Ubuntu
tac-plus package

tac-plus does not pass DN to LDAP server for authentication

Bug #179758 reported by smasher953
4
Affects Status Importance Assigned to Milestone
tac-plus (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: tac-plus

I've installed OpenLDAP on a clean Ubuntu 7.10 server install. OpenLDAP is properly setup and configured as I can authenticate against it using pGina on a windows XP box, and can query the ldap database without any issues.

After installing the tac-plus package I configured a basic tacacs.conf configuration, using several variations of the LDAP authentication line:

default authentication = ldap "ldap://192.168.1.105:389/dc=tacacs,dc=com"

or

default authentication = ldap "ldap://192.168.1.105:389/dc=tacacs,dc=com?"

or

default authentication = ldap "ldap://192.168.1.105:389/dc=tacacs,dc=com?"

and many other combinations of it.

In the diff file it looks like the following formats should be used: tac-plus_4.0.4.alpha-14.diff.gz

ldap://LDAP-hostname:100/dn_for_user&dn_for_passwd
ldap://LDAP-hostname:port/BaseDN?searchfilter

My Open LDAP server shows that the baseDN isn't being passed to the LDAP server (shows as "bind: invalid dn (gfuller)"...gfuller is my username):

Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: listen=8, new connection on 12
Jan 1 18:45:47 tacacs slapd[5297]: daemon: added 12r (active) listener=(nil)
Jan 1 18:45:47 tacacs slapd[5297]: conn=10 fd=12 ACCEPT from IP=192.168.1.105:55334 (IP=0.0.0.0:389)
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]: 12r
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: read active on 12
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: bind: invalid dn (gfuller)
Jan 1 18:45:47 tacacs slapd[5297]: conn=10 op=0 RESULT tag=97 err=34 text=invalid DN
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]: 12r
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: read active on 12
Jan 1 18:45:47 tacacs slapd[5297]: connection_read(12): input error=-2 id=10, closing.
Jan 1 18:45:47 tacacs slapd[5297]: daemon: removing 12
Jan 1 18:45:47 tacacs slapd[5297]: conn=10 fd=12 closed (connection lost)
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL

It seems like this is a problem with the package...I haven't tried compiling it from scratch and applying any of the LDAP patches....That's my next step to try.

Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 8.10?

Changed in tac-plus:
status: New → Incomplete
Revision history for this message
smasher953 (gfuller) wrote : RE: [Bug 179758] Re: tac-plus does not pass DN to LDAP server forauthentication

Yes, the last time I tried it it was with 8.10.

--greg

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of
Daniel T Chen
Sent: Friday, November 21, 2008 10:16 PM
To: <email address hidden>
Subject: [Bug 179758] Re: tac-plus does not pass DN to LDAP server
forauthentication

Is this symptom still reproducible in 8.10?

** Changed in: tac-plus (Ubuntu)
       Status: New => Incomplete

--
tac-plus does not pass DN to LDAP server for authentication
https://bugs.launchpad.net/bugs/179758
You received this bug notification because you are a direct subscriber
of the bug.

Revision history for this message
Victor Vargas (kamus) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in tac-plus (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.