Strange problem authoricing new users

Daniel Fisher dfisher at vt.edu
Mon Aug 8 17:17:35 BST 2011


What does your OpenLDAP logs show for the query that fails?

--Daniel Fisher

On Mon, Aug 8, 2011 at 11:55 AM, Klaus Ethgen <klaus.ethgen at id.uzh.ch>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello,
>
> I had a strange problem authorizing users via LDAP today. Maybe someone
> already know where the problem is located.
>
> Unfortunately there are several; sometimes very old; versions involved:
> Shibboleth: 2.1.5
> LDAP-Tools: 2.4.20
> OpenLDAP1: 2.3.32 (SLES 10)
> OpenLDAP2: 2.4.21 (Ubuntu lucid)
>
> The query is done from Shibboleth via OpenLDAP1 (and meta backend) to
> OpenLDAP2. When querying new users (I do not know when this start, so
> please do not ask) I get no query result back when searching with
> shibboleth. But if I do the same query with ldapsearch (and the same
> flags used by shibboleth) from the same host I successful get the
> requested account. So LDAP is not broken.
>
> After several searching I switched to direct using OpenLDAP2 and
> everything worked.
>
> This sounds to me that this is somewhat as a compatibility problem
> between some of my components. The problem is that I do not know which
> components did trigger the problem.
>
> Is there any special a java LDAP query do that is not done by ldapsearch
> or vis versa? Or do anybody have some sort of test tool to test the
> problem the same way as shibboleth do but without all the stuff around?
>
> Feel free to ask. But please do not send double mails; I am subscribed
> to this list.
>
> Regards
>   Klaus
> - --
> Klaus Ethgen
> pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <klaus.ethgen at id.uzh.ch>
> Fingerprint:        D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQGcBAEBCgAGBQJOQAbTAAoJEK8RO3RE9oVxyREL/1LctEcp63CiqNTVOyRmcXE5
> kc0gyzerF9aXTClfSqGO3clprMS7LQUIuEFHoyAsECFAs0zmzALeO8BH0Dd3tH9M
> AIvaMjh28CODz61qozKBBvHzFtzm6eXGtwrLWjoTH6BSst9+Xf2TsqiuOPLWEVLA
> qtde8F+msC2R0qBfT3ORCzbfYyyopeYm0Bgmdim/LysKHZl7la25eiDjtS8wWwTR
> T+bfv5YWRIJiCE3Bwm7D3jC7XTHW846+agk+F7XSLOXs2XgDhb9JA2tfn8EVstqn
> 1OOq3yIwSEG7TYhYfldjVtBUCD+1j+jDK0ctAiiK90MbbWXfI89Q1AXvsoRm/ANz
> pAHC0LjbGYYVBvoobZCLewk7QgrFmPEXlHyTjPhgjY0cXF47QsTouzZ1UM42n7YU
> 5wgJUN5saWhgOJSZObBueE2jRGfriGQs2gPgIR/4lMST3MXjITMEKuG4t/Xk6Gwp
> zycnObupRIV8C3YOkxZXt5HKldfgi3GrW6tL1tm0fQ==
> =sMY+
> -----END PGP SIGNATURE-----
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110808/1a92814a/attachment.html 


More information about the users mailing list