<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 02/01/2013 05:52 PM, Christian Hernandez wrote:
<blockquote
cite="mid:CAH3k4=fmHs=DzTqAzJ=iw_BGU_L2WbChjQOszVgxsi5ftGxXyA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Will Do. <br>
<br>
I've also put an inquiry into GitHub enterprise to see if
there is a way for GitHub not to pass a 0 length sequence. I
will take a look at the CPannel to see if I can find
something as well.<br>
<br>
</div>
I will update when I have a chance.<br>
<br>
</div>
I couldn't fill a ticket because I do not have a login...and I
do not have a login because "We are not ready to accept
contributions at this time" </div>
</blockquote>
Ok.<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/ticket/571">https://fedorahosted.org/389/ticket/571</a><br>
When you are able, please add yourself to the CC list of this
ticket.<br>
<blockquote
cite="mid:CAH3k4=fmHs=DzTqAzJ=iw_BGU_L2WbChjQOszVgxsi5ftGxXyA@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br clear="all">
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian Hernandez<br>
</div>
1225 Los Angeles Street<br>
<div>Glendale, CA 91204<br>
Phone: <a moz-do-not-send="true" value="+18777822737">877-782-2737
ext. 4566</a><br>
Fax: <a moz-do-not-send="true" value="+18182653152">818-265-3152</a><br>
<a moz-do-not-send="true"
href="mailto:christianh@4over.com" target="_blank">christianh@4over.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:christianh@4over.com" target="_blank">christianh@4over.com</a>>
<br>
<a moz-do-not-send="true" href="http://www.4over.com/"
target="_blank">www.4over.com</a> <<a
moz-do-not-send="true" href="http://www.4over.com/"
target="_blank">http://www.4over.com</a>></div>
</div>
</div>
<br>
<br>
<div class="gmail_quote">On Fri, Feb 1, 2013 at 4:42 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="im"> On 02/01/2013 05:25 PM, Christian
Hernandez wrote:
<blockquote type="cite">
<div dir="ltr">
<div>Hello<br>
<br>
Attached is a TCPDUMP.<br>
<br>
</div>
Communication is happening between 192.168.114.95
and 192.168.114.114<br>
</div>
</blockquote>
<br>
</div>
Thanks. The problem is that 389 doesn't like the fact
that the search request includes the control tag but the
length is 0. You said you were using CDS 8.1 - if that
was centos-ds running on EL5, that used mozldap for the
ldap sdk. 389 now uses openldap for the ldap sdk. Looks
like there is a slight difference between how mozldap and
openldap handle this situation. Please file a ticket at <a
moz-do-not-send="true"
href="https://fedorahosted.org/389/newticket"
target="_blank">https://fedorahosted.org/389/newticket</a><br>
<br>
In the meantime, is there some option in github server to
either completely disable LDAP controls in the LDAP search
request? Or, alternately, is there a way to add some
control to the search request? The goal is to figure out
some way to tell github not to pass in a 0 length LDAP
control sequence.
<div>
<div class="h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div class="gmail_extra">
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian Hernandez<br>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">On Fri, Feb 1, 2013
at 12:57 PM, Rich Megginson <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div> On 02/01/2013 01:42 PM,
Christian Hernandez wrote:
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>We are trying to
configure our internal
GitHub server to use
Our IPA server's LDAP
for user logins.<br>
<br>
</div>
We successfully
configured it; but users
can't seem to login.<br>
<br>
</div>
So, before you ask, yes we
do have an active support
case with githubenterprise
about this; but wanted to
see if anyone else ran
into the same issue.<br>
<br>
</div>
Attached is the screenshot
of the config.<br>
<br>
</div>
This is the errors I'm seeing
in the DirSrv logs<br>
<br>
<span style="font-family:comic
sans ms,sans-serif"><br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 fd=241 slot=241 <span
style="background-color:rgb(255,255,0)">connection from 192.168.114.95</span>
to 192.168.114.114<br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=0 BIND
dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
method=128 version=3<br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=0 RESULT err=0
tag=97 nentries=0 etime=0 <span
style="background-color:rgb(255,255,0)">dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"</span><br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=1 SRCH base=""
scope=2
filter="(uid=chrish)",
failed to decode LDAP
controls<br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=1 RESULT err=2
tag=101 nentries=0 etime=0 <br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=-1 fd=241
closed - B1<br>
<br>
</span></div>
<span style="font-family:comic
sans ms,sans-serif"><font
face="arial,helvetica,sans-serif">Anyone
has run into this?<br>
</font></span></div>
</blockquote>
<br>
</div>
Looks like DS is receiving some LDAP
controls that it doesn't know how to
process. Does this work with any
other LDAP server? Can you run
wireshark/tshark and capture the
network traffic? I'd like to see what
the BER looks like.<br>
<br>
<blockquote type="cite">
<div>
<div dir="ltr"><span
style="font-family:comic sans
ms,sans-serif"><font
face="arial,helvetica,sans-serif">
<br>
Also, I haven't tried
connecting with TLS because
I don't know where to find
the cert! So if someone can
point me in the right
direction there I would
appreciate it :)<br
clear="all">
</font></span>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian
Hernandez<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian Hernandez<br>
</div>
1225 Los Angeles Street<br>
<div>Glendale, CA 91204<br>
Phone: <a moz-do-not-send="true"
value="+18777822737">877-782-2737 ext.
4566</a><br>
Fax: <a moz-do-not-send="true"
value="+18182653152">818-265-3152</a><br>
<a moz-do-not-send="true"
href="mailto:christianh@4over.com"
target="_blank">christianh@4over.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:christianh@4over.com"
target="_blank">christianh@4over.com</a>>
<br>
<a moz-do-not-send="true"
href="http://www.4over.com/"
target="_blank">www.4over.com</a> <<a
moz-do-not-send="true"
href="http://www.4over.com/"
target="_blank">http://www.4over.com</a>></div>
</div>
</div>
<br>
<br>
<div class="gmail_quote">On Fri, Feb 1, 2013 at
12:57 PM, Rich Megginson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div> On 02/01/2013 01:42 PM, Christian
Hernandez wrote:
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>We are trying to
configure our internal
GitHub server to use Our IPA
server's LDAP for user
logins.<br>
<br>
</div>
We successfully configured it;
but users can't seem to login.<br>
<br>
</div>
So, before you ask, yes we do
have an active support case with
githubenterprise about this; but
wanted to see if anyone else ran
into the same issue.<br>
<br>
</div>
Attached is the screenshot of the
config.<br>
<br>
</div>
This is the errors I'm seeing in the
DirSrv logs<br>
<br>
<span style="font-family:comic sans
ms,sans-serif"><br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 fd=241 slot=241 <span
style="background-color:rgb(255,255,0)">connection from 192.168.114.95</span>
to 192.168.114.114<br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=0 BIND
dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
method=128 version=3<br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=0 RESULT err=0
tag=97 nentries=0 etime=0 <span
style="background-color:rgb(255,255,0)">dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"</span><br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=1 SRCH base=""
scope=2 filter="(uid=chrish)",
failed to decode LDAP controls<br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=1 RESULT err=2
tag=101 nentries=0 etime=0 <br>
[25/Jan/2013:15:41:35 -0800]
conn=29453 op=-1 fd=241 closed -
B1<br>
<br>
</span></div>
<span style="font-family:comic sans
ms,sans-serif"><font
face="arial,helvetica,sans-serif">Anyone
has run into this?<br>
</font></span></div>
</blockquote>
<br>
</div>
Looks like DS is receiving some LDAP
controls that it doesn't know how to
process. Does this work with any other LDAP
server? Can you run wireshark/tshark and
capture the network traffic? I'd like to
see what the BER looks like.<br>
<br>
<blockquote type="cite">
<div>
<div dir="ltr"><span
style="font-family:comic sans
ms,sans-serif"><font
face="arial,helvetica,sans-serif">
<br>
Also, I haven't tried connecting
with TLS because I don't know
where to find the cert! So if
someone can point me in the right
direction there I would
appreciate it :)<br clear="all">
</font></span>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div dir="ltr">
<div><br>
Thank you,<br>
<br>
Christian
Hernandez<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>