(RADIATOR) OpenLDAP 2 says "unknown LDAP request"

Hugh Irvine hugh at open.com.au
Mon May 21 20:00:11 CDT 2001 

Hello Eric -

This is the error I see in the LDAP log:

> ldap_read: want=1 error=Resource temporarily unavailable
> ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
> unknown LDAP request 0x40
> send_ldap_disconnect 2:unknown LDAP request

I would suggest checking the perl-ldap docs and the OpenLDAP docs for any 
known issues, and perhaps trying an earlier version of perl-ldap. I don't 
think there is any use in trying to make Radiator work if perl-ldap itself is 
not working.

Have you also made sure that you can issue the same query directly to the 
LDAP server?

hth

Hugh


> Ok, here's my setup:
>
> Sparc / Solaris8
> Perl 5.6.0
> OpenLDAP 2.0.12
> perl-ldap 0.23
>
> For some reason... when I try to make Radiator query the LDAP directory
> for usernames, OpenLDAP responds with "Unknown LDAP request".  Has anyone
> had a similar problem?  One thing that i have noticed is that some of the
> "make test" tests for perl-ldap-0.23 failed.  Specifically, the filter
> test failed.  Has anyone tried get perl-ldap-0.23 going on Solaris?
>
> I have successfully gotten this working in the past on Solaris7 and a
> much older version of perl-ldap.
>
> Anyway, here is my AuthBY clause for LDAP
>
>     <AuthBy LDAP2>
>                 Host auth1.viawest.net
>                 AuthDN  cn=server,dc=ldapusers,dc=viawest,dc=net
>                 AuthPassword XXXXXXXX
>                 BaseDN ou=Customers,dc=viawest,dc=net
>                 Scope sub
>                 UsernameAttr uid
>                 PasswordAttr userPassword
>                 Debug 255
>     </AuthBy>
>
> And here is the debug output i have.
>
> Here is a connection attempt from Radiator:
>
> ------[ slapd debug output ]--------------
> daemon: activity on 1 descriptors
> daemon: new connection on 15
> daemon: conn=5 fd=15 connection from IP=216.87.64.20:35593 (IP=0.0.0.0:389)
> accepted.
> daemon: added 15r
> daemon: activity on:
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 15r
> daemon: read activity on 15
> connection_get(15)
> connection_get(15): got connid=5
> connection_read(15): checking for input on id=5
> ber_get_next
> ldap_read: want=1, got=1
>   0000:  30                                                 0
> ldap_read: want=1, got=1
>   0000:  3d                                                 =
> ldap_read: want=61, got=61
>   0000:  02 01 01 40 38 02 01 02  04 28 63 6e 3d 73 65 72  
> ... at 8....(cn=ser 0010:  76 65 72 2c 64 63 3d 6c  64 61 70 75 73 65 72 73  
> ver,dc=ldapusers 0020:  2c 64 63 3d 76 69 61 77  65 73 74 2c 64 63 3d 6e  
> ,dc=viawest,dc=n 0030:  65 74 80 09 XX XX XX XX  XX XX XX XX XX           
> et..XXXXXXXXX ber_get_next: tag 0x30 len 61 contents:
> ber_dump: buf=0x0022e000 ptr=0x0022e000 end=0x0022e03d len=61
>   0000:  02 01 01 40 38 02 01 02  04 28 63 6e 3d 73 65 72  
> ... at 8....(cn=ser 0010:  76 65 72 2c 64 63 3d 6c  64 61 70 75 73 65 72 73  
> ver,dc=ldapusers 0020:  2c 64 63 3d 76 69 61 77  65 73 74 2c 64 63 3d 6e  
> ,dc=viawest,dc=n 0030:  65 74 80 09 72 6f 74 6f  21 63 6c 69 70           
> et..XXXXXXXXX ber_get_next
> ldap_read: want=1 error=Resource temporarily unavailable
> ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
> unknown LDAP request 0x40
> send_ldap_disconnect 2:unknown LDAP request
> send_ldap_response: msgid=0 tag=120 err=2
> ber_flush: 58 bytes to sd 15
>   0000:  30 38 02 01 00 78 33 0a  01 02 04 00 04 14 75 6e  
> 08...x3.......un 0010:  6b 6e 6f 77 6e 20 4c 44  41 50 20 72 65 71 75 65  
> known LDAP reque 0020:  73 74 8a 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e  
> st..1.3.6.1.4.1. 0030:  31 34 36 36 2e 32 30 30  33 36                    
> 1466.20036 ldap_write: want=58, written=58
>   0000:  30 38 02 01 00 78 33 0a  01 02 04 00 04 14 75 6e  
> 08...x3.......un 0010:  6b 6e 6f 77 6e 20 4c 44  41 50 20 72 65 71 75 65  
> known LDAP reque 0020:  73 74 8a 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e  
> st..1.3.6.1.4.1. 0030:  31 34 36 36 2e 32 30 30  33 36                    
> 1466.20036 conn=5 op=0 DISCONNECT err=120 tag=2 text=unknown LDAP request
> daemon: select: listen=7 active_threads=1 tvp=NULL
> --------------------
>
> It doesn't really look like it's able to bind to the server properly.
>
> I turned on a level 4 trace on radiator, and put "debug 255" in the AuthBy
> LDAP2 clause.  It provided this information
>
> --------[ radiator debug output ]-------------
>
> Mon May 21 16:33:08 2001: INFO: Server started: Radiator 2.18 on
> book.viawest.net
> Mon May 21 16:33:13 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 41436 ....
> Code:       Access-Request
> Identifier: 133
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "edk"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         Password = "<15>!<30><250>8<195><28><246>O<156><203>d<I3g"
>
> Mon May 21 16:33:13 2001: DEBUG: Handling request with Handler
> 'Realm=test.viawest.net'
> Mon May 21 16:33:13 2001: DEBUG: Rewrote user name to edk
> Mon May 21 16:33:13 2001: DEBUG:  Deleting session for edk, 203.63.154.1,
> 1234 Mon May 21 16:33:13 2001: DEBUG: do query is: delete from radonline
> where username='edk' and nasidentifier='203.63.154.1' and nasport=1234
>
> Mon May 21 16:33:13 2001: DEBUG: Handling with Radius::AuthSQL
> Mon May 21 16:33:13 2001: DEBUG: Handling with Radius::AuthLDAP2
> Mon May 21 16:33:13 2001: DEBUG: Connecting to auth1.viawest.net, port 389
> Net::LDAP=HASH(0x98cb88) sending:
>
> 30 3D 02 01 01 40 38 02 01 02 04 28 63 6E 3D 73 0=... at 8....(cn=s
> 65 72 76 65 72 2C 64 63 3D 6C 64 61 70 75 73 65 erver,dc=ldapuse
> 72 73 2C 64 63 3D 76 69 61 77 65 73 74 2C 64 63 rs,dc=viawest,dc
> 3D 6E 65 74 80 09 XX XX XX XX XX XX XX XX XX __ =net..XXXXXXXXX
>
> 0000 30   61: SEQUENCE {
> 0002 02    1:   INTEGER = 1
> 0005 40   56:   [APPLICATION 0]
> 0007        :     02 01 02 04 28 63 6E 3D 73 65 72 76 65 72 2C 64
> .....(cn=server,d
> 0017        :     63 3D 6C 64 61 70 75 73 65 72 73 2C 64 63 3D 76
> c=ldapusers,dc=v
> 0027        :     69 61 77 65 73 74 2C 64 63 3D 6E 65 74 80 09 XX
> iawest,dc=net..X
> 0037        :     XX XX XX XX XX XX XX XX __ __ __ __ __ __ __ __ XXXXXXXX
> 003F        : }
> Net::LDAP=HASH(0x98cb88) received:
>
> 30 38 02 01 00 78 33 0A 01 02 04 00 04 14 75 6E 08...x3.......un
> 6B 6E 6F 77 6E 20 4C 44 41 50 20 72 65 71 75 65 known LDAP reque
> 73 74 8A 16 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E st..1.3.6.1.4.1.
> 31 34 36 36 2E 32 30 30 33 36 __ __ __ __ __ __ 1466.20036
>
> 0000 30   56: SEQUENCE {
> 0002 02    1:   INTEGER = 0
> 0005 78   51:   [APPLICATION 24] {
> 0007 0A    1:     ENUM = 2
> 000A 04    0:     STRING = ''
> 000C 04   20:     STRING = 'unknown LDAP request'
> 0022 8A   22:     [CONTEXT 10]
> 0024        :       31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36
> 1.3.6.1.4.1.1466
> 0034        :       2E 32 30 30 33 36 __ __ __ __ __ __ __ __ __ __ .20036
> 003A        :   }
> 003A        : }
> Unexpected PDU, ignored
> ----------------
>
> Has anyone had a similar problem?
>
>
>
>
> ---End of forwarded mail from owner-radiator at open.com.au

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list