Problems connecting from IdP to LDAP service
Daniel Fisher
dfisher at vt.edu
Tue Sep 20 15:22:42 BST 2011
On Tue, Sep 20, 2011 at 10:14 AM, Mark Cairney <Mark.Cairney at ed.ac.uk>wrote:
> Hi,
>
> Today our Shibboleth IdP stopped speaking to our OpenLDAP server.
> Upgrading to the latest release of Shib (2.3.3) appeared to have fixed
> it but we're now starting to see Connection timeouts on the LDAP side
> and attributes not being returned on the Shibboleth side.
>
> On the OpenLDAP side we're seeing:
>
> Sep 20 14:54:33 alder slapd[28855]: conn=1430 fd=32 ACCEPT from
> IP=xxxxxxxx:59084 (IP=xxxxxxxx:636)
> Sep 20 14:54:33 alder slapd[28855]: conn=1430 fd=32 TLS established
> tls_ssf=128 ssf=128
> Sep 20 14:54:33 alder slapd[28855]: conn=1430 op=0 BIND dn="" method=128
> Sep 20 14:54:33 alder slapd[28855]: conn=1430 op=0 RESULT tag=97 err=0
> text=
> Sep 20 14:54:33 alder slapd[28855]: conn=1430 op=1 SRCH
> base="ou=people,ou=central,dc=authorise,dc=ed,dc=ac,dc=uk" scope=2
> deref=3 filter="(uid=******)"
> Sep 20 14:54:33 alder slapd[28855]: conn=1430 op=1 SRCH attr=uid
> eduPersonAffiliation eduPersonEntitlement eduniIdmsID mail givenName sn
> Sep 20 14:54:38 alder slapd[28855]: conn=1430 op=1 SEARCH RESULT tag=101
> err=3 nentries=0 text=
> Sep 20 14:54:38 alder slapd[28855]: conn=1430 op=2 UNBIND
> Sep 20 14:54:38 alder slapd[28855]: conn=1430 fd=32 closed
>
>
Looks like a TimeLimitExceededException was thrown? Does your idp log
confirm that?
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110920/6421ada2/attachment.html
More information about the users
mailing list