[Users] LDAP

Nathan Stratton nathan at robotics.net
Sun Feb 19 15:00:20 EST 2012


On Sun, 19 Feb 2012, Yaniv Kaul wrote:

> I'd try with wireshark to capture ports 88, 53 and 389 (something like '-s 
> 1500 -w /tmp/file.pcap port 53 or port 88 or port 389' if you are using 
> tcpdump).

http://share.robotics.net/ldap.pcap

> Then check that indeed the responses from DNS correlate well with what we are 
> trying to connect to.

Yep, its hitting the LDAP server, just not getting what it wants back. Is 
it possible that it does not like the "<ROOT>" and that it should be ""?

I.E. If I do:

[root at ovirt-engine ~]# ldapsearch -H ldap://10.10.0.105 -x -s base -b "" +
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#

#
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=blinkmind,dc=net
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
entryDN:
subschemaSubentry: cn=Subschema

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

But if I do:

[root at ovirt-engine ~]# ldapsearch -H ldap://10.10.0.105 -x -s base -b 
"<ROOT>" +
# extended LDIF
#
# LDAPv3
# base <<ROOT>> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1



> (BTW, there was a regression in the code not so long ago in that area - are 
> you using latest code?).

3.0.0_0001-1.6.fc16

><>
Nathan Stratton                                CTO, BlinkMind, Inc.
nathan at robotics.net                         nathan at blinkmind.com
http://www.robotics.net                        http://www.blinkmind.com



More information about the Users mailing list