Bug 2667 - ldap-user-database-module does not work with Novell ldap-server V3
: ldap-user-database-module does not work with Novell ldap-server V3
: Roxen WebServer
Other Modules
: 2.2
: x86 Linux
: P3 (normal) normal
: ---
Assigned To:
  Show dependency treegraph
Reported: 2002-01-08 17:18 CET by
Modified: 2002-01-23 08:00 CET (History)
Scrum Prio:
In scrum?: ---
Story included in sprints:
Unplanned in sprints:

Logfile with log form ldapserver and debuglog from roxenserver (24.29 KB, text/plain)
2002-01-08 17:23 CET, Klaus J. Schäfer , Universität Regensburg

Description From 2002-01-08 17:18:29 CET
The ldap-userdatabase-module does not work with the novell ldap-server v3
(which comes with eDirectory 8.5). There is no authentication possible.
------- Comment #1 From 2002-01-08 17:24:29 CET -------
Created an attachment (id=153) [details]
Logfile with log form ldapserver and debuglog from roxenserver
------- Comment #2 From 2002-01-10 18:03:40 CET -------
From: HoP <hop@unibase.cz>
To: Klaus J. Schäfer <klaus.schaefer@wiwi.uni-regensburg.de>,
     "grubba@roxen.com" <grubba@roxen.com>
Date: Thu, 10 Jan 2002 15:10:23 +0100
Subject: Re: LDAP-module does not work with Novell LDAP v3 (eDirectory 8.5)


as I can see, there is some trouble with decoding UTF8 string.

Is it possible to send to me the whole reply packet, which is sent
by LDAP gateway (for example by tcpdump)? Then I can try
to find the problem. In the meantime I will try to use the content
from your log (as there should be the same packet, but encoded
a little for logging).

>  0d19h 6m : LDAPuserdb: find_user (wee09508)
>           : LDAPuserdb: LDAPsearch: user: "wee09508" filter:
>           : LDAPuserdb: no entry in directory, returning unknown. More
>  info: ({ /* 2 elements */
>           :     "utf8_to_string(): Unexpected continuation block 0x82 at
>  1.\n",
>           :     ({ /* 22 elements */

------- Comment #3 From 2002-01-21 12:09:40 CET -------
Finally I found the problem. Novell uses special attribute types
(according their LDAP schema for NDS) which are using
LDAP 'octet string' type, but internally there are coded data.
As LDAP client does UTF8->string decoding, the Pike returns an error.

You have 2 choices to solve it (good news, isn't it :)

1,  no code modification:

  Set arbitrary list of attributes you need in search filter.
  This has one more advantage - your LDAP search operation
  will be more quicklier, as the LDAP client code will not have
  to decode other data which are uninterested for login.

2, code modification

  It is possible to encapsulate utf8_to_string operation and
  catch error. I will do it in the Roxen CVS server.
------- Comment #4 From 2002-01-23 08:01:25 CET -------
Fixed today in Pike/7.2 & Pike/7.3


You need to log in before you can comment on or make changes to this bug.