(RADIATOR) OpenLDAP 2 says "unknown LDAP request"

Mike McCauley mikem at open.com.au
Tue May 22 09:28:36 CDT 2001


--- Forwarded mail from owner-radiator at open.com.au

From: owner-radiator at open.com.au
Date: Mon, 21 May 2001 15:50:06 -0500
To: radiator-approval at open.com.au
Subject: BOUNCE radiator at open.com.au:    Non-member submission from [Eric
Kilfoil <ekilfoil at viawest.net>]

>From mikem at server1.open.com.au Mon May 21 15:50:05 2001
Received: from emory.viawest.net (mx2.viawest.net [216.87.64.4])
	by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f4LKo5D24545
	for <radiator at open.com.au>; Mon, 21 May 2001 15:50:05 -0500
Received: from mvec.viawest.net (mvec.viawest.net [216.87.64.3])
	by emory.viawest.net (8.9.3/8.9.3/viawest-1.0) with ESMTP id QAA26596
	for <radiator at open.com.au>; Mon, 21 May 2001 16:47:05 -0600 (MDT)
Received: from localhost (edk at localhost)
	by mvec.viawest.net (8.9.3+Sun/8.9.3) with ESMTP id QAA00759
	for <radiator at open.com.au>; Mon, 21 May 2001 16:47:01 -0600 (MDT)
X-Authentication-Warning: mvec.viawest.net: edk owned process doing -bs
Date: Mon, 21 May 2001 16:47:01 -0600 (MDT)
From: Eric Kilfoil <ekilfoil at viawest.net>
X-X-Sender:  <edk at mvec.viawest.net>
To: <radiator at open.com.au>
Subject: OpenLDAP 2 says "unknown LDAP request"
Message-ID: <Pine.GSO.4.32.0105211633250.29723-100000 at mvec.viawest.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


Ok, here's my setup:

Sparc / Solaris8
Perl 5.6.0
OpenLDAP 2.0.12
perl-ldap 0.23

For some reason... when I try to make Radiator query the LDAP directory
for usernames, OpenLDAP responds with "Unknown LDAP request".  Has anyone
had a similar problem?  One thing that i have noticed is that some of the
"make test" tests for perl-ldap-0.23 failed.  Specifically, the filter
test failed.  Has anyone tried get perl-ldap-0.23 going on Solaris?

I have successfully gotten this working in the past on Solaris7 and a
much older version of perl-ldap.

Anyway, here is my AuthBY clause for LDAP

    <AuthBy LDAP2>
                Host auth1.viawest.net
                AuthDN  cn=server,dc=ldapusers,dc=viawest,dc=net
                AuthPassword XXXXXXXX
                BaseDN ou=Customers,dc=viawest,dc=net
                Scope sub
                UsernameAttr uid
                PasswordAttr userPassword
                Debug 255
    </AuthBy>

And here is the debug output i have.

Here is a connection attempt from Radiator:

------[ slapd debug output ]--------------
daemon: activity on 1 descriptors
daemon: new connection on 15
daemon: conn=5 fd=15 connection from IP=216.87.64.20:35593 (IP=0.0.0.0:389)
accepted.
daemon: added 15r
daemon: activity on:
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 15r
daemon: read activity on 15
connection_get(15)
connection_get(15): got connid=5
connection_read(15): checking for input on id=5
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  3d                                                 =
ldap_read: want=61, got=61
  0000:  02 01 01 40 38 02 01 02  04 28 63 6e 3d 73 65 72   ... at 8....(cn=ser
  0010:  76 65 72 2c 64 63 3d 6c  64 61 70 75 73 65 72 73   ver,dc=ldapusers
  0020:  2c 64 63 3d 76 69 61 77  65 73 74 2c 64 63 3d 6e   ,dc=viawest,dc=n
  0030:  65 74 80 09 XX XX XX XX  XX XX XX XX XX            et..XXXXXXXXX
ber_get_next: tag 0x30 len 61 contents:
ber_dump: buf=0x0022e000 ptr=0x0022e000 end=0x0022e03d len=61
  0000:  02 01 01 40 38 02 01 02  04 28 63 6e 3d 73 65 72   ... at 8....(cn=ser
  0010:  76 65 72 2c 64 63 3d 6c  64 61 70 75 73 65 72 73   ver,dc=ldapusers
  0020:  2c 64 63 3d 76 69 61 77  65 73 74 2c 64 63 3d 6e   ,dc=viawest,dc=n
  0030:  65 74 80 09 72 6f 74 6f  21 63 6c 69 70            et..XXXXXXXXX
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
unknown LDAP request 0x40
send_ldap_disconnect 2:unknown LDAP request
send_ldap_response: msgid=0 tag=120 err=2
ber_flush: 58 bytes to sd 15
  0000:  30 38 02 01 00 78 33 0a  01 02 04 00 04 14 75 6e   08...x3.......un
  0010:  6b 6e 6f 77 6e 20 4c 44  41 50 20 72 65 71 75 65   known LDAP reque
  0020:  73 74 8a 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e   st..1.3.6.1.4.1.
  0030:  31 34 36 36 2e 32 30 30  33 36                     1466.20036
ldap_write: want=58, written=58
  0000:  30 38 02 01 00 78 33 0a  01 02 04 00 04 14 75 6e   08...x3.......un
  0010:  6b 6e 6f 77 6e 20 4c 44  41 50 20 72 65 71 75 65   known LDAP reque
  0020:  73 74 8a 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e   st..1.3.6.1.4.1.
  0030:  31 34 36 36 2e 32 30 30  33 36                     1466.20036
conn=5 op=0 DISCONNECT err=120 tag=2 text=unknown LDAP request
daemon: select: listen=7 active_threads=1 tvp=NULL
--------------------

It doesn't really look like it's able to bind to the server properly.

I turned on a level 4 trace on radiator, and put "debug 255" in the AuthBy
LDAP2 clause.  It provided this information

--------[ radiator debug output ]-------------

Mon May 21 16:33:08 2001: INFO: Server started: Radiator 2.18 on
book.viawest.net
Mon May 21 16:33:13 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 41436 ....
Code:       Access-Request
Identifier: 133
Authentic:  1234567890123456
Attributes:
        User-Name = "edk"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        Password = "<15>!<30><250>8<195><28><246>O<156><203>d<I3g"

Mon May 21 16:33:13 2001: DEBUG: Handling request with Handler
'Realm=test.viawest.net'
Mon May 21 16:33:13 2001: DEBUG: Rewrote user name to edk
Mon May 21 16:33:13 2001: DEBUG:  Deleting session for edk, 203.63.154.1, 1234
Mon May 21 16:33:13 2001: DEBUG: do query is: delete from radonline where
username='edk' and nasidentifier='203.63.154.1' and nasport=1234

Mon May 21 16:33:13 2001: DEBUG: Handling with Radius::AuthSQL
Mon May 21 16:33:13 2001: DEBUG: Handling with Radius::AuthLDAP2
Mon May 21 16:33:13 2001: DEBUG: Connecting to auth1.viawest.net, port 389
Net::LDAP=HASH(0x98cb88) sending:

30 3D 02 01 01 40 38 02 01 02 04 28 63 6E 3D 73 0=... at 8....(cn=s
65 72 76 65 72 2C 64 63 3D 6C 64 61 70 75 73 65 erver,dc=ldapuse
72 73 2C 64 63 3D 76 69 61 77 65 73 74 2C 64 63 rs,dc=viawest,dc
3D 6E 65 74 80 09 XX XX XX XX XX XX XX XX XX __ =net..XXXXXXXXX

0000 30   61: SEQUENCE {
0002 02    1:   INTEGER = 1
0005 40   56:   [APPLICATION 0]
0007        :     02 01 02 04 28 63 6E 3D 73 65 72 76 65 72 2C 64
....(cn=server,d
0017        :     63 3D 6C 64 61 70 75 73 65 72 73 2C 64 63 3D 76
c=ldapusers,dc=v
0027        :     69 61 77 65 73 74 2C 64 63 3D 6E 65 74 80 09 XX
iawest,dc=net..X
0037        :     XX XX XX XX XX XX XX XX __ __ __ __ __ __ __ __ XXXXXXXX
003F        : }
Net::LDAP=HASH(0x98cb88) received:

30 38 02 01 00 78 33 0A 01 02 04 00 04 14 75 6E 08...x3.......un
6B 6E 6F 77 6E 20 4C 44 41 50 20 72 65 71 75 65 known LDAP reque
73 74 8A 16 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E st..1.3.6.1.4.1.
31 34 36 36 2E 32 30 30 33 36 __ __ __ __ __ __ 1466.20036

0000 30   56: SEQUENCE {
0002 02    1:   INTEGER = 0
0005 78   51:   [APPLICATION 24] {
0007 0A    1:     ENUM = 2
000A 04    0:     STRING = ''
000C 04   20:     STRING = 'unknown LDAP request'
0022 8A   22:     [CONTEXT 10]
0024        :       31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36
1.3.6.1.4.1.1466
0034        :       2E 32 30 30 33 36 __ __ __ __ __ __ __ __ __ __ .20036
003A        :   }
003A        : }
Unexpected PDU, ignored
----------------

Has anyone had a similar problem?




---End of forwarded mail from owner-radiator at open.com.au

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list