<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 02/01/2013 05:25 PM, Christian Hernandez wrote:
<blockquote
cite="mid:CAH3k4=dGAtC4n2mL1PM0Exv93sHebCbrxW5z_=_NCrqG1sA=+w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hello<br>
<br>
Attached is a TCPDUMP.<br>
<br>
</div>
Communication is happening between 192.168.114.95 and
192.168.114.114<br>
</div>
</blockquote>
<br>
Thanks. The problem is that 389 doesn't like the fact that the
search request includes the control tag but the length is 0. You
said you were using CDS 8.1 - if that was centos-ds running on EL5,
that used mozldap for the ldap sdk. 389 now uses openldap for the
ldap sdk. Looks like there is a slight difference between how
mozldap and openldap handle this situation. Please file a ticket at
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/newticket">https://fedorahosted.org/389/newticket</a><br>
<br>
In the meantime, is there some option in github server to either
completely disable LDAP controls in the LDAP search request? Or,
alternately, is there a way to add some control to the search
request? The goal is to figure out some way to tell github not to
pass in a 0 length LDAP control sequence.<br>
<br>
<blockquote
cite="mid:CAH3k4=dGAtC4n2mL1PM0Exv93sHebCbrxW5z_=_NCrqG1sA=+w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div class="gmail_extra">
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian Hernandez<br>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">On Fri, Feb 1, 2013 at 12:57 PM,
Rich Megginson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="im"> On 02/01/2013 01:42 PM, Christian
Hernandez wrote:
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>We are trying to configure our
internal GitHub server to use Our
IPA server's LDAP for user logins.<br>
<br>
</div>
We successfully configured it; but
users can't seem to login.<br>
<br>
</div>
So, before you ask, yes we do have an
active support case with
githubenterprise about this; but wanted
to see if anyone else ran into the same
issue.<br>
<br>
</div>
Attached is the screenshot of the config.<br>
<br>
</div>
This is the errors I'm seeing in the DirSrv
logs<br>
<br>
<span style="font-family:comic sans
ms,sans-serif"><br>
[25/Jan/2013:15:41:35 -0800] conn=29453
fd=241 slot=241 <span
style="background-color:rgb(255,255,0)">connection
from 192.168.114.95</span> to
192.168.114.114<br>
[25/Jan/2013:15:41:35 -0800] conn=29453
op=0 BIND
dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
method=128 version=3<br>
[25/Jan/2013:15:41:35 -0800] conn=29453
op=0 RESULT err=0 tag=97 nentries=0
etime=0 <span
style="background-color:rgb(255,255,0)">dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"</span><br>
[25/Jan/2013:15:41:35 -0800] conn=29453
op=1 SRCH base="" scope=2
filter="(uid=chrish)", failed to decode
LDAP controls<br>
[25/Jan/2013:15:41:35 -0800] conn=29453
op=1 RESULT err=2 tag=101 nentries=0
etime=0 <br>
[25/Jan/2013:15:41:35 -0800] conn=29453
op=-1 fd=241 closed - B1<br>
<br>
</span></div>
<span style="font-family:comic sans
ms,sans-serif"><font
face="arial,helvetica,sans-serif">Anyone
has run into this?<br>
</font></span></div>
</blockquote>
<br>
</div>
Looks like DS is receiving some LDAP controls that
it doesn't know how to process. Does this work with
any other LDAP server? Can you run wireshark/tshark
and capture the network traffic? I'd like to see
what the BER looks like.<br>
<br>
<blockquote type="cite">
<div class="im">
<div dir="ltr"><span style="font-family:comic
sans ms,sans-serif"><font
face="arial,helvetica,sans-serif"> <br>
Also, I haven't tried connecting with TLS
because I don't know where to find the
cert! So if someone can point me in the
right direction there I would appreciate
it :)<br clear="all">
</font></span>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian Hernandez<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian Hernandez<br>
</div>
1225 Los Angeles Street<br>
<div>Glendale, CA 91204<br>
Phone: <a moz-do-not-send="true" value="+18777822737">877-782-2737
ext. 4566</a><br>
Fax: <a moz-do-not-send="true" value="+18182653152">818-265-3152</a><br>
<a moz-do-not-send="true"
href="mailto:christianh@4over.com" target="_blank">christianh@4over.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:christianh@4over.com" target="_blank">christianh@4over.com</a>>
<br>
<a moz-do-not-send="true" href="http://www.4over.com/"
target="_blank">www.4over.com</a> <<a
moz-do-not-send="true" href="http://www.4over.com/"
target="_blank">http://www.4over.com</a>></div>
</div>
</div>
<br>
<br>
<div class="gmail_quote">On Fri, Feb 1, 2013 at 12:57 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="im"> On 02/01/2013 01:42 PM, Christian
Hernandez wrote:
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>We are trying to configure our internal
GitHub server to use Our IPA server's LDAP
for user logins.<br>
<br>
</div>
We successfully configured it; but users
can't seem to login.<br>
<br>
</div>
So, before you ask, yes we do have an active
support case with githubenterprise about this;
but wanted to see if anyone else ran into the
same issue.<br>
<br>
</div>
Attached is the screenshot of the config.<br>
<br>
</div>
This is the errors I'm seeing in the DirSrv logs<br>
<br>
<span style="font-family:comic sans ms,sans-serif"><br>
[25/Jan/2013:15:41:35 -0800] conn=29453 fd=241
slot=241 <span
style="background-color:rgb(255,255,0)">connection
from 192.168.114.95</span> to 192.168.114.114<br>
[25/Jan/2013:15:41:35 -0800] conn=29453 op=0
BIND
dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
method=128 version=3<br>
[25/Jan/2013:15:41:35 -0800] conn=29453 op=0
RESULT err=0 tag=97 nentries=0 etime=0 <span
style="background-color:rgb(255,255,0)">dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"</span><br>
[25/Jan/2013:15:41:35 -0800] conn=29453 op=1
SRCH base="" scope=2 filter="(uid=chrish)",
failed to decode LDAP controls<br>
[25/Jan/2013:15:41:35 -0800] conn=29453 op=1
RESULT err=2 tag=101 nentries=0 etime=0 <br>
[25/Jan/2013:15:41:35 -0800] conn=29453 op=-1
fd=241 closed - B1<br>
<br>
</span></div>
<span style="font-family:comic sans ms,sans-serif"><font
face="arial,helvetica,sans-serif">Anyone has run
into this?<br>
</font></span></div>
</blockquote>
<br>
</div>
Looks like DS is receiving some LDAP controls that it
doesn't know how to process. Does this work with any
other LDAP server? Can you run wireshark/tshark and
capture the network traffic? I'd like to see what the BER
looks like.<br>
<br>
<blockquote type="cite">
<div class="im">
<div dir="ltr"><span style="font-family:comic sans
ms,sans-serif"><font
face="arial,helvetica,sans-serif"> <br>
Also, I haven't tried connecting with TLS
because I don't know where to find the cert! So
if someone can point me in the right direction
there I would appreciate it :)<br clear="all">
</font></span>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian Hernandez<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>