<br><font size=2 face="sans-serif">Waw! I was so stupid...</font>
<br><font size=2 face="sans-serif">Notes LDAP said wrong about BaseDN.
Before Notes 7.0.2FP2 it skipped bad syntax but now need right one.</font>
<br><font size=2 face="sans-serif">Sorry...</font>
<br>
<br><font size=2 face="sans-serif">I just change</font>
<br><font size=2 face="sans-serif">BaseDN gdc</font>
<br><font size=2 face="sans-serif">to</font>
<br><font size=2 face="sans-serif">BaseDN o=gdc</font>
<br><font size=2 face="sans-serif">and find it works!</font>
<br><font size=2 face="sans-serif"><br>
Sergei N Keler<br>
IT-Manager<br>
General DataComm<br>
[skeler@gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] [fax +7(812)325-1086]</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Hugh Irvine <hugh@open.com.au></b>
</font>
<p><font size=1 face="sans-serif">29.08.2007 12:45</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">"Sergei Keler" <skeler@gdc.ru></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif">Mike McCauley <mikem@open.com.au>,
radiator@open.com.au</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: (RADIATOR) Lotus Notes 7.0.2 LDAP</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2><br>
Hello Sergei -<br>
<br>
You should add "Debug 255" to the AuthBy LDAP2 clause:<br>
<br>
<AuthBy LDAP2><br>
......<br>
Debug
255<br>
</AuthBy><br>
<br>
and run radiusd by hand like this:<br>
<br>
cd **/your/Radiator/distribution**<br>
<br>
perl radiusd -foreground -log_stdout -trace 4 -config_file **/your/ <br>
configuration/file**<br>
<br>
The LDAP debug is written to std_err so you will see it mixed in with <br>
the Radiator debug.<br>
<br>
regards<br>
<br>
Hugh<br>
<br>
<br>
<br>
On 29 Aug 2007, at 18:28, Sergei Keler wrote:<br>
<br>
><br>
> I'm sorry but explain me how to chenge config for debug/trace LDAP?<br>
><br>
> <AuthBy LDAP2><br>
> Debug<br>
> Gave no result...<br>
><br>
> running radiusd -foreground was not work too.<br>
><br>
> # radiusd -v<br>
> This is Radiator 3.16 on ns<br>
> Copyright Open System Consultants<br>
><br>
> Debug log:<br>
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller@wifi<br>
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller@wifi<br>
> Wed Aug 29 11:48:53 2007: DEBUG: Handling request with Handler <br>
> 'Realm=wifi'<br>
> Wed Aug 29 11:48:53 2007: DEBUG: Rewrote user name to skiller<br>
> Wed Aug 29 11:48:53 2007: DEBUG: Deleting session for <br>
> skiller@wifi, 192.168.0.254, 379<br>
> Wed Aug 29 11:48:53 2007: DEBUG: Handling with Radius::AuthLDAP2:<br>
> Wed Aug 29 11:48:53 2007: INFO: Connecting to notes.office.gdc.ru:
<br>
> 10389<br>
> Wed Aug 29 11:48:53 2007: INFO: Attempting to bind to LDAP server
<br>
> notes.office.gdc.ru:10389<br>
> Wed Aug 29 11:48:53 2007: ERR: ldap search for (& <br>
> (companyname=General DataComm)(uid=skiller)) failed with error <br>
> LDAP_INVALID_DN_SYNTAX.<br>
> Wed Aug 29 11:48:53 2007: ERR: Disconnecting from LDAP server <br>
> (server notes.office.gdc.ru:10389).<br>
> Wed Aug 29 11:48:53 2007: DEBUG: AuthBy LDAP2 result: IGNORE, User
<br>
> database access error<br>
><br>
> Whats all :-(<br>
><br>
> Sergei N Keler<br>
> IT-Manager<br>
> General DataComm<br>
> [skeler@gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)] <br>
> [fax +7(812)325-1086]<br>
><br>
><br>
> Mike McCauley <mikem@open.com.au><br>
> 29.08.2007 03:44<br>
><br>
> To<br>
> "Sergei Keler" <skeler@gdc.ru><br>
> cc<br>
> radiator@open.com.au, "Hugh Irvine" <hugh@open.com.au><br>
> Subject<br>
> Re: (RADIATOR) Lotus Notes 7.0.2 LDAP<br>
><br>
><br>
><br>
><br>
><br>
> Hello Sergei,<br>
><br>
> thanks for this report.<br>
> We cant see any cases in Radiator Ldap where a DN would contain <br>
> spaces (unless<br>
> it was configured that way in the config file).<br>
><br>
> Perhaps the next step will be for you rerun your tests with the <br>
> Debug flag<br>
> enabled in your AuthBy LDAP clause. This will cause the LDAP side
<br>
> of the<br>
> conversation to be printed on stdout.<br>
><br>
> Are you able to get any tracing or logging from your LDAP server to
<br>
> see what<br>
> it thinks the problem is?<br>
><br>
> Cheers.<br>
><br>
> On Tuesday 28 August 2007 22:55, Sergei Keler wrote:<br>
> > Hi!<br>
> ><br>
> > Lotus made some changes in their LDAP server:<br>
> ><br>
> > ---<br>
> > In 7.02 some changes were made to interpret LDAP DNs more <br>
> precisely. It<br>
> > looks like we got a little over zealous with a base of "
" (one <br>
> or more<br>
> > spaces). Rather than returning Invalid DN Syntax we should <br>
> probably just<br>
> > normalize it to a base of root "" (no space). We'll
look into <br>
> this. In the<br>
> > mean time change the root on your search requests to "".<br>
> > ---<br>
> ><br>
> > Hah! Radiator's LDAP auth module said 'Invalid Syntax' in realms
<br>
> where it<br>
> > worked.<br>
> ><br>
> > Where to dig or what to change in radiator config?<br>
> ><br>
> > <AuthBy LDAP2><br>
> > Host
qqq<br>
> > Port
xxx<br>
> > UsernameAttr
uid<br>
> > PasswordAttr
aaa<br>
> > AuthDN
bbb<br>
> > AuthPassword
ccc<br>
> > BaseDN
gdc<br>
> > SearchFilter
(uid=%1)<br>
> ><br>
> > Sergei N Keler<br>
> > IT-Manager<br>
> > General DataComm<br>
> > [skeler@gdc.ru] [www.gdc.ru] [tel. +7(812)325-1085 (ext. 7123)]
[fax<br>
> > +7(812)325-1086]<br>
><br>
> -- <br>
> Mike McCauley
mikem@open.com.au<br>
> Open System Consultants Pty. Ltd
Unix, Perl, Motif, C++, <br>
> WWW<br>
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://
<br>
> www.open.com.au<br>
> Phone +61 7 5598-7474
Fax +61 7 5598-7070<br>
><br>
> Radiator: the most portable, flexible and configurable RADIUS server<br>
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,<br>
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
<br>
> TLS,<br>
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.<br>
><br>
><br>
<br>
<br>
<br>
NB:<br>
<br>
Have you read the reference manual ("doc/ref.html")?<br>
Have you searched the mailing list archive (www.open.com.au/archives/ <br>
radiator)?<br>
Have you had a quick look on Google (www.google.com)?<br>
Have you included a copy of your configuration file (no secrets),<br>
together with a trace 4 debug showing what is happening?<br>
Have you checked the RadiusExpert wiki:<br>
http://www.open.com.au/wiki/index.php/Main_Page<br>
<br>
-- <br>
Radiator: the most portable, flexible and configurable RADIUS server<br>
anywhere. Available on *NIX, *BSD, Windows, MacOS X.<br>
Includes support for reliable RADIUS transport (RadSec),<br>
and DIAMETER translation agent.<br>
-<br>
Nets: internetwork inventory and management - graphical, extensible,<br>
flexible with hardware, software, platform and database independence.<br>
-<br>
CATool: Private Certificate Authority for Unix and Unix-like systems.<br>
<br>
<br>
<br>
</font></tt>
<br>