Send Netdot-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://osl.uoregon.edu/mailman/listinfo/netdot-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Netdot-users digest..."
Today's Topics:
1. Re: LDAP Assistance (Chip Pleasants)
2. Re: LDAP Assistance (Carlos Vicente)
----------------------------------------------------------------------
Message: 1
Date: Tue, 3 Dec 2013 12:35:09 -0500
From: Chip Pleasants <[email protected]>
Subject: Re: [Netdot-users] LDAP Assistance
To: Carlos Vicente <[email protected]>
Cc: [email protected]
Message-ID:
<CAJq5ATowpTpe4Rv1N5v9vKOMGEa5N2qjVnH=fr7nv3lzkks...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Sorry for replying to my own message. Looking at the Apache2::Log
documentation it seems like "warn" is the correct syntax. I see a
differnt error message when using ldap and the same error message when
using ldaps.
-Chip
LDAP.pm
$r->warn("Netdot::LDAP::check_credentials: Failed to start TLS ".
LDAP
[Tue Dec 03 12:25:39 2013] [error] Converting POST -> GET
[Tue Dec 03 12:25:39 2013] [error] credential_0 billp
[Tue Dec 03 12:25:39 2013] [error] credential_1 mypassword
[Tue Dec 03 12:25:39 2013] [warn] Netdot::LDAP::check_credentials: Failed
to start TLS although server advertises TLS support: 00000000: LdapErr:
DSID-0C090CF0, comment: Error initializing SSL/TLS, data 0, vece
[Tue Dec 03 12:25:39 2013] [error] Netdot::LDAP::check_credentials: User
billp failed LDAP authentication: 80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 525, vece
LDAPS
[Tue Dec 03 12:31:16 2013] [error] Converting POST -> GET
[Tue Dec 03 12:31:16 2013] [error] credential_0 billp
[Tue Dec 03 12:31:16 2013] [error] credential_1 mypassword
[Tue Dec 03 12:31:16 2013] [error] Netdot::LDAP::check_credentials: ERROR:
Could not contact LDAP server ldaps://10.0.102.115:636: IO::Socket::SSL:
SSL connect attempt failed because of handshake
problemserror:00000000:lib(0):func(0):reason(0)
[Tue Dec 03 12:31:16 2013] [error] Netdot::LDAP::check_credentials: ERROR:
Could not contact LDAP server ldaps://10.0.102.115:636: IO::Socket::SSL:
SSL connect attempt failed because of handshake
problemserror:00000000:lib(0):func(0):reason(0)
On Tue, Dec 3, 2013 at 12:17 PM, Chip Pleasants <[email protected]>wrote:
> I really appreciate your help Carlos! Looks like I get a different error
> for plain ldap after change the following line in the LDAP.pm. LDAPS show
> the same error.
>
>
> LDAP.pm
> $r->log_warn("Netdot::LDAP::check_credentials: Failed to start TLS ".
>
>
> LDAP
> [Tue Dec 03 12:01:06 2013] [error] authentication error code: Can't locate
> object method "log_warn" via package "Apache2::RequestRec" at
> /usr/local/netdot/lib/Netdot/LDAP.pm line 134, <DATA> line 522.\n
>
>
> LDAPS
> [Tue Dec 03 11:59:22 2013] [error] Converting POST -> GET
> [Tue Dec 03 11:59:22 2013] [error] credential_0 billp
> [Tue Dec 03 11:59:22 2013] [error] credential_1 mypassword
> [Tue Dec 03 11:59:22 2013] [error] Netdot::LDAP::check_credentials: ERROR:
> Could not contact LDAP server ldaps://10.0.102.115:636: IO::Socket::SSL:
> SSL connect attempt failed because of handshake
> problemserror:00000000:lib(0):func(0):reason(0)
> [Tue Dec 03 11:59:22 2013] [error] Netdot::LDAP::check_credentials: ERROR:
> Could not contact LDAP server ldaps://10.0.102.115:636: IO::Socket::SSL:
> SSL connect attempt failed because of handshake
> problemserror:00000000:lib(0):func(0):reason(0)
> [Tue Dec 03 11:59:22 2013] [error] Netdot::LDAP::check_credentials: Trying
> local auth
> [Tue Dec 03 11:59:22 2013] [error] Netdot::AuthLocal::check_credentials:
> cbillp not found in DB
> [Tue Dec 03 11:59:22 2013] [error] authentication error code:
> [Tue Dec 03 11:59:22 2013] [error] Bad credentials
> [Tue Dec 03 11:59:22 2013] [error] auth_type Apache2::SiteControl
> [Tue Dec 03 11:59:22 2013] [error] authorize() for /netdot/login.html
> [Tue Dec 03 11:59:22 2013] [error] Session cookie: UNSET
> [Tue Dec 03 11:59:22 2013] [error] Loading module
> Apache2::SiteControl::UserFactory
> [Tue Dec 03 11:59:22 2013] [error] Using user factory
> Apache2::SiteControl::UserFactory
>
>
>
>
>
>
> On Tue, Dec 3, 2013 at 11:55 AM, Carlos Vicente <[email protected]>wrote:
>
>> Hello Chip,
>>
>> A quick look at:
>>
>> http://perl.apache.org/docs/2.0/api/Apache2/Log.html
>>
>> suggests that "log_warning" should actually be "log_warn".
>>
>> Try replacing that and try again (remember to restar Apache).
>>
>> Let me know if it works, as I don't use that module myself.
>>
>> Best,
>>
>> cv
>>
>>
>> On 12/3/13, 11:36 AM, Chip Pleasants wrote:
>> > First want to thanks for Netdot! We love this tool. We are trying to
>> > authenticate using either ldap or ldaps and running into issues on
>> > both. I've listed the errors I'm seeing on both below. Pulling my
>> > hair out on this one, therefore any assistance is much appreciated.
>> >
>> > Thanks,
>> > Chip
>> >
>> >
>> >
>> >
>> > LDAP
>> >
>> > [Wed Dec 03 09:40:57 2013] [error] authentication error code: Can't
>> > locate object method "log_warning" via package "Apache2::RequestRec"
>> > at /usr/local/netdot/lib/Netdot/LDAP.pm line 134, <DATA> line 522.\n
>> >
>> >
>> >
>> > LDAPS
>> >
>> > [Tue Dec 03 09:45:57 2013] [error] Converting POST -> GET
>> > [Tue Dec 03 09:45:57 2013] [error] credential_0 billp
>> > [Tue Dec 03 09:45:57 2013] [error] credential_1 mypassword
>> > [Tue Dec 03 09:45:57 2013] [error] Netdot::LDAP::check_credentials:
>> > ERROR: Could not contact LDAP server ldaps://10.0.102.115:636
>> > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect attempt failed
>> > because of handshake problemserror:00000000:lib(0):func(0):reason(0)
>> > [Tue Dec 03 09:45:57 2013] [error] Netdot::LDAP::check_credentials:
>> > ERROR: Could not contact LDAP server ldaps://10.0.102.115:636
>> > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect attempt failed
>> > because of handshake problemserror:00000000:lib(0):func(0):reason(0)
>> > [Tue Dec 03 09:45:57 2013] [error] Netdot::LDAP::check_credentials:
>> > Trying local auth
>> > [Tue Dec 03 09:45:57 2013] [error]
>> > Netdot::AuthLocal::check_credentials: billp not found in DB
>> > [Tue Dec 03 09:45:57 2013] [error] authentication error code:
>> > [Tue Dec 03 09:45:57 2013] [error] Bad credentials
>> > [Tue Dec 03 09:45:57 2013] [error] auth_type Apache2::SiteControl
>> > [Tue Dec 03 09:45:57 2013] [error] authorize() for /netdot/login.html
>> > [Tue Dec 03 09:45:57 2013] [error] Session cookie: UNSET
>> > [Tue Dec 03 09:45:57 2013] [error] Loading module
>> > Apache2::SiteControl::UserFactory
>> > [Tue Dec 03 09:45:57 2013] [error] Using user factory
>> > Apache2::SiteControl::UserFactory
>> > [Tue Dec 03 09:45:57 2013] [error] Building manager
>> > [Tue Dec 03 09:45:57 2013] [error] Loading module
>> > Netdot::NetdotPermissionFactory
>> > [Tue Dec 03 09:45:57 2013] [error] Building a manager using:
>> > $managers{$name} =
>> Netdot::NetdotPermissionFactory->getPermissionManager()
>> >
>> > LDAP CONFIG
>> >
>> > PerlSetVar NetdotLDAPServer "ldap://server.domain.domain.net:389
>> > <http://server.domain.domain.net:389/>"
>> > PerlSetVar NetdotLDAPRequireTLS "no"
>> > PerlSetVar NetdotLDAPUserDN "uid=<username>"
>> > PerlSetVar NetdotLDAPSearchBase "OU=IT,OU=Users,OU=Users
>> > ALL,DC=DOMAIN,DC=DOMAIN,DC=NET"
>> > PerlSetVar NetdotLDAPFailToLocal "yes"
>> >
>> >
>> > LDAPS CONFIG
>> >
>> > PerlSetVar NetdotLDAPServer "ldaps://server.domain.domain.net:
>> > <http://server.domain.domain.net:389/>636"
>> > PerlSetVar NetdotLDAPRequireTLS "no"
>> > PerlSetVar NetdotLDAPUserDN "uid=<username>"
>> > PerlSetVar NetdotLDAPSearchBase "OU=IT,OU=Users,OU=Users
>> > ALL,DC=DOMAIN,DC=DOMAIN,DC=NET"
>> > PerlSetVar NetdotLDAPFailToLocal "yes"
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Netdot-users mailing list
>> > [email protected]
>> > https://osl.uoregon.edu/mailman/listinfo/netdot-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://osl.uoregon.edu/pipermail/netdot-users/attachments/20131203/32c4847c/attachment-0001.html
------------------------------
Message: 2
Date: Tue, 03 Dec 2013 12:38:50 -0500
From: Carlos Vicente <[email protected]>
Subject: Re: [Netdot-users] LDAP Assistance
To: Chip Pleasants <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
Ah, sorry. I meant "warn", not "log_warn". I'll update the code to
reflect that.
Anyways, there is a more fundamental problem with the actual connection
to your server, which I can't help with.
cv
On 12/3/13, 12:35 PM, Chip Pleasants wrote:
> Sorry for replying to my own message. Looking at the Apache2::Log
> documentation it seems like "warn" is the correct syntax. I see a
> differnt error message when using ldap and the same error message when
> using ldaps.
>
> -Chip
>
>
>
> LDAP.pm
> $r->warn("Netdot::LDAP::check_credentials: Failed to start TLS ".
>
>
> LDAP
>
> [Tue Dec 03 12:25:39 2013] [error] Converting POST -> GET
> [Tue Dec 03 12:25:39 2013] [error] credential_0 billp
> [Tue Dec 03 12:25:39 2013] [error] credential_1 mypassword
> [Tue Dec 03 12:25:39 2013] [warn] Netdot::LDAP::check_credentials:
> Failed to start TLS although server advertises TLS support: 00000000:
> LdapErr: DSID-0C090CF0, comment: Error initializing SSL/TLS, data 0, vece
> [Tue Dec 03 12:25:39 2013] [error] Netdot::LDAP::check_credentials:
> User billp failed LDAP authentication: 80090308: LdapErr:
> DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
>
>
> LDAPS
>
> [Tue Dec 03 12:31:16 2013] [error] Converting POST -> GET
> [Tue Dec 03 12:31:16 2013] [error] credential_0 billp
> [Tue Dec 03 12:31:16 2013] [error] credential_1 mypassword
> [Tue Dec 03 12:31:16 2013] [error] Netdot::LDAP::check_credentials:
> ERROR: Could not contact LDAP server ldaps://10.0.102.115:636
> <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect attempt failed
> because of handshake problemserror:00000000:lib(0):func(0):reason(0)
> [Tue Dec 03 12:31:16 2013] [error] Netdot::LDAP::check_credentials:
> ERROR: Could not contact LDAP server ldaps://10.0.102.115:636
> <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect attempt failed
> because of handshake problemserror:00000000:lib(0):func(0):reason(0)
>
>
>
> On Tue, Dec 3, 2013 at 12:17 PM, Chip Pleasants <[email protected]
> <mailto:[email protected]>> wrote:
>
> I really appreciate your help Carlos! Looks like I get a
> different error for plain ldap after change the following line in
> the LDAP.pm. LDAPS show the same error.
>
>
> LDAP.pm
> $r->log_warn("Netdot::LDAP::check_credentials: Failed to start TLS ".
>
>
> LDAP
> [Tue Dec 03 12:01:06 2013] [error] authentication error code:
> Can't locate object method "log_warn" via package
> "Apache2::RequestRec" at /usr/local/netdot/lib/Netdot/LDAP.pm line
> 134, <DATA> line 522.\n
>
>
> LDAPS
> [Tue Dec 03 11:59:22 2013] [error] Converting POST -> GET
> [Tue Dec 03 11:59:22 2013] [error] credential_0 billp
> [Tue Dec 03 11:59:22 2013] [error] credential_1 mypassword
> [Tue Dec 03 11:59:22 2013] [error]
> Netdot::LDAP::check_credentials: ERROR: Could not contact LDAP
> server ldaps://10.0.102.115:636 <http://10.0.102.115:636>:
> IO::Socket::SSL: SSL connect attempt failed because of handshake
> problemserror:00000000:lib(0):func(0):reason(0)
> [Tue Dec 03 11:59:22 2013] [error]
> Netdot::LDAP::check_credentials: ERROR: Could not contact LDAP
> server ldaps://10.0.102.115:636 <http://10.0.102.115:636>:
> IO::Socket::SSL: SSL connect attempt failed because of handshake
> problemserror:00000000:lib(0):func(0):reason(0)
> [Tue Dec 03 11:59:22 2013] [error]
> Netdot::LDAP::check_credentials: Trying local auth
> [Tue Dec 03 11:59:22 2013] [error]
> Netdot::AuthLocal::check_credentials: cbillp not found in DB
> [Tue Dec 03 11:59:22 2013] [error] authentication error code:
> [Tue Dec 03 11:59:22 2013] [error] Bad credentials
> [Tue Dec 03 11:59:22 2013] [error] auth_type Apache2::SiteControl
> [Tue Dec 03 11:59:22 2013] [error] authorize() for /netdot/login.html
> [Tue Dec 03 11:59:22 2013] [error] Session cookie: UNSET
> [Tue Dec 03 11:59:22 2013] [error] Loading module
> Apache2::SiteControl::UserFactory
> [Tue Dec 03 11:59:22 2013] [error] Using user factory
> Apache2::SiteControl::UserFactory
>
>
>
>
>
>
> On Tue, Dec 3, 2013 at 11:55 AM, Carlos Vicente
> <[email protected] <mailto:[email protected]>> wrote:
>
> Hello Chip,
>
> A quick look at:
>
> http://perl.apache.org/docs/2.0/api/Apache2/Log.html
>
> suggests that "log_warning" should actually be "log_warn".
>
> Try replacing that and try again (remember to restar Apache).
>
> Let me know if it works, as I don't use that module myself.
>
> Best,
>
> cv
>
>
> On 12/3/13, 11:36 AM, Chip Pleasants wrote:
> > First want to thanks for Netdot! We love this tool. We are
> trying to
> > authenticate using either ldap or ldaps and running into
> issues on
> > both. I've listed the errors I'm seeing on both below.
> Pulling my
> > hair out on this one, therefore any assistance is much
> appreciated.
> >
> > Thanks,
> > Chip
> >
> >
> >
> >
> > LDAP
> >
> > [Wed Dec 03 09:40:57 2013] [error] authentication error
> code: Can't
> > locate object method "log_warning" via package
> "Apache2::RequestRec"
> > at /usr/local/netdot/lib/Netdot/LDAP.pm line 134, <DATA>
> line 522.\n
> >
> >
> >
> > LDAPS
> >
> > [Tue Dec 03 09:45:57 2013] [error] Converting POST -> GET
> > [Tue Dec 03 09:45:57 2013] [error] credential_0 billp
> > [Tue Dec 03 09:45:57 2013] [error] credential_1 mypassword
> > [Tue Dec 03 09:45:57 2013] [error]
> Netdot::LDAP::check_credentials:
> > ERROR: Could not contact LDAP server
> ldaps://10.0.102.115:636 <http://10.0.102.115:636>
> > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect
> attempt failed
> > because of handshake
> problemserror:00000000:lib(0):func(0):reason(0)
> > [Tue Dec 03 09:45:57 2013] [error]
> Netdot::LDAP::check_credentials:
> > ERROR: Could not contact LDAP server
> ldaps://10.0.102.115:636 <http://10.0.102.115:636>
> > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect
> attempt failed
> > because of handshake
> problemserror:00000000:lib(0):func(0):reason(0)
> > [Tue Dec 03 09:45:57 2013] [error]
> Netdot::LDAP::check_credentials:
> > Trying local auth
> > [Tue Dec 03 09:45:57 2013] [error]
> > Netdot::AuthLocal::check_credentials: billp not found in DB
> > [Tue Dec 03 09:45:57 2013] [error] authentication error code:
> > [Tue Dec 03 09:45:57 2013] [error] Bad credentials
> > [Tue Dec 03 09:45:57 2013] [error] auth_type
> Apache2::SiteControl
> > [Tue Dec 03 09:45:57 2013] [error] authorize() for
> /netdot/login.html
> > [Tue Dec 03 09:45:57 2013] [error] Session cookie: UNSET
> > [Tue Dec 03 09:45:57 2013] [error] Loading module
> > Apache2::SiteControl::UserFactory
> > [Tue Dec 03 09:45:57 2013] [error] Using user factory
> > Apache2::SiteControl::UserFactory
> > [Tue Dec 03 09:45:57 2013] [error] Building manager
> > [Tue Dec 03 09:45:57 2013] [error] Loading module
> > Netdot::NetdotPermissionFactory
> > [Tue Dec 03 09:45:57 2013] [error] Building a manager using:
> > $managers{$name} =
> Netdot::NetdotPermissionFactory->getPermissionManager()
> >
> > LDAP CONFIG
> >
> > PerlSetVar NetdotLDAPServer
> "ldap://server.domain.domain.net:389
> <http://server.domain.domain.net:389>
> > <http://server.domain.domain.net:389/>"
> > PerlSetVar NetdotLDAPRequireTLS "no"
> > PerlSetVar NetdotLDAPUserDN "uid=<username>"
> > PerlSetVar NetdotLDAPSearchBase "OU=IT,OU=Users,OU=Users
> > ALL,DC=DOMAIN,DC=DOMAIN,DC=NET"
> > PerlSetVar NetdotLDAPFailToLocal "yes"
> >
> >
> > LDAPS CONFIG
> >
> > PerlSetVar NetdotLDAPServer
> "ldaps://server.domain.domain.net
> <http://server.domain.domain.net>:
> > <http://server.domain.domain.net:389/>636"
> > PerlSetVar NetdotLDAPRequireTLS "no"
> > PerlSetVar NetdotLDAPUserDN "uid=<username>"
> > PerlSetVar NetdotLDAPSearchBase "OU=IT,OU=Users,OU=Users
> > ALL,DC=DOMAIN,DC=DOMAIN,DC=NET"
> > PerlSetVar NetdotLDAPFailToLocal "yes"
> >
> >
> >
> >
> > _______________________________________________
> > Netdot-users mailing list
> > [email protected]
> <mailto:[email protected]>
> > https://osl.uoregon.edu/mailman/listinfo/netdot-users
>
>
>
------------------------------
_______________________________________________
Netdot-users mailing list
[email protected]
https://osl.uoregon.edu/mailman/listinfo/netdot-users
End of Netdot-users Digest, Vol 61, Issue 3
*******************************************
