tac-plus does not pass DN to LDAP server for authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tac-plus (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: tac-plus
I've installed OpenLDAP on a clean Ubuntu 7.10 server install. OpenLDAP is properly setup and configured as I can authenticate against it using pGina on a windows XP box, and can query the ldap database without any issues.
After installing the tac-plus package I configured a basic tacacs.conf configuration, using several variations of the LDAP authentication line:
default authentication = ldap "ldap:/
or
default authentication = ldap "ldap:/
or
default authentication = ldap "ldap:/
and many other combinations of it.
In the diff file it looks like the following formats should be used: tac-plus_
ldap://
ldap://
My Open LDAP server shows that the baseDN isn't being passed to the LDAP server (shows as "bind: invalid dn (gfuller)
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: listen=8, new connection on 12
Jan 1 18:45:47 tacacs slapd[5297]: daemon: added 12r (active) listener=(nil)
Jan 1 18:45:47 tacacs slapd[5297]: conn=10 fd=12 ACCEPT from IP=192.
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]: 12r
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: read active on 12
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: bind: invalid dn (gfuller)
Jan 1 18:45:47 tacacs slapd[5297]: conn=10 op=0 RESULT tag=97 err=34 text=invalid DN
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]: 12r
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: read active on 12
Jan 1 18:45:47 tacacs slapd[5297]: connection_
Jan 1 18:45:47 tacacs slapd[5297]: daemon: removing 12
Jan 1 18:45:47 tacacs slapd[5297]: conn=10 fd=12 closed (connection lost)
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on 1 descriptor
Jan 1 18:45:47 tacacs slapd[5297]: daemon: activity on:
Jan 1 18:45:47 tacacs slapd[5297]:
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Jan 1 18:45:47 tacacs slapd[5297]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
It seems like this is a problem with the package...I haven't tried compiling it from scratch and applying any of the LDAP patches....That's my next step to try.
Is this symptom still reproducible in 8.10?