(RADIATOR) Lotus Notes 7.0.2 LDAP
Sergei Keler
skeler at gdc.ru
Wed Aug 29 04:34:41 CDT 2007
Waw! I was so stupid...
Notes LDAP said wrong about BaseDN. Before Notes 7.0.2FP2 it skipped bad
syntax but now need right one.
Sorry...
I just change
BaseDN gdc
to
BaseDN o=gdc
and find it works!
Sergei N Keler
IT-Manager
General DataComm
[skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax
+7(812)325-1086]
Hugh Irvine <hugh at open.com.au>
29.08.2007 12:45
To
"Sergei Keler" <skeler at gdc.ru>
cc
Mike McCauley <mikem at open.com.au>, radiator at open.com.au
Subject
Re: (RADIATOR) Lotus Notes 7.0.2 LDAP
Hello Sergei -
You should add "Debug 255" to the AuthBy LDAP2 clause:
<AuthBy LDAP2>
......
Debug 255
</AuthBy>
and run radiusd by hand like this:
cd **/your/Radiator/distribution**
perl radiusd -foreground -log_stdout -trace 4
-config_file **/your/
configuration/file**
The LDAP debug is written to std_err so you will see it mixed in with
the Radiator debug.
regards
Hugh
On 29 Aug 2007, at 18:28, Sergei Keler wrote:
>
> I'm sorry but explain me how to chenge config for debug/trace LDAP?
>
> <AuthBy LDAP2>
> Debug
> Gave no result...
>
> running radiusd -foreground was not work too.
>
> # radiusd -v
> This is Radiator 3.16 on ns
> Copyright Open System Consultants
>
> Debug log:
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller at wifi
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller at wifi
> Wed Aug 29 11:48:53 2007: DEBUG: Handling request with Handler
> 'Realm=wifi'
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller
> Wed Aug 29 11:48:53 2007: DEBUG: Deleting session for
> skiller at wifi, 192.168.0.254, 379
> Wed Aug 29 11:48:53 2007: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Aug 29 11:48:53 2007: INFO: Connecting to notes.office.gdc.ru:
> 10389
> Wed Aug 29 11:48:53 2007: INFO: Attempting to bind to LDAP server
> notes.office.gdc.ru:10389
> Wed Aug 29 11:48:53 2007: ERR: ldap search for (&
> (companyname=General DataComm)(uid=skiller)) failed with error
> LDAP_INVALID_DN_SYNTAX.
> Wed Aug 29 11:48:53 2007: ERR: Disconnecting from LDAP server
> (server notes.office.gdc.ru:10389).
> Wed Aug 29 11:48:53 2007: DEBUG: AuthBy LDAP2 result: IGNORE, User
> database access error
>
> Whats all :-(
>
> Sergei N Keler
> IT-Manager
> General DataComm
> [skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)]
> [fax +7(812)325-1086]
>
>
> Mike McCauley <mikem at open.com.au>
> 29.08.2007 03:44
>
> To
> "Sergei Keler" <skeler at gdc.ru>
> cc
> radiator at open.com.au, "Hugh Irvine" <hugh at open.com.au>
> Subject
> Re: (RADIATOR) Lotus Notes 7.0.2 LDAP
>
>
>
>
>
> Hello Sergei,
>
> thanks for this report.
> We cant see any cases in Radiator Ldap where a DN would contain
> spaces (unless
> it was configured that way in the config file).
>
> Perhaps the next step will be for you rerun your tests with the
> Debug flag
> enabled in your AuthBy LDAP clause. This will cause the LDAP side
> of the
> conversation to be printed on stdout.
>
> Are you able to get any tracing or logging from your LDAP server to
> see what
> it thinks the problem is?
>
> Cheers.
>
> On Tuesday 28 August 2007 22:55, Sergei Keler wrote:
> > Hi!
> >
> > Lotus made some changes in their LDAP server:
> >
> > ---
> > In 7.02 some changes were made to interpret LDAP DNs more
> precisely. It
> > looks like we got a little over zealous with a base of " " (one
> or more
> > spaces). Rather than returning Invalid DN Syntax we should
> probably just
> > normalize it to a base of root "" (no space). We'll look into
> this. In the
> > mean time change the root on your search requests to "".
> > ---
> >
> > Hah! Radiator's LDAP auth module said 'Invalid Syntax' in realms
> where it
> > worked.
> >
> > Where to dig or what to change in radiator config?
> >
> > <AuthBy LDAP2>
> > Host qqq
> > Port xxx
> > UsernameAttr uid
> > PasswordAttr aaa
> > AuthDN bbb
> > AuthPassword ccc
> > BaseDN gdc
> > SearchFilter (uid=%1)
> >
> > Sergei N Keler
> > IT-Manager
> > General DataComm
> > [skeler at gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax
> > +7(812)325-1086]
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++,
> WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://
> www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070829/3a7e270c/attachment.html>
More information about the radiator
mailing list