(RADIATOR) Lotus Notes 7.0.2 LDAP

Sergei Keler skeler at gdc.ru
Wed Aug 29 04:16:04 CDT 2007 

Hi!

Wed Aug 29 13:12:36 2007: DEBUG: Packet dump:
*** Received from 192.168.0.254 port 1645 ....

Packet length = 155
01 72 00 9b d4 e9 f0 f6 d3 5d 56 98 00 00 00 00
00 00 00 00 07 06 00 00 00 01 01 0e 73 6b 69 6c
6c 65 72 40 77 69 66 69 1a 10 00 00 01 37 0b 0a
d4 e9 f0 f6 d3 5d 56 98 1a 3a 00 00 01 37 01 34
01 01 ee 94 61 55 d6 eb 95 c5 53 90 45 4c d2 11
f7 c2 48 d1 de 01 07 bf a4 07 0e ab 89 ce a1 3a
12 c4 d6 74 56 46 a8 2e e1 6f ba f3 af 61 bb 0a
db 21 3d 06 00 00 00 05 05 06 00 00 01 81 57 11
55 6e 69 71 2d 53 65 73 73 2d 49 44 33 38 35 06
06 00 00 00 02 04 06 c0 a8 00 fe
Code:       Access-Request
Identifier: 114
Authentic:  <212><233><240><246><211>]V<152><0><0><0><0><0><0><0><0>
Attributes:
        Framed-Protocol = PPP
        User-Name = "skiller at wifi"
        MS-CHAP-Challenge = <212><233><240><246><211>]V<152>
        MS-CHAP-Response = 
<1><1><238><148>aU<214><235><149><197>S<144>EL<210><17><247><194>H<209><222><1><7><191><164><7><14><171><137><206><161>:<18><196><214>tVF<168>.<225>o<186><243><175>a<187><10><219>!
        NAS-Port-Type = Virtual
        NAS-Port = 385
        NAS-Port-Id = "Uniq-Sess-ID385"
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.0.254

Wed Aug 29 13:12:36 2007: DEBUG: Rewrote user name to skiller at wifi
Wed Aug 29 13:12:36 2007: DEBUG: Rewrote user name to skiller at wifi
Wed Aug 29 13:12:36 2007: DEBUG: Handling request with Handler 
'Realm=wifi'
Wed Aug 29 13:12:36 2007: DEBUG: Rewrote user name to skiller
Wed Aug 29 13:12:36 2007: DEBUG:  Deleting session for skiller at wifi, 
192.168.0.254, 385
Wed Aug 29 13:12:36 2007: DEBUG: Handling with Radius::AuthLDAP2:
Wed Aug 29 13:12:36 2007: INFO: Connecting to notes.office.gdc.ru:10389
Wed Aug 29 13:12:36 2007: DEBUG: !!! my level=15.
Wed Aug 29 13:12:36 2007: INFO: Attempting to bind to LDAP server 
notes.office.gdc.ru:10389
Net::LDAP=HASH(0x8be8e68) sending:

30 1D 02 01 05 60 18 02 01 02 04 08 64 69 61 6C 0....`......dial
61 70 65 72 80 0xxxxxxxxxxxxxxxxxxxxxxxxxx

0000   29: SEQUENCE {
0002    1:   INTEGER = 5
0005   24:   [APPLICATION 0] {
0007    1:     INTEGER = 2
000A    8:     STRING = 'dialaper'
0014    9:     [CONTEXT 0]
0016     :       7xxxxxxxxx
001F     :   }
001F     : }
Net::LDAP=HASH(0x8be8e68) received:

30 0C 02 01 05 61 07 0A 01 00 04 00 04 00 __ __ 0....a........

0000   12: SEQUENCE {
0002    1:   INTEGER = 5
0005    7:   [APPLICATION 1] {
0007    1:     ENUM = 0
000A    0:     STRING = ''
000C    0:     STRING = ''
000E     :   }
000E     : }
Net::LDAP=HASH(0x8be8e68) sending:

30 5C 02 01 06 63 57 04 03 67 64 63 0A 01 02 0A 0\...cW..gdc....
01 02 02 01 00 02 01 00 01 01 00 A0 31 A3 1F 04 ............1...
0B 63 6F 6D 70 61 6E 79 6E 61 6D 65 04 10 47 65 .companyname..Ge
6E 65 72 61 6C 20 44 61 74 61 43 6F 6D 6D A3 0E neral DataComm..
04 03 75 69 64 04 07 73 6B 69 6C 6C 65 72 30 0E ..uid..skiller0.
04 0C 77 69 66 69 70 61 73 73 77 6F 72 64 __ __ ..wifipassword

0000   92: SEQUENCE {
0002    1:   INTEGER = 6
0005   87:   [APPLICATION 3] {
0007    3:     STRING = 'gdc'
000C    1:     ENUM = 2
000F    1:     ENUM = 2
0012    1:     INTEGER = 0
0015    1:     INTEGER = 0
0018    1:     BOOLEAN = FALSE
001B   49:     [CONTEXT 0] {
001D   31:       [CONTEXT 3] {
001F   11:         STRING = 'companyname'
002C   16:         STRING = 'General DataComm'
003E     :       }
003E   14:       [CONTEXT 3] {
0040    3:         STRING = 'uid'
0045    7:         STRING = 'skiller'
004E     :       }
004E     :     }
004E   14:     SEQUENCE {
0050   12:       STRING = 'wifipassword'
005E     :     }
005E     :   }
005E     : }
Net::LDAP=HASH(0x8be8e68) received:

30 0C 02 01 06 65 07 0A 01 22 04 00 04 00 __ __ 0....e..."....

0000   12: SEQUENCE {
0002    1:   INTEGER = 6
0005    7:   [APPLICATION 5] {
0007    1:     ENUM = 34
000A    0:     STRING = ''
000C    0:     STRING = ''
000E     :   }
000E     : }
Wed Aug 29 13:12:36 2007: ERR: ldap search for (&(companyname=General 
DataComm)(uid=skiller)) failed with error LDAP_INVALID_DN_SYNTAX.
Wed Aug 29 13:12:36 2007: ERR: Disconnecting from LDAP server (server 
notes.office.gdc.ru:10389).
Wed Aug 29 13:12:36 2007: DEBUG: AuthBy LDAP2 result: IGNORE, User 
database access error

Sergei N Keler
IT-Manager
General DataComm
[skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax 
+7(812)325-1086]



Mike McCauley <mikem at open.com.au> 
Sent by: owner-radiator at open.com.au
29.08.2007 04:16

To
"Sergei Keler" <skeler at gdc.ru>
cc
radiator at open.com.au, "Hugh Irvine" <hugh at open.com.au>
Subject
Re: (RADIATOR) Lotus Notes 7.0.2 LDAP






Hello Sergei,

thanks for this report.
We cant see any cases in Radiator Ldap where a DN would contain spaces 
(unless 
it was configured that way in the config file).

Perhaps the next step will be for you rerun your tests with the Debug flag 

enabled in your AuthBy LDAP clause. This will cause the LDAP side of the 
conversation to be printed on stdout.

Are you able to get any tracing or logging from your LDAP server to see 
what 
it thinks the problem is?

Cheers.

On Tuesday 28 August 2007 22:55, Sergei Keler wrote:
> Hi!
>
> Lotus made some changes in their LDAP server:
>
> ---
> In 7.02 some changes were made to interpret LDAP DNs more precisely. It
> looks like we got a little over zealous with a base of " " (one or more
> spaces). Rather than returning Invalid DN Syntax we should probably just
> normalize it to a base of root "" (no space). We'll look into this. In 
the
> mean time change the root on your search requests to "".
> ---
>
> Hah! Radiator's LDAP auth module said 'Invalid Syntax' in realms where 
it
> worked.
>
> Where to dig or what to change in radiator config?
>
>        <AuthBy LDAP2>
>                Host             qqq
>                Port             xxx
>                UsernameAttr     uid
>                PasswordAttr     aaa
>                AuthDN                   bbb
>                AuthPassword     ccc
>                BaseDN           gdc
>                SearchFilter     (uid=%1)
>
> Sergei N Keler
> IT-Manager
> General DataComm
> [skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax
> +7(812)325-1086]

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   
http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070829/f47c0f30/attachment.html>

More information about the radiator mailing list