(RADIATOR) Lotus Notes 7.0.2 LDAP

Hugh Irvine hugh at open.com.au
Wed Aug 29 03:44:33 CDT 2007


Hello Sergei -

You should add "Debug 255" to the AuthBy LDAP2 clause:

	<AuthBy LDAP2>
		......
		Debug 255
	</AuthBy>

and run radiusd by hand like this:

	cd **/your/Radiator/distribution**

	perl radiusd -foreground -log_stdout -trace 4 -config_file **/your/ 
configuration/file**

The LDAP debug is written to std_err so you will see it mixed in with  
the Radiator debug.

regards

Hugh



On 29 Aug 2007, at 18:28, Sergei Keler wrote:

>
> I'm sorry but explain me how to chenge config for debug/trace LDAP?
>
>        <AuthBy LDAP2>
>                 Debug
> Gave no result...
>
> running radiusd -foreground was not work too.
>
>  # radiusd -v
> This is Radiator 3.16 on ns
> Copyright Open System Consultants
>
> Debug log:
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller at wifi
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller at wifi
> Wed Aug 29 11:48:53 2007: DEBUG: Handling request with Handler  
> 'Realm=wifi'
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller
> Wed Aug 29 11:48:53 2007: DEBUG:  Deleting session for  
> skiller at wifi, 192.168.0.254, 379
> Wed Aug 29 11:48:53 2007: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Aug 29 11:48:53 2007: INFO: Connecting to notes.office.gdc.ru: 
> 10389
> Wed Aug 29 11:48:53 2007: INFO: Attempting to bind to LDAP server  
> notes.office.gdc.ru:10389
> Wed Aug 29 11:48:53 2007: ERR: ldap search for (& 
> (companyname=General DataComm)(uid=skiller)) failed with error  
> LDAP_INVALID_DN_SYNTAX.
> Wed Aug 29 11:48:53 2007: ERR: Disconnecting from LDAP server  
> (server notes.office.gdc.ru:10389).
> Wed Aug 29 11:48:53 2007: DEBUG: AuthBy LDAP2 result: IGNORE, User  
> database access error
>
> Whats all :-(
>
> Sergei N Keler
> IT-Manager
> General DataComm
> [skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)]  
> [fax +7(812)325-1086]
>
>
> Mike McCauley <mikem at open.com.au>
> 29.08.2007 03:44
>
> To
> "Sergei Keler" <skeler at gdc.ru>
> cc
> radiator at open.com.au, "Hugh Irvine" <hugh at open.com.au>
> Subject
> Re: (RADIATOR) Lotus Notes 7.0.2 LDAP
>
>
>
>
>
> Hello Sergei,
>
> thanks for this report.
> We cant see any cases in Radiator Ldap where a DN would contain  
> spaces (unless
> it was configured that way in the config file).
>
> Perhaps the next step will be for you rerun your tests with the  
> Debug flag
> enabled in your AuthBy LDAP clause. This will cause the LDAP side  
> of the
> conversation to be printed on stdout.
>
> Are you able to get any tracing or logging from your LDAP server to  
> see what
> it thinks the problem is?
>
> Cheers.
>
> On Tuesday 28 August 2007 22:55, Sergei Keler wrote:
> > Hi!
> >
> > Lotus made some changes in their LDAP server:
> >
> > ---
> > In 7.02 some changes were made to interpret LDAP DNs more  
> precisely. It
> > looks like we got a little over zealous with a base of " " (one  
> or more
> > spaces). Rather than returning Invalid DN Syntax we should  
> probably just
> > normalize it to a base of root "" (no space). We'll look into  
> this. In the
> > mean time change the root on your search requests to "".
> > ---
> >
> > Hah! Radiator's LDAP auth module said 'Invalid Syntax' in realms  
> where it
> > worked.
> >
> > Where to dig or what to change in radiator config?
> >
> >        <AuthBy LDAP2>
> >                Host             qqq
> >                Port             xxx
> >                UsernameAttr     uid
> >                PasswordAttr     aaa
> >                AuthDN                   bbb
> >                AuthPassword     ccc
> >                BaseDN           gdc
> >                SearchFilter     (uid=%1)
> >
> > Sergei N Keler
> > IT-Manager
> > General DataComm
> > [skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax
> > +7(812)325-1086]
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,  
> WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia   http:// 
> www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,  
> TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list