(RADIATOR) Lotus Notes 7.0.2 LDAP

Sergei Keler skeler at gdc.ru
Wed Aug 29 03:28:27 CDT 2007


I'm sorry but explain me how to chenge config for debug/trace LDAP?

       <AuthBy LDAP2>
                Debug
Gave no result...

running radiusd -foreground was not work too.

 # radiusd -v
This is Radiator 3.16 on ns
Copyright Open System Consultants

Debug log:
Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller at wifi
Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller at wifi
Wed Aug 29 11:48:53 2007: DEBUG: Handling request with Handler 
'Realm=wifi'
Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller
Wed Aug 29 11:48:53 2007: DEBUG:  Deleting session for skiller at wifi, 
192.168.0.254, 379
Wed Aug 29 11:48:53 2007: DEBUG: Handling with Radius::AuthLDAP2:
Wed Aug 29 11:48:53 2007: INFO: Connecting to notes.office.gdc.ru:10389
Wed Aug 29 11:48:53 2007: INFO: Attempting to bind to LDAP server 
notes.office.gdc.ru:10389
Wed Aug 29 11:48:53 2007: ERR: ldap search for (&(companyname=General 
DataComm)(uid=skiller)) failed with error LDAP_INVALID_DN_SYNTAX.
Wed Aug 29 11:48:53 2007: ERR: Disconnecting from LDAP server (server 
notes.office.gdc.ru:10389).
Wed Aug 29 11:48:53 2007: DEBUG: AuthBy LDAP2 result: IGNORE, User 
database access error

Whats all :-(

Sergei N Keler
IT-Manager
General DataComm
[skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax 
+7(812)325-1086]



Mike McCauley <mikem at open.com.au> 
29.08.2007 03:44

To
"Sergei Keler" <skeler at gdc.ru>
cc
radiator at open.com.au, "Hugh Irvine" <hugh at open.com.au>
Subject
Re: (RADIATOR) Lotus Notes 7.0.2 LDAP






Hello Sergei,

thanks for this report.
We cant see any cases in Radiator Ldap where a DN would contain spaces 
(unless 
it was configured that way in the config file).

Perhaps the next step will be for you rerun your tests with the Debug flag 

enabled in your AuthBy LDAP clause. This will cause the LDAP side of the 
conversation to be printed on stdout.

Are you able to get any tracing or logging from your LDAP server to see 
what 
it thinks the problem is?

Cheers.

On Tuesday 28 August 2007 22:55, Sergei Keler wrote:
> Hi!
>
> Lotus made some changes in their LDAP server:
>
> ---
> In 7.02 some changes were made to interpret LDAP DNs more precisely. It
> looks like we got a little over zealous with a base of " " (one or more
> spaces). Rather than returning Invalid DN Syntax we should probably just
> normalize it to a base of root "" (no space). We'll look into this. In 
the
> mean time change the root on your search requests to "".
> ---
>
> Hah! Radiator's LDAP auth module said 'Invalid Syntax' in realms where 
it
> worked.
>
> Where to dig or what to change in radiator config?
>
>        <AuthBy LDAP2>
>                Host             qqq
>                Port             xxx
>                UsernameAttr     uid
>                PasswordAttr     aaa
>                AuthDN                   bbb
>                AuthPassword     ccc
>                BaseDN           gdc
>                SearchFilter     (uid=%1)
>
> Sergei N Keler
> IT-Manager
> General DataComm
> [skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax
> +7(812)325-1086]

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   
http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070829/f7553cae/attachment.html>


More information about the radiator mailing list