From: Ondrej Valousek <webserv@s3group.cz>
Cc: "autofs@linux.kernel.org" <autofs@linux.kernel.org>
Subject: Re: auto.master in ldap + simple bind
Date: Wed, 21 Jan 2009 10:36:57 +0100 [thread overview]
Message-ID: <4976ECB9.6090207@s3group.cz> (raw)
In-Reply-To: <1232332943.3136.28.camel@zeus.themaw.net>
There is something rotten in the lookup_ldap.c but I can not point my
finger on it.
Things go bad in the lookup_init() function:
5 4.389459 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(1)
"<ROOT>" sasl
6 4.390383 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(1)
saslBindInProgress
7 4.390396 192.168.60.171 -> 192.168.60.172 TCP 39957 > ldap [ACK]
Seq=27 Ack=218 Win=6912 Len=0 TSV=17330479 TSER=592592279
8 4.390846 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(2)
"<ROOT>" sasl
9 4.392733 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(2) success
10 4.393095 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(3)
"<ROOT>" sasl
11 4.394062 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(3)
invalidCredentials (00090313: LdapErr: DSID-0C0904D1, comment:
AcceptSecurityContext error, data 0, v1771)
12 4.394188 192.168.60.171 -> 192.168.60.172 LDAP unbindRequest(4)
Packet 8,9 - we connect to the server to verify the authentication
mechanism, but then we should drop the connection - line 1286 - call to
ldap_unbind_connection(). But this never happens according to the
tcpdump. Instead, another bind follows and fails. The question is now:
1. Why is there no unbindRequest packet? In general, I see 3 bind
requests but only one unbindrequest....
2. Why the second bindRequest fails and the first one succeeds?
I do not want to be too picky, but Windows Server 2008 is the first
server OS from MS to support RFC2307 LDAP schema so I believe we should
be able to connect to it. I have opened a case #1887566 with RedHat
regarding this....
Ondrej
next prev parent reply other threads:[~2009-01-21 9:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-16 14:54 auto.master in ldap + simple bind Ondrej Valousek
2009-01-16 16:12 ` Ian Kent
2009-01-17 5:03 ` Ian Kent
2009-01-18 19:01 ` webserv
2009-01-19 2:42 ` Ian Kent
2009-01-19 11:26 ` Ondrej Valousek
2009-01-21 9:36 ` Ondrej Valousek [this message]
2009-01-21 13:03 ` Ian Kent
2009-01-21 13:11 ` Ondrej Valousek
2009-01-21 13:22 ` Ian Kent
2009-01-21 13:29 ` Ondrej Valousek
2009-01-21 13:49 ` Ian Kent
2009-01-21 13:52 ` Ondrej Valousek
2009-01-21 15:51 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4976ECB9.6090207@s3group.cz \
--to=webserv@s3group.cz \
--cc=autofs@linux.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.