[Fedora-directory-users] What next?

Jeff Clowser jclowser at unitedmessaging.com
Wed Aug 3 15:43:42 UTC 2005 

Chris Curran wrote:

> I have a LDAP server setup in my Tbird Address Book. To test the 
> connection, in Tbird addr book I choose the 'Offline' tab then 
> 'Download Now'. It asks me for a username and password - I enter them 
> and at that point I'm back where I began in Tbird. I check the log 
> files in FDS (access) and there are a number of entries - all those 
> beginning with "RESULT" have "err=0". Therefore, I conclude that I am 
> logging into FDS without error.

This just means there was no error when it did what you asked it for.  
It doesn't necessarily mean you (i.e. tbird) asked it for the right 
thing. :)

If you grep the access log on conn=#, where # is the connection # from 
thunderbird, you'll see a number of things:
1.  What thunderbird connected as - either a dn, or "" (i.e. anonymous).
2.  What basedn it is searching on - this needs to match something that 
is in your directory.
3.  The search filter you used - this needs to match some data in your 
directory.
4.  The number of results that matched the search - if this is 0, and 
err is also 0, it means you did a valid search, but didn't match 
anything in the directory.
5.  The error result - err=0 just means the search you did was "valid", 
though it might not be what you want.

Note also that there are multiple operations within one session, each of 
which can have an error.


The following is a sample output of the logs from thunderbird for a 
typical online search:
===========================================================
The initial connection:
[03/Aug/2005:11:04:42 -0400] conn=28 fd=71 slot=71 connection from 
192.168.1.181 to 192.168.1.201

The bind - in this case, I have tbird binding as anonymous.  err=0 means 
the bind was successful
[03/Aug/2005:11:04:42 -0400] conn=28 op=0 BIND dn="" method=128 version=3
[03/Aug/2005:11:04:42 -0400] conn=28 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn=""

The search.  In this cases, my directory server's base dn is o=isp.  
Thunderbird searches for all entries that contain what you typed in 
mail, cn, givenname, or sn.  The access log also shows the list of 
attributes tbird is asking the directory to return.  Includes a number 
of custom tbird attributes (which you'd have to extend your schema to 
support) as well as a number of standard attributes, such as mail, cn, 
sn, givenname, telephonenumber, etc).  err=0, so the search was 
successful, but nentries also equals 0, meaning that I had no matching 
data in my server (which is true - I haven't put anything in this server 
I pointed at yet).
[03/Aug/2005:11:05:06 -0400] conn=28 op=1 SRCH base="o=isp" scope=2
   filter="(|(mail=*jeff*)(cn=*jeff*)(givenName=*jeff*)(sn=*jeff*))" 
attrs="modifyTimestamp
   xmozillausehtmlmail description notes custom4 custom3 custom2 custom1 
birthyear homeurl
   workurl nscpaimscreenname c company o departmentNumber department 
orgunit ou title c
   zip postalCode region st l l street postOfficeBox carphone cellphone 
mobile pagerphone pager
   facsimileTelephoneNumber facsimileTelephoneNumber homePhone 
telephoneNumber
   xmozillasecondemail mail xmozillanickname displayName cn cn sn sn 
givenName"
[03/Aug/2005:11:05:06 -0400] conn=28 op=1 RESULT err=0 tag=101 
nentries=0 etime=0

Note that this showed 3 operations, of which any could contain an 
error.  Also, note that thunderbird has the option to add a custom 
filter (on the advanced tab), so you can limit searches to, say, 
objectclass=person (default is objectclass=*, which is all entries in 
the directory).



One thing that's different - you said you are downloading for offline use. 
I added a test user, and did what you did - clicked on properties, 
offline, then download now.  It asks for a username and password, and 
here's what the logs show:
==============================================================================
Initial connection:
[03/Aug/2005:11:20:22 -0400] conn=51 fd=77 slot=77 connection from 
192.168.1.181 to 192.168.1.201

Binds as anonymous ('cause I didn't enter a DN to bind as):
[03/Aug/2005:11:20:22 -0400] conn=51 op=0 BIND dn="" method=128 version=3
[03/Aug/2005:11:20:22 -0400] conn=51 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn=""

Searches for the "username" I entered.  Looking at the logs, thunderbird 
looks at the mail attrbute to match username to an entry.  So - the 
"username" you have to enter is the email address of whoever you want to 
log in as.  Once I did that, it worked (err=0, and nentries=1, which 
means it found my entry).
[03/Aug/2005:11:20:33 -0400] conn=51 op=1 SRCH base="o=isp" scope=2 
filter="(mail=jclowser at example.com)" attrs="cn"[03/Aug/2005:11:20:33 
-0400] conn=51 op=1 RESULT err=0 tag=101 nentries=1 etime=0

Once it finds my entry, it unbinds and closes the connection:
[03/Aug/2005:11:20:34 -0400] conn=51 op=2 UNBIND
[03/Aug/2005:11:20:34 -0400] conn=51 op=2 fd=77 closed - U1

Opens a new connection:
[03/Aug/2005:11:20:34 -0400] conn=52 fd=79 slot=79 connection from 
192.168.1.181 to 192.168.1.201

Binds as the DN of my entry (what it found above).  err=0, so it binds 
successfully with my password:
[03/Aug/2005:11:20:34 -0400] conn=52 op=0 BIND dn="uid=jclowser,o=isp" 
method=128 version=3
[03/Aug/2005:11:20:34 -0400] conn=52 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn="uid=jclowser,o=isp"

The following is interesting, and maybe meaningless against FDS (I guess 
it's looking for some kinda of changelog indicator, so it only dl's new 
stuff)?  FDS provides the dataversion, but not the others, and adding 
users doesn't seem to change dataversion, so not sure if this is 
meaningful against FDS (and it's probably just for efficiency anyway, so 
nothing critical):
[03/Aug/2005:11:20:34 -0400] conn=52 op=1 SRCH base="" scope=0 
filter="(objectClass=*)" attrs="changeLog firstchangenumber 
lastchangenumber dataversion"
[03/Aug/2005:11:20:34 -0400] conn=52 op=1 RESULT err=0 tag=101 
nentries=1 etime=0

Next, searches the directory for all the entries.  In my case, this is 
successful and returns 4 entries,
[03/Aug/2005:11:32:10 -0400] conn=52 op=2 SRCH base="o=isp" scope=2 
filter="(objectClass=*)" attrs=ALL
[03/Aug/2005:11:32:10 -0400] conn=52 op=2 RESULT err=0 tag=101 
nentries=4 etime=0

My guess is that thunderbird will search against the live directory if 
you are online, or against what was downloaded if you are offline.  Note 
that if your directory has a lot of users, you may very well hit the 
sizelimit, and not get the entire directory.  You probably want to add 
nsSizeLimit to any users that do this, and set it to -1 (or at least to 
the number of users in your directory), and further set the objectclass 
to something other than objectclass=* in mozilla (say, 
"objectclass=person", or 
"(|(objectclass=person)(objectclass=mailgroup)), or "(mail=*)" or 
something appropriate to your data) for efficiency.


 - Jeff

More information about the Fedora-directory-users mailing list