LDAP uid error

  • Resolved icarnr

    (@icarnr)


    8 years ago

    After 3 day now I can connect from my WP to My Remote LDAP TLS Server but….
    The connection is UP but plugin test fails becouse when when trying to connect It presents query with uid=apache ……. very strange….
    (&(objectClass=posixAccount)(uid=apache))

    here is the log

    Nov 13 11:42:48 hostingservice slapd[1354]: conn=8585 fd=32 ACCEPT from IP=140.164.14.215:40146 (IP=0.0.0.0:389)
    Nov 13 11:42:48 hostingservice slapd[1354]: conn=8585 op=0 EXT oid=1.3.6.1.4.1.1466.20037
    Nov 13 11:42:48 hostingservice slapd[1354]: conn=8585 op=0 STARTTLS
    Nov 13 11:42:48 hostingservice slapd[1354]: conn=8585 op=0 RESULT oid= err=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8585 fd=32 TLS established tls_ssf=128 ssf=128
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8584 op=1 BIND dn=”” method=128
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8584 op=1 RESULT tag=97 err=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8581 fd=18 TLS established tls_ssf=128 ssf=128
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8583 op=1 BIND dn=”” method=128
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8583 op=1 RESULT tag=97 err=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8582 op=1 BIND dn=”” method=128
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8582 op=1 RESULT tag=97 err=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8585 op=1 BIND dn=”” method=128
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8585 op=1 RESULT tag=97 err=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8584 op=2 SRCH base=”ou=ICAR,ou=account,o=cnr,c=it” scope=2 deref=0 filter=”(&(objectClass=posixAccount)(uid=apache))”
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8584 op=2 SRCH attr=uid uidNumber
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8581 op=1 BIND dn=”” method=128
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8581 op=1 RESULT tag=97 err=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8584 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8583 op=2 SRCH base=”ou=ICAR,ou=account,o=cnr,c=it” scope=2 deref=0 filter=”(&(objectClass=posixAccount)(uid=apache))”
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8583 op=2 SRCH attr=uid uidNumber
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8583 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
    Nov 13 11:42:49 hostingservice slapd[1354]: conn=8582 op=2 SRCH base=”ou=ICAR,ou=acc

    Can you solve the problem?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter icarnr

    (@icarnr)

    I understand the problem

    My connection with my ldap server is ok

    my ldap search work very fine! So

    ldapsearch -Z -D “cn=LoginAccess,ou=account,o=cnr,c=it” -w ********** -p 389 -h hostingservice.src.cnr.it -b “ou=ICAR,ou=account,o=cnr,c=it” -s sub “(&(objectClass=cnrPerson)(uid=vincenzo.errichiello))”

    # ERRICHIELLO VINCENZO, dipendenti, ICAR, account, cnr, it
    dn: cn=ERRICHIELLO VINCENZO,ou=dipendenti,ou=ICAR,ou=account,o=cnr,c=it
    mail: [email protected]
    uid: vincenzo.errichiello
    departmentNumber: 221410
    objectClass: top
    objectClass: person
    objectClass: inetOrgPerson
    objectClass: qmailUser
    objectClass: radiusprofile
    objectClass: cnrPerson
    objectClass: eduPerson
    objectClass: Vacation
    cnrcognome: ERRICHIELLO
    cnrnome: VINCENZO
    cn: ERRICHIELLO VINCENZO
    cnrapp8: si
    matricola: 17131
    accountStatus: Active
    mailForwardingAddress: [email protected]

    # search result
    search: 3
    result: 0 Success

    # numResponses: 2
    # numEntries: 1
    [root@intranet ~]#

    the problem is -Z that instructs ldapsearch to use my TLS certificate.

    But your plugin don’t use it ad is alway red…..

    Immagine incorporata 2

    Can you solve the problem?

    Vincenzo

    Thread Starter icarnr

    (@icarnr)

    StartTLS is the name of the standard LDAP operation for initiating TLS/SSL. TLS/SSL is initiated upon successful completion of this LDAP operation. No alternative port is necessary. It is sometimes referred to as the TLS upgrade operation, as it upgrades a normal LDAP connection to one protected by TLS/SSL.

    https://www.openldap.org/faq/data/cache/185.html

    Thread Starter icarnr

    (@icarnr)

    The LDAP Start TLS operation is used in LDAP to initiate TLS negotiation. All OpenLDAP command line tools support a -Z and -ZZ flag to indicate whether a Start TLS operation is to be issued.

    https://www.openldap.org/doc/admin24/tls.html#Client Certificates

    Thread Starter icarnr

    (@icarnr)

    After the latest release version, the plugin work very FINE with TLS so!!!
    Thz, Vincenzo

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘LDAP uid error’ is closed to new replies.