[Freeipa-users] Errors with Configuring GitHub
Rich Megginson
rmeggins at redhat.com
Sat Feb 2 03:23:17 UTC 2013
On 02/01/2013 05:52 PM, Christian Hernandez wrote:
> Will Do.
>
> I've also put an inquiry into GitHub enterprise to see if there is a
> way for GitHub not to pass a 0 length sequence. I will take a look at
> the CPannel to see if I can find something as well.
>
> I will update when I have a chance.
>
> I couldn't fill a ticket because I do not have a login...and I do not
> have a login because "We are not ready to accept contributions at this
> time"
Ok.
https://fedorahosted.org/389/ticket/571
When you are able, please add yourself to the CC list of this ticket.
>
>
> Thank you,
>
> Christian Hernandez
> 1225 Los Angeles Street
> Glendale, CA 91204
> Phone: 877-782-2737 ext. 4566
> Fax: 818-265-3152
> christianh at 4over.com <mailto:christianh at 4over.com>
> <mailto:christianh at 4over.com <mailto:christianh at 4over.com>>
> www.4over.com <http://www.4over.com/> <http://www.4over.com
> <http://www.4over.com/>>
>
>
> On Fri, Feb 1, 2013 at 4:42 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 02/01/2013 05:25 PM, Christian Hernandez wrote:
>> Hello
>>
>> Attached is a TCPDUMP.
>>
>> Communication is happening between 192.168.114.95 and 192.168.114.114
>
> Thanks. The problem is that 389 doesn't like the fact that the
> search request includes the control tag but the length is 0. You
> said you were using CDS 8.1 - if that was centos-ds running on
> EL5, that used mozldap for the ldap sdk. 389 now uses openldap
> for the ldap sdk. Looks like there is a slight difference between
> how mozldap and openldap handle this situation. Please file a
> ticket at https://fedorahosted.org/389/newticket
>
> In the meantime, is there some option in github server to either
> completely disable LDAP controls in the LDAP search request? Or,
> alternately, is there a way to add some control to the search
> request? The goal is to figure out some way to tell github not to
> pass in a 0 length LDAP control sequence.
>
>
>>
>> Thank you,
>>
>> Christian Hernandez
>>
>>
>> On Fri, Feb 1, 2013 at 12:57 PM, Rich Megginson
>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>
>> On 02/01/2013 01:42 PM, Christian Hernandez wrote:
>>> We are trying to configure our internal GitHub server to use
>>> Our IPA server's LDAP for user logins.
>>>
>>> We successfully configured it; but users can't seem to login.
>>>
>>> So, before you ask, yes we do have an active support case
>>> with githubenterprise about this; but wanted to see if
>>> anyone else ran into the same issue.
>>>
>>> Attached is the screenshot of the config.
>>>
>>> This is the errors I'm seeing in the DirSrv logs
>>>
>>>
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 fd=241 slot=241
>>> connection from 192.168.114.95 to 192.168.114.114
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 BIND
>>> dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
>>> method=128 version=3
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 RESULT err=0
>>> tag=97 nentries=0 etime=0
>>> dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 SRCH base=""
>>> scope=2 filter="(uid=chrish)", failed to decode LDAP controls
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 RESULT err=2
>>> tag=101 nentries=0 etime=0
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=-1 fd=241 closed - B1
>>>
>>> Anyone has run into this?
>>
>> Looks like DS is receiving some LDAP controls that it doesn't
>> know how to process. Does this work with any other LDAP
>> server? Can you run wireshark/tshark and capture the network
>> traffic? I'd like to see what the BER looks like.
>>
>>>
>>> Also, I haven't tried connecting with TLS because I don't
>>> know where to find the cert! So if someone can point me in
>>> the right direction there I would appreciate it :)
>>>
>>> Thank you,
>>>
>>> Christian Hernandez
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>>
>> Thank you,
>>
>> Christian Hernandez
>> 1225 Los Angeles Street
>> Glendale, CA 91204
>> Phone: 877-782-2737 ext. 4566
>> Fax: 818-265-3152
>> christianh at 4over.com <mailto:christianh at 4over.com>
>> <mailto:christianh at 4over.com <mailto:christianh at 4over.com>>
>> www.4over.com <http://www.4over.com/> <http://www.4over.com
>> <http://www.4over.com/>>
>>
>>
>> On Fri, Feb 1, 2013 at 12:57 PM, Rich Megginson
>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>
>> On 02/01/2013 01:42 PM, Christian Hernandez wrote:
>>> We are trying to configure our internal GitHub server to use
>>> Our IPA server's LDAP for user logins.
>>>
>>> We successfully configured it; but users can't seem to login.
>>>
>>> So, before you ask, yes we do have an active support case
>>> with githubenterprise about this; but wanted to see if
>>> anyone else ran into the same issue.
>>>
>>> Attached is the screenshot of the config.
>>>
>>> This is the errors I'm seeing in the DirSrv logs
>>>
>>>
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 fd=241 slot=241
>>> connection from 192.168.114.95 to 192.168.114.114
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 BIND
>>> dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
>>> method=128 version=3
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=0 RESULT err=0
>>> tag=97 nentries=0 etime=0
>>> dn="uid=admin,cn=users,cn=accounts,dc=4over,dc=com"
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 SRCH base=""
>>> scope=2 filter="(uid=chrish)", failed to decode LDAP controls
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=1 RESULT err=2
>>> tag=101 nentries=0 etime=0
>>> [25/Jan/2013:15:41:35 -0800] conn=29453 op=-1 fd=241 closed - B1
>>>
>>> Anyone has run into this?
>>
>> Looks like DS is receiving some LDAP controls that it doesn't
>> know how to process. Does this work with any other LDAP
>> server? Can you run wireshark/tshark and capture the network
>> traffic? I'd like to see what the BER looks like.
>>
>>>
>>> Also, I haven't tried connecting with TLS because I don't
>>> know where to find the cert! So if someone can point me in
>>> the right direction there I would appreciate it :)
>>>
>>> Thank you,
>>>
>>> Christian Hernandez
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130201/4ec9bdda/attachment.htm>
More information about the Freeipa-users
mailing list