Ubuntu
smbldap-tools package

smbldap-useradd fails to authenticate to allow changes to LDAP server

Bug #680177 reported by derek fong
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
smbldap-tools (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Binary package hint: smbldap-tools

Description: Ubuntu 10.04.1 LTS
Release: 10.04

smbldap-tools:
  Installed: 0.9.5-1
  Candidate: 0.9.5-1
  Version table:
 *** 0.9.5-1 0
        500 http://ca.archive.ubuntu.com/ubuntu/ lucid/universe Packages
        100 /var/lib/dpkg/status

I have an OpenLDAP server that was originally set up with Ubuntu 7 or 8. We recently upgraded to Ubuntu 10.04 and recently noticed that we are no longer able to add users using smbldap-useradd. The error we get is:

$ smbldap-useradd -a pat
Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1187, <DATA> line 466.

I have the proper credentials set up in /etc/smbldap-tools/smbldap_bind.conf, and I've confirmed that we are still able to modify data in our schema through phpldapadmin using the same authentication credentials. No other errors appear to be logged anywhere.

Since I'm able to add and remove users using phpldapadmin, I should be able to do the same through smbldap-useradd.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: smbldap-tools 0.9.5-1
ProcVersionSignature: Ubuntu 2.6.32-24.43-server 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-server x86_64
Architecture: amd64
Date: Mon Nov 22 13:25:27 2010
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
PackageArchitecture: all
ProcEnviron:
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: smbldap-tools

Revision history for this message
derek fong (info-subtitled) wrote :
Revision history for this message
rduke15 (rduke15) wrote :

I had the same problem, and it turned out I had made a silly mistake in my /etc/smbldap-tools/smbldap_bind.conf file. The password was correct, but the DN entries started with "dc=admin, ..." instead of "cn=admin, ...".

In the end, what helped me find the problem was to add the "stats" loglevel to the slapd config. This showed the following in the logs:

Feb 2 11:50:27 lenny1 slapd[5502]: conn=150 op=0 BIND dn="dc=admin,dc=example,dc=com" method=128
Feb 2 11:50:27 lenny1 slapd[5502]: conn=150 op=0 RESULT tag=97 err=49 text=

After this error, the smbldap-useradd continued and failed with the next error. If it had stopped right there, it would have been much easier to find the problem.

So in my case, I believe the bug would be that smbldap-useradd continues after failing to bind as admin, and then reports a misleading error at the next step.

Revision history for this message
rduke15 (rduke15) wrote :

I would suggest the following changes:

===============

# diff -w -u /usr/share/perl5/smbldap_tools.pm.orig /usr/share/perl5/smbldap_tools.pm
--- /usr/share/perl5/smbldap_tools.pm.orig 2007-09-24 11:07:11.000000000 +0200
+++ /usr/share/perl5/smbldap_tools.pm 2011-02-02 14:07:48.000000000 +0100
@@ -296,6 +296,10 @@
     $mesg = $ldap_master->bind ( "$config{masterDN}",
      password => "$config{masterPw}"
      );
+ if ($mesg->is_error()) {
+ warn qq[Cannot bind to $config{masterLDAP}:$config{masterPort} as "$config{masterDN}": ], $mesg->error_text();
+ return undef;
+ }
     $ldap=$ldap_master;
     return($ldap_master);
 }

===============

and

===============

# diff -w -U 1 /usr/sbin/smbldap-useradd.orig /usr/sbin/smbldap-useradd
--- /usr/sbin/smbldap-useradd.orig 2007-09-24 12:18:51.000000000 +0200
+++ /usr/sbin/smbldap-useradd 2011-02-02 14:03:04.000000000 +0100
@@ -73,3 +73,4 @@

-my $ldap_master=connect_ldap_master();
+my $ldap_master=connect_ldap_master()
+ or die "Error binding to ldap server\n";

===============

Revision history for this message
Logan Rosen (logan) wrote :

Thank you for reporting this bug to Ubuntu.

Ubuntu 10.04 (lucid) reached end-of-life on May 9, 2013.

See this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

We appreciate that this bug may be old and you might not be interested in discussing it any more. But if you are then please upgrade to the latest Ubuntu version and re-test. If you then find the bug is still present in the newer Ubuntu version, please add a comment here telling us which new version it is in.

Changed in smbldap-tools (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for smbldap-tools (Ubuntu) because there has been no activity for 60 days.]

Changed in smbldap-tools (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.