Send Netdot-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://osl.uoregon.edu/mailman/listinfo/netdot-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Netdot-users digest..."
Today's Topics:
1. Re: LDAP Assistance (Chip Pleasants)
----------------------------------------------------------------------
Message: 1
Date: Tue, 3 Dec 2013 14:10:18 -0500
From: Chip Pleasants <[email protected]>
Subject: Re: [Netdot-users] LDAP Assistance
To: Carlos Vicente <[email protected]>
Cc: [email protected]
Message-ID:
<cajq5atoaon40zg6uwl3vnwydm-mvkt0b71625cn3lmefqmy...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Using this config which I found from a previous post works. I just had to
use ldap verses ldaps.
PerlSetVar NetdotLDAPServer "ldaps://adc1.ad.domain.de:636"
PerlSetVar NetdotLDAPServer2 "ldaps://adc2.ad.domain.de:636"
PerlSetVar NetdotLDAPUserDN "<username>@ad.domain.de"
PerlSetVar NetdotLDAPFailToLocal "yes"
-Chip
On Tue, Dec 3, 2013 at 12:38 PM, Carlos Vicente <[email protected]>wrote:
> Ah, sorry. I meant "warn", not "log_warn". I'll update the code to
> reflect that.
>
> Anyways, there is a more fundamental problem with the actual connection
> to your server, which I can't help with.
>
> cv
>
> On 12/3/13, 12:35 PM, Chip Pleasants wrote:
> > Sorry for replying to my own message. Looking at the Apache2::Log
> > documentation it seems like "warn" is the correct syntax. I see a
> > differnt error message when using ldap and the same error message when
> > using ldaps.
> >
> > -Chip
> >
> >
> >
> > LDAP.pm
> > $r->warn("Netdot::LDAP::check_credentials: Failed to start TLS ".
> >
> >
> > LDAP
> >
> > [Tue Dec 03 12:25:39 2013] [error] Converting POST -> GET
> > [Tue Dec 03 12:25:39 2013] [error] credential_0 billp
> > [Tue Dec 03 12:25:39 2013] [error] credential_1 mypassword
> > [Tue Dec 03 12:25:39 2013] [warn] Netdot::LDAP::check_credentials:
> > Failed to start TLS although server advertises TLS support: 00000000:
> > LdapErr: DSID-0C090CF0, comment: Error initializing SSL/TLS, data 0, vece
> > [Tue Dec 03 12:25:39 2013] [error] Netdot::LDAP::check_credentials:
> > User billp failed LDAP authentication: 80090308: LdapErr:
> > DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> >
> >
> > LDAPS
> >
> > [Tue Dec 03 12:31:16 2013] [error] Converting POST -> GET
> > [Tue Dec 03 12:31:16 2013] [error] credential_0 billp
> > [Tue Dec 03 12:31:16 2013] [error] credential_1 mypassword
> > [Tue Dec 03 12:31:16 2013] [error] Netdot::LDAP::check_credentials:
> > ERROR: Could not contact LDAP server ldaps://10.0.102.115:636
> > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect attempt failed
> > because of handshake problemserror:00000000:lib(0):func(0):reason(0)
> > [Tue Dec 03 12:31:16 2013] [error] Netdot::LDAP::check_credentials:
> > ERROR: Could not contact LDAP server ldaps://10.0.102.115:636
> > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect attempt failed
> > because of handshake problemserror:00000000:lib(0):func(0):reason(0)
> >
> >
> >
> > On Tue, Dec 3, 2013 at 12:17 PM, Chip Pleasants <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> > I really appreciate your help Carlos! Looks like I get a
> > different error for plain ldap after change the following line in
> > the LDAP.pm. LDAPS show the same error.
> >
> >
> > LDAP.pm
> > $r->log_warn("Netdot::LDAP::check_credentials: Failed to start TLS ".
> >
> >
> > LDAP
> > [Tue Dec 03 12:01:06 2013] [error] authentication error code:
> > Can't locate object method "log_warn" via package
> > "Apache2::RequestRec" at /usr/local/netdot/lib/Netdot/LDAP.pm line
> > 134, <DATA> line 522.\n
> >
> >
> > LDAPS
> > [Tue Dec 03 11:59:22 2013] [error] Converting POST -> GET
> > [Tue Dec 03 11:59:22 2013] [error] credential_0 billp
> > [Tue Dec 03 11:59:22 2013] [error] credential_1 mypassword
> > [Tue Dec 03 11:59:22 2013] [error]
> > Netdot::LDAP::check_credentials: ERROR: Could not contact LDAP
> > server ldaps://10.0.102.115:636 <http://10.0.102.115:636>:
> > IO::Socket::SSL: SSL connect attempt failed because of handshake
> > problemserror:00000000:lib(0):func(0):reason(0)
> > [Tue Dec 03 11:59:22 2013] [error]
> > Netdot::LDAP::check_credentials: ERROR: Could not contact LDAP
> > server ldaps://10.0.102.115:636 <http://10.0.102.115:636>:
> > IO::Socket::SSL: SSL connect attempt failed because of handshake
> > problemserror:00000000:lib(0):func(0):reason(0)
> > [Tue Dec 03 11:59:22 2013] [error]
> > Netdot::LDAP::check_credentials: Trying local auth
> > [Tue Dec 03 11:59:22 2013] [error]
> > Netdot::AuthLocal::check_credentials: cbillp not found in DB
> > [Tue Dec 03 11:59:22 2013] [error] authentication error code:
> > [Tue Dec 03 11:59:22 2013] [error] Bad credentials
> > [Tue Dec 03 11:59:22 2013] [error] auth_type Apache2::SiteControl
> > [Tue Dec 03 11:59:22 2013] [error] authorize() for /netdot/login.html
> > [Tue Dec 03 11:59:22 2013] [error] Session cookie: UNSET
> > [Tue Dec 03 11:59:22 2013] [error] Loading module
> > Apache2::SiteControl::UserFactory
> > [Tue Dec 03 11:59:22 2013] [error] Using user factory
> > Apache2::SiteControl::UserFactory
> >
> >
> >
> >
> >
> >
> > On Tue, Dec 3, 2013 at 11:55 AM, Carlos Vicente
> > <[email protected] <mailto:[email protected]>> wrote:
> >
> > Hello Chip,
> >
> > A quick look at:
> >
> > http://perl.apache.org/docs/2.0/api/Apache2/Log.html
> >
> > suggests that "log_warning" should actually be "log_warn".
> >
> > Try replacing that and try again (remember to restar Apache).
> >
> > Let me know if it works, as I don't use that module myself.
> >
> > Best,
> >
> > cv
> >
> >
> > On 12/3/13, 11:36 AM, Chip Pleasants wrote:
> > > First want to thanks for Netdot! We love this tool. We are
> > trying to
> > > authenticate using either ldap or ldaps and running into
> > issues on
> > > both. I've listed the errors I'm seeing on both below.
> > Pulling my
> > > hair out on this one, therefore any assistance is much
> > appreciated.
> > >
> > > Thanks,
> > > Chip
> > >
> > >
> > >
> > >
> > > LDAP
> > >
> > > [Wed Dec 03 09:40:57 2013] [error] authentication error
> > code: Can't
> > > locate object method "log_warning" via package
> > "Apache2::RequestRec"
> > > at /usr/local/netdot/lib/Netdot/LDAP.pm line 134, <DATA>
> > line 522.\n
> > >
> > >
> > >
> > > LDAPS
> > >
> > > [Tue Dec 03 09:45:57 2013] [error] Converting POST -> GET
> > > [Tue Dec 03 09:45:57 2013] [error] credential_0 billp
> > > [Tue Dec 03 09:45:57 2013] [error] credential_1 mypassword
> > > [Tue Dec 03 09:45:57 2013] [error]
> > Netdot::LDAP::check_credentials:
> > > ERROR: Could not contact LDAP server
> > ldaps://10.0.102.115:636 <http://10.0.102.115:636>
> > > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect
> > attempt failed
> > > because of handshake
> > problemserror:00000000:lib(0):func(0):reason(0)
> > > [Tue Dec 03 09:45:57 2013] [error]
> > Netdot::LDAP::check_credentials:
> > > ERROR: Could not contact LDAP server
> > ldaps://10.0.102.115:636 <http://10.0.102.115:636>
> > > <http://10.0.102.115:636>: IO::Socket::SSL: SSL connect
> > attempt failed
> > > because of handshake
> > problemserror:00000000:lib(0):func(0):reason(0)
> > > [Tue Dec 03 09:45:57 2013] [error]
> > Netdot::LDAP::check_credentials:
> > > Trying local auth
> > > [Tue Dec 03 09:45:57 2013] [error]
> > > Netdot::AuthLocal::check_credentials: billp not found in DB
> > > [Tue Dec 03 09:45:57 2013] [error] authentication error code:
> > > [Tue Dec 03 09:45:57 2013] [error] Bad credentials
> > > [Tue Dec 03 09:45:57 2013] [error] auth_type
> > Apache2::SiteControl
> > > [Tue Dec 03 09:45:57 2013] [error] authorize() for
> > /netdot/login.html
> > > [Tue Dec 03 09:45:57 2013] [error] Session cookie: UNSET
> > > [Tue Dec 03 09:45:57 2013] [error] Loading module
> > > Apache2::SiteControl::UserFactory
> > > [Tue Dec 03 09:45:57 2013] [error] Using user factory
> > > Apache2::SiteControl::UserFactory
> > > [Tue Dec 03 09:45:57 2013] [error] Building manager
> > > [Tue Dec 03 09:45:57 2013] [error] Loading module
> > > Netdot::NetdotPermissionFactory
> > > [Tue Dec 03 09:45:57 2013] [error] Building a manager using:
> > > $managers{$name} =
> > Netdot::NetdotPermissionFactory->getPermissionManager()
> > >
> > > LDAP CONFIG
> > >
> > > PerlSetVar NetdotLDAPServer
> > "ldap://server.domain.domain.net:389
> > <http://server.domain.domain.net:389>
> > > <http://server.domain.domain.net:389/>"
> > > PerlSetVar NetdotLDAPRequireTLS "no"
> > > PerlSetVar NetdotLDAPUserDN "uid=<username>"
> > > PerlSetVar NetdotLDAPSearchBase "OU=IT,OU=Users,OU=Users
> > > ALL,DC=DOMAIN,DC=DOMAIN,DC=NET"
> > > PerlSetVar NetdotLDAPFailToLocal "yes"
> > >
> > >
> > > LDAPS CONFIG
> > >
> > > PerlSetVar NetdotLDAPServer
> > "ldaps://server.domain.domain.net
> > <http://server.domain.domain.net>:
> > > <http://server.domain.domain.net:389/>636"
> > > PerlSetVar NetdotLDAPRequireTLS "no"
> > > PerlSetVar NetdotLDAPUserDN "uid=<username>"
> > > PerlSetVar NetdotLDAPSearchBase "OU=IT,OU=Users,OU=Users
> > > ALL,DC=DOMAIN,DC=DOMAIN,DC=NET"
> > > PerlSetVar NetdotLDAPFailToLocal "yes"
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Netdot-users mailing list
> > > [email protected]
> > <mailto:[email protected]>
> > > https://osl.uoregon.edu/mailman/listinfo/netdot-users
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://osl.uoregon.edu/pipermail/netdot-users/attachments/20131203/99c54c84/attachment-0001.html
------------------------------
_______________________________________________
Netdot-users mailing list
[email protected]
https://osl.uoregon.edu/mailman/listinfo/netdot-users
End of Netdot-users Digest, Vol 61, Issue 4
*******************************************
