LDAP client library problems

From: Tom Crummey (tom_at_ee.ucl.ac.uk)
Date: 08/25/05

  • Next message: rob.de.langhe_at_belgacom.be: "UPDATE: can I exclude "root" authentication from using Kerberos ?" 
    To: sunmanagers@sunmanagers.org
Date: Thu, 25 Aug 2005 12:11:00 +0100

    Hello,

    I've getting the following messages in /var/adm/messages:

    Aug 25 11:32:19 spock smbd[5856]: [ID 293258 user.error] libsldap:
    Status: 7 Mesg: LDAP ERROR (-7): Bad search filter.
    Aug 25 11:32:19 spock smbd[5856]: [ID 293258 user.error] libsldap:
    Status: 7 Mesg: LDAP ERROR (-7): Bad search filter.
    Aug 25 11:32:19 spock last message repeated 1 time
    Aug 25 11:37:21 spock smbd[5861]: [ID 293258 user.error] libsldap:
    Status: 7 Mesg: LDAP ERROR (-7): Bad search filter.
    Aug 25 11:32:19 spock last message repeated 1 time
    Aug 25 11:37:21 spock smbd[5861]: [ID 293258 user.error] libsldap:
    Status: 7 Mesg: LDAP ERROR (-7): Bad search filter.
    Aug 25 11:37:21 spock last message repeated 1 time
    Aug 25 11:37:21 spock last message repeated 1 time
    Aug 25 11:42:28 spock smbd[5869]: [ID 293258 user.error] libsldap:
    Status: 7 Mesg: LDAP ERROR (-7): Bad search filter.
    Aug 25 11:42:28 spock smbd[5869]: [ID 293258 user.error] libsldap:
    Status: 7 Mesg: LDAP ERROR (-7): Bad search filter.

    They are caused by smbd looking up a host in a netgroup using the
    innetgr library call. The netgroup is stored in an LDAP directory which
    is SUN ONE DS v5.2. The lookup always fails and produces this error. No
    query arrives at the LDAP server. Both systems are fully patched up to
    date.

    I have written a small C test program which performs the same lookup
    using innetgr which works.

    I don't understand how a search filter is being set. I don't understand
    why using innetgr in smbd doesn't work and using it in a 3 line C
    program I wrote does.

    If anyone has any ideas of where to look for the solution to this
    problem or any avenues of attack for debugging (i.e. how to get libsldap
    to print out the Bad search filter), that would be great.

    Thanks, 

    -- 
Tom.
----------------------------------------------------------------------------
 Tom Crummey, Systems and Network Manager,   EMAIL: tom@ee.ucl.ac.uk
 Department of Electronic and Electrical Engineering,                  
 University College London,                  TEL: +44 (0)20 7679 3898   
 Torrington Place,                           FAX: +44 (0)20 7388 9325
 London, UK, WC1E 7JE.                         
----------------------------------------------------------------------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
  • Next message: rob.de.langhe_at_belgacom.be: "UPDATE: can I exclude "root" authentication from using Kerberos ?"