethandle "ldap"]
doc_return 200 text/html "[ns_lda..."
    (procedure "code::tcl::/var/www/caltek//www/test-ldap" line 2)
    invoked from within
"code::tcl::$__adp_stub"
    ("uplevel" body line 12)
    invoked from within
"uplevel {

        if { [file exists $__adp_stub.tcl] } {

            # ensure that data source preparation procedure exists and is 
up-to-date
      ..."
    (procedure "adp_prepare" line 2)
    invoked from within
"adp_prepare"
    invoked from within
"template::adp_parse $themed_template {}"
    (procedure "adp_parse_ad_conn_file" line 14)
    invoked from within
"$handler"
    ("uplevel" body line 2)
    invoked from within
"uplevel $code"
    invoked from within
"ad_try {
                $handler
            } ad_script_abort val {
                # do nothing
            }"
    invoked from within
"rp_serve_concrete_file [ad_conn file]"
    (procedure "::nsf::procs::rp_serve_abstract_file" line 60)
    invoked from within
"rp_serve_abstract_file "$root/$extra_url""
    ("uplevel" body line 2)
    invoked from within
"uplevel $code"
    invoked from within
"ad_try {
                rp_serve_abstract_file "$root/$extra_url"
                set ::tcl_url2file([ad_conn url]) [ad_conn file]
                se..."
    called from rp_handler
        GET http://127.0.0.1:8080/test-ldap? referred by '' peer 127.0.0.1 
user_id 0

 X-Forwarded-For:       201.50.61.208
 Host:  127.0.0.1:8080
 Connection:    close
 Cache-Control: max-age=0
 Upgrade-Insecure-Requests:     1
 User-Agent:    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
 Accept:        
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
 Accept-Encoding:       gzip, deflate
 Accept-Language:       pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
 Cookie:        
ad_session_id="350001%2c0%2c0%2c1526524659%20{237%201526525859%20B427AD47A039C798E4B2E29725B5456831F66EF3}";
 style=null

[16/May/2018:22:39:29][22732.7f915dd38700][-conn:caltek:0:27-] Debug: 
ns:interptrace[caltek]: deallocate nsproxy:cleanup a:(nil)
[16/May/2018:22:39:29]






> On May 16, 2018, at 09:51, Gustaf Neumann <neum...@wu.ac.at> wrote:
> 
> i am probably not the best person to ask, since we do not use here ldap.
> 
> however, my guess is that you have most likely a configuration problem:
> under "host" you specify "ldap://...."; <ldap://....>, when i look into the 
> source i see:
>     Ns_DStringPrintf(&ds, "ldap://%s:%d";, handlePtr->host, handlePtr->port );
> 
> so , i would think that "host " is really what it implies, and not a ldap URL.
> 
> -gn
> 
> On 14.05.18 17:56, Iuri Sampaio wrote:
>> Hello Gustaf and all,
>> 
>> So far, I’ve installed and configured all code required to run LDAP together 
>> with Naviserver. Plus, I’ve added and amended all necessary parameters in 
>> order to enable LDAP authentication. 
>> 
>> However, I still haven’t figured out what is blocking the connection to the 
>> server. However parametrization seems fine, I believe the error is because 
>> I've assigned wrong formats to the parameter within config.tcl. 
>> 
>> LDAP and NS instances are running in the same server. I have tried 
>> localhost, w/ and w/o declaring ports explicitly. 
>> 
>> 
>> ns_section ns/ldap/pool/ldap
>>         ns_param user “cn=web,dc=ldap,dc=litli,dc=net"
>>         ns_param password “*****"
>>      ns_param host "ldap://ldap.litli.net <http://litli.net/>"
>>         ns_param connections 1
>>         ns_param verbose On
>> 
>> 
>> 
>> Bellow you can see the logs of a successful boot up of NS.
>> 
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Notice: modload: loading 
>> module nsldap from file /usr/local/ns/bin/nsldap.so
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: allowing * 
>> -> pool ldap
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: adding 
>> pool ldap to the list of allowed pools
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Debug: nsldap: 
>> Registering LDAPCheckPools (600)
>> [14/May/2018:10:44:25][22834.7f4be4abf700][-main-] Notice: nsldap: version 
>> 0.9 loaded
>> ...
>> [14/May/2018:10:44:36][22834.7f4be4abf700][-main-] Notice: Loading 
>> packages/auth-ldap/tcl/auth-ldap-procs.tcl...
>> [14/May/2018:10:44:36][22834.7f4be4abf700][-main-] Notice: Loaded 
>> packages/auth-ldap/tcl/auth-ldap-procs.tcl.
>> ...
>> 
>> 
>> 
>> Plus, LDAP instance is running just fine at http://ldap.litli.net 
>> <http://ldap.litli.net/>. Login is successful trough http and directly 
>> through command line:
>> 
>> 1)
>> ldapsearch -n -x -H ldap://ldap.litli.net <ldap://ldap.litli.net> -D 
>> “cn=web,dc=ldap,dc=litli,dc=net" "uid=iuri" -w ****
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=ldap,dc=litli,dc=net> (default) with scope subtree
>> # filter: uid=iuri
>> # requesting: ALL
>> #
>> 
>> 
>> 2) 
>> ldapsearch -x -W -D ‘cn=web,dc=ldap,dc=litli,dc=net' -b "" -s base
>> Enter LDAP Password: 
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <> with scope baseObject
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>> 
>> #
>> dn:
>> objectClass: top
>> objectClass: OpenLDAProotDSE
>> 
>> # search result
>> search: 2
>> result: 0 Success
>> 
>> # numResponses: 2
>> # numEntries: 1
>> 
>> 
>> ##############
>> 
>> 
>> However, the connection failed in attempt to allocate handle from ldap pool, 
>> when I run the following TCL command:
>> 
>> set lh [ns_ldap gethandle "ldap"]
>> 
>> 
>> See logs:
>> 
>> 
>> ###
>> # NS ERROR logs: /log/error.log
>> ###
>> 
>> ...
>> 
>> [14/May/2018:10:50:04][22834.7f4bd89ce700][-conn:caltek:0:1-] Error: could 
>> not allocate 1 handle from pool "ldap"
>>     while executing
>> "ns_ldap gethandle "ldap""
>>     ("uplevel" body line 2)
>>     invoked from within
>> "uplevel {
>>     set lh [ns_ldap gethandle "ldap"]
>> doc_return 200 text/html "[ns_ldap host $lh]"
>> 
>> 
>> }"
>> 
>> 
>> …
>> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Debug: nsldap: 
>> getting a handle for thread 0x7f1653d03700
>> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Debug: nsldap: 
>> connecting handle from pool ldap
>> [14/May/2018:11:37:17][23479.7f1653d03700][-conn:caltek:1:0-] Error: nsldap: 
>> could not open connection to server ldap://ldap.litli.net 
>> <ldap://ldap.litli.net> on port 389: No such file or directory
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! 
> http://sdm.link/slashdot_______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel

Re: [naviserver-devel] nsldap: Installation and setup

Reply via email to