[Freeipa-users] Errors with Configuring GitHub
Christian Hernandez
christianh at 4over.com
Sat Feb 2 00:52:29 UTC 2013
Will Do.
I've also put an inquiry into GitHub enterprise to see if there is a way
for GitHub not to pass a 0 length sequence. I will take a look at the
CPannel to see if I can find something as well.
I will update when I have a chance.
I couldn't fill a ticket because I do not have a login...and I do not have
a login because "We are not ready to accept contributions at this time"
Thank you,
Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christianh at 4over.com <mailto:christianh at 4over.com>
www.4over.com <http://www.4over.com>
On Fri, Feb 1, 2013 at 4:42 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 02/01/2013 05:25 PM, Christian Hernandez wrote:
>
> Hello
>
> Attached is a TCPDUMP.
>
> Communication is happening between 192.168.114.95 and 192.168.114.114
>
>
> Thanks. The problem is that 389 doesn't like the fact that the search
> request includes the control tag but the length is 0. You said you were
> using CDS 8.1 - if that was centos-ds running on EL5, that used mozldap for
> the ldap sdk. 389 now uses openldap for the ldap sdk. Looks like there is
> a slight difference between how mozldap and openldap handle this
> situation. Please file a ticket at https://fedorahosted.org/389/newticket
>
> In the meantime, is there some option in github server to either
> completely disable LDAP controls in the LDAP search request? Or,
> alternately, is there a way to add some control to the search request? The
> goal is to figure out some way to tell github not to pass in a 0 length
> LDAP control sequence.
>
>
>
> Thank you,
>
> Christian Hernandez
>
>
> On Fri, Feb 1, 2013 at 12:57 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> On 02/01/2013 01:42 PM, Christian Hernandez wrote:
>>
>> We are trying to configure our internal GitHub server to use Our IPA
>> server's LDAP for user logins.
>>
>> We successfully configured it; but users can't seem to login.
>>
>> So, before you ask, yes we do have an active support case with
>> githubenterprise about this; but wanted to see if anyone else ran into the
>> same issue.
>>
>> Attached is the screenshot of the config.
>>
>> This is the errors I'm seeing in the DirSrv logs
>>
>>
>> [25/Jan/2013:15:41:35 -0800] conn=29453 fd=241 slot=241 connection from
>> 192.168.114.95 to 192.168.114.114
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 BIND
>> dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com" method=128 version=3
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 SRCH base="" scope=2
>> filter="(uid=chrish)", failed to decode LDAP controls
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 RESULT err=2 tag=101
>> nentries=0 etime=0
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=-1 fd=241 closed - B1
>>
>> Anyone has run into this?
>>
>>
>> Looks like DS is receiving some LDAP controls that it doesn't know how
>> to process. Does this work with any other LDAP server? Can you run
>> wireshark/tshark and capture the network traffic? I'd like to see what the
>> BER looks like.
>>
>>
>> Also, I haven't tried connecting with TLS because I don't know where to
>> find the cert! So if someone can point me in the right direction there I
>> would appreciate it :)
>>
>> Thank you,
>>
>> Christian Hernandez
>>
>>
>> _______________________________________________
>> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>
>
> Thank you,
>
> Christian Hernandez
> 1225 Los Angeles Street
> Glendale, CA 91204
> Phone: 877-782-2737 ext. 4566
> Fax: 818-265-3152
> christianh at 4over.com <mailto:christianh at 4over.com>
> www.4over.com <http://www.4over.com>
>
>
> On Fri, Feb 1, 2013 at 12:57 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> On 02/01/2013 01:42 PM, Christian Hernandez wrote:
>>
>> We are trying to configure our internal GitHub server to use Our IPA
>> server's LDAP for user logins.
>>
>> We successfully configured it; but users can't seem to login.
>>
>> So, before you ask, yes we do have an active support case with
>> githubenterprise about this; but wanted to see if anyone else ran into the
>> same issue.
>>
>> Attached is the screenshot of the config.
>>
>> This is the errors I'm seeing in the DirSrv logs
>>
>>
>> [25/Jan/2013:15:41:35 -0800] conn=29453 fd=241 slot=241 connection from
>> 192.168.114.95 to 192.168.114.114
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 BIND
>> dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com" method=128 version=3
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 SRCH base="" scope=2
>> filter="(uid=chrish)", failed to decode LDAP controls
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 RESULT err=2 tag=101
>> nentries=0 etime=0
>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=-1 fd=241 closed - B1
>>
>> Anyone has run into this?
>>
>>
>> Looks like DS is receiving some LDAP controls that it doesn't know how
>> to process. Does this work with any other LDAP server? Can you run
>> wireshark/tshark and capture the network traffic? I'd like to see what the
>> BER looks like.
>>
>>
>> Also, I haven't tried connecting with TLS because I don't know where to
>> find the cert! So if someone can point me in the right direction there I
>> would appreciate it :)
>>
>> Thank you,
>>
>> Christian Hernandez
>>
>>
>> _______________________________________________
>> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130201/4d029740/attachment.htm>
More information about the Freeipa-users
mailing list