Article delegate-en/1067 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Delegated and LDAPS
29 Mar 2001 15:23:33 GMT Sevcik Jaroslav <pfecabdyi-rn3efjiokilr.ml@ml.delegate.org>


Hi,
Thanks for your answer, but your advice doesnt solve this problem, here is
log file:

Delegated start
proxy_server# delegated -P389 SERVER=ldaps FSV=sslway

03/29 17:07:35.17 [6448] 0+0: --INITIALIZATION START: 7.1.2 on
Linux/2.2.14-5.0--
03/29 17:07:35.18 [6449] 0+0: -- Fork(daemon): 1 -> 6449
03/29 17:07:35.18 [6449] 0+0: server_open(delegate,:389,listen=20)
03/29 17:07:35.18 [6449] 0+0: server_open(delegate,:389) BOUND
03/29 17:07:35.18 [6449] 0+0: ##DeleGate/6.X:
DGROOT=/var/spool/delegate-nobody is set automatically. DGROOT="" will make
it compatible with former versions.
03/29 17:07:35.18 [6449] 0+0: DGROOT=/var/spool/delegate-nobody^M
03/29 17:07:35.18 [6449] 0+0: <DeleGate/7.1.2 by ysato@delegate.org> [6449]
-P389 READY^M
03/29 17:07:35.18 [6449] 0+0: PORT= 389/7 (1,133)
03/29 17:07:35.19 [6449] 0+0: OWNER=nobody =>
OWNER=nobody/nobody(nobody/nobody)
03/29 17:07:35.19 [6449] 0+0: ##DeleGate/6.X: MIMECONV=thru is set by
default. MIMECONV="" will make it compatible with former versions.
03/29 17:07:35.19 [6449] 0+0: REMITTABLE = ldaps
03/29 17:07:35.20 [6449] 0+0: ADMIN=root protocol=ldaps(specialist)
03/29 17:07:35.20 [6449] 0+0: ##DeleGate/6.X: created directory/file will be
non-sharable. SHARE="" will make it compatible with former versions.
03/29 17:07:35.20 [6449] 0+0: #### CACHE DISABLED #### Cache directory seems
not exist: /var/spool/delegate-nobody/cache
03/29 17:07:35.20 [6449] 0+0: WORKDIR=/var/spool/delegate-nobody/work/389
03/29 17:07:35.20 [6449] 0+0: env[20]
LIBPATH=.:/root:/var/spool/delegate-nobody/lib:.
03/29 17:07:35.20 [6449] 0+0: arg[2] SERVER=ldaps
03/29 17:07:35.20 [6449] 0+0: arg[3] FSV=sslway
03/29 17:07:35.20 [6449] 0+0: arg[4] ADMIN=root
03/29 17:07:35.21 [6449] 0+0: DELEGATE_Modified[1]: 3ac34fb7
03/29 17:07:35.21 [6449] 0+0: --INITIALIZATION DONE--

% ldapsearch -h proxy_server -b dc=gov@ldap_server:636 cn=tester*

03/29 17:08:05.76 [6452] 1+0: -- Fork(OnetimeServer): 6449 -> 6452
03/29 17:08:05.77 [6452] 1+0: (0) accepted [24]
-@[10.16.8.101]ldap.mpsv.cz:1645 (0.012s)(1)
03/29 17:08:05.77 [6452] 1+0: PATH:
ldaps://-:636!lnxtest.anect.com:389!ldap.mpsv.cz:1645!anonymous@ldap.mpsv.cz
;985878485
03/29 17:08:05.77 [6452] 1+0: Free proxy -- ldaps://-/
03/29 17:08:05.77 [6452] 1+0: -- leng=e(14) type=30 --
03/29 17:08:05.78 [6452] 1+0: 000  0  1 000 1. [UNV 16](12) 
03/29 17:08:05.78 [6452] 1+0: 002  1  1 000 1.1. [UNV  2]( 1) 1
03/29 17:08:05.78 [6452] 1+0: 005  1  2 003 1.2. [APP  0]( 7) <BIND>
03/29 17:08:05.78 [6452] 1+0: 007  2  1 000 1.2.1. [UNV  2]( 1) 3
03/29 17:08:05.78 [6452] 1+0: 00a  2  2 003 1.2.2. [UNV  4]( 0) (empty)
03/29 17:08:05.78 [6452] 1+0: 00c  2  3 005 1.2.3. [CTX  0]( 0) (empty)
03/29 17:08:05.78 [6452] 1+0: #### proxy BIND response (39)
03/29 17:08:05.78 [6452] 1+0: -- leng=27(39) type=30 --
03/29 17:08:05.78 [6452] 1+0: 000  0  1 000 1. [UNV 16](37) 
03/29 17:08:05.78 [6452] 1+0: 002  1  1 000 1.1. [UNV  2]( 1) 1
03/29 17:08:05.78 [6452] 1+0: 005  1  2 003 1.2. [APP  1](32) <BIND-RESULT>
03/29 17:08:05.78 [6452] 1+0: 007  2  1 000 1.2.1. [UNV 10]( 1) 0x0
03/29 17:08:05.78 [6452] 1+0: 00a  2  2 003 1.2.2. [UNV  4]( 0) (empty)
03/29 17:08:05.78 [6452] 1+0: 00c  2  3 005 1.2.3. [UNV  4](25) "Bound by
proxy (DeleGate)"
03/29 17:08:05.87 [6452] 1+0: -- leng=40(64) type=30 --
03/29 17:08:05.87 [6452] 1+0: 000  0  1 000 1. [UNV 16](62) 
03/29 17:08:05.87 [6452] 1+0: 002  1  1 000 1.1. [UNV  2]( 1) 2
03/29 17:08:05.87 [6452] 1+0: 005  1  2 003 1.2. [APP  3](57) <SEARCH>
03/29 17:08:05.87 [6452] 1+0: 007  2  1 000 1.2.1. [UNV  4](22)
"dc=gov@8..:636"
03/29 17:08:05.87 [6452] 1+0: 01f  2  2 018 1.2.2. [UNV 10]( 1) 0x2
03/29 17:08:05.87 [6452] 1+0: 022  2  3 01b 1.2.3. [UNV 10]( 1) 0x0
03/29 17:08:05.87 [6452] 1+0: 025  2  4 01e 1.2.4. [UNV  2]( 1) 0
03/29 17:08:05.87 [6452] 1+0: 028  2  5 021 1.2.5. [UNV  2]( 1) 0
03/29 17:08:05.87 [6452] 1+0: 02b  2  6 024 1.2.6. [UNV  1]( 1) 0x0
03/29 17:08:05.87 [6452] 1+0: 02e  2  7 027 1.2.7. [CTX  4](14) 
03/29 17:08:05.87 [6452] 1+0: 030  3  1 000 1.2.7.1. [UNV  4]( 2) "cn"
03/29 17:08:05.87 [6452] 1+0: 034  3  2 004 1.2.7.2. [UNV 16]( 8) 
03/29 17:08:05.87 [6452] 1+0: 036  4  1 000 1.2.7.2.1. [CTX  0]( 6) 0x74
03/29 17:08:05.87 [6452] 1+0: 054  2  8 037 1.2.8. [UNV 16]( 0) 
03/29 17:08:05.87 [6452] 1+0:
LDAP-SERVER=[@10.16.8.101:636]=[10.16.8.101:636]

I mean, here is the problem, naybe software bug ?

03/29 17:08:05.88 [6452] 1+0: E-P: No permission: ldap.mpsv.cz:1645 =>
ldap://10.16.8.101:636
03/29 17:08:05.88 [6452] 1+0: bind_insock(7,10.148.10.61,0) = 0
03/29 17:08:06.03 [6452] 1+0: ####LS cannot open
/var/spool/delegate-nobody/act/delay/17/10.16.8.101:ldap.mpsv.cz
03/29 17:08:06.04 [6452] 1+0: doDelay: clear old errors:
count=2,age=120,delay=60
03/29 17:08:06.04 [6452] 1+0: E-C: Can't connect: ldap.mpsv.cz:1645 =>
ldap://10.16.8.101:636 (?)
03/29 17:08:06.04 [6452] 1+0: #### proxy connection error response
03/29 17:08:06.04 [6452] 1+0: -- leng=3e(62) type=30 --
03/29 17:08:06.04 [6452] 1+0: 000  0  1 000 1. [UNV 16](60) 
03/29 17:08:06.04 [6452] 1+0: 002  1  1 000 1.1. [UNV  2]( 1) 2
03/29 17:08:06.04 [6452] 1+0: 005  1  2 003 1.2. [APP  5](55) <SEARCH-DONE>
03/29 17:08:06.04 [6452] 1+0: 007  2  1 000 1.2.1. [UNV 10]( 1) 0x34
03/29 17:08:06.04 [6452] 1+0: 00a  2  2 003 1.2.2. [UNV  4]( 0) (empty)
03/29 17:08:06.04 [6452] 1+0: 00c  2  3 005 1.2.3. [UNV  4](48) "Can't
connect to LDAP server by proxy (DeleGate)"
03/29 17:08:06.04 [6452] 1+0: disconnected [24]
-@[10.16.8.101]ldap.mpsv.cz:1645 (0.285s)(0)


-----Original Message-----
From: feedback@delegate.org [mailto:feedback@delegate.org]
Sent: Thursday, March 29, 2001 4:56 PM
To: feedback@delegate.org
Cc: pfecabdyi-rn3efjiokilr.ml@ml.delegate.org
Subject: Re: [DeleGate-En] Delegated and LDAPS


 |The following works well:
 |	configuration:
 |		proxy_server# delegated -P389 SERVER=ldaps://ldap_server
FSV=sslway
 |	test commands:
 |		test_server# ldapsearch -H ldap://proxy_server -b dc=gov
cn=tester*
 |
 |and following doesnt work
 |	configuration:
 |		proxy_server# delegated -P389 SERVER=ldaps FSV=sslway
 |	test commands:
 |		test_server# ldapsearch -H ldap://proxy_server -b
dc=gov@ldap_server cn=tester*

If you get a error message in LOGFILE (or on console with -v option)
like following,

 03/30 11:43:04.35 [6312] 2+0: ERROR: cannot connect to
ldap://ldap_server:389 - -1

what should be specified more is the port number for "ldaps", 636,
in the query like:

 % ldapsearch -h proxy_server -b dc=gov@ldap_server:636 cn=tester*
 

Cheers,
Yutaka
--
Yutaka Sato <ysato@delegate.org> http://www.delegate.org/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory            ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan                  _<   >_


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V