Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#932198: fusiondirectory does not bind to LDAP server after upgrade from stretch to buster
102 views
Skip to first unread message
Robert Middleton
Jul 16, 2019, 10:30:03 AM7/16/19
to
Package: fusiondirectory
Version: 1.2.3-4
Severity: normal
Dear Maintainer,
Upgrading from stretch to buster results in a broken fusiondirectory installation. fusiondirectory fails to bind to the LDAP server.
The error that is reported is as follows:
```
Fatal error
FATAL: Error when connecting the LDAP. Server said 'Could not bind to cn=admin,dc=ldap,dc=example,dc=com ((unknown error code), while operating on '' using LDAP server 'ldap://localhost:389')'.
Please fix the above error and reload the page.
```
I was able to get to the setup page by renaming the /etc/fusiondirectory/fusiondirectory.conf file, however when I get to the setup page for the LDAP connection and fill in the user information, attempting to bind as the user fails.
Note that installing on a clean system(which leads to bug #931959) does let fusiondirectory bind to the LDAP server without a problem, but only after running fusiondirectory-insert-schema -m /etc/ldap/schema/core-fd-conf.schema. This leads me to believe this problem is related to the upgrade procedure.
I possibly had an error earlier with not having the mbstring PHP module, due to not installing it for PHP7.3, however the setup did warn me about this.
Note that I also get the following error when attemping to read the config:
# fusiondirectory-setup --check-ldap --show-config
! Failed to bind to LDAP server: decode error 17<=>30 0 8 at /usr/share/perl5/Convert/ASN1/_decode.pm line 113.
This command works fine on the clean system when it is configured to read from the remote LDAP server.
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages fusiondirectory depends on:
ii apache2 [httpd] 2.4.38-3
ii debconf [debconf-2.0] 1.5.71
ii fusiondirectory-smarty3-acl-render 1.2.3-4
ii gettext 0.19.8.1-9
ii javascript-common 11
ii libarchive-extract-perl 0.80-1
ii libcrypt-cbc-perl 2.33-2
ii libfile-copy-recursive-perl 0.44-1
ii libjs-prototype 1.7.1-3
ii libjs-scriptaculous 1.9.0-2
ii libnet-ldap-perl 1:0.6500+dfsg-1
ii libpath-class-perl 0.37-1
ii libperl5.24 [libdigest-sha-perl] 5.24.1-3+deb9u5
ii libterm-readkey-perl 2.38-1
ii libxml-twig-perl 1:3.50-1.1
ii openssl 1.1.1c-1
ii php 2:7.3+69
ii php-cas 1.3.6-1
ii php-curl 2:7.3+69
ii php-fpdf 3:1.8.1.dfsg-2
ii php-gd 2:7.3+69
ii php-imagick 3.4.3-4.1
ii php-imap 2:7.3+69
ii php-ldap 2:7.3+69
ii php-recode 2:7.3+69
ii php7.0 [php] 7.0.33-0+deb9u3
ii php7.0-cli [php-cli] 7.0.33-0+deb9u3
ii php7.0-gd [php-gd] 7.0.33-0+deb9u3
ii php7.0-imap [php-imap] 7.0.33-0+deb9u3
ii php7.0-ldap [php-ldap] 7.0.33-0+deb9u3
ii php7.0-mbstring [php-mbstring] 7.0.33-0+deb9u3
ii php7.0-recode [php-recode] 7.0.33-0+deb9u3
ii php7.3 [php] 7.3.4-2
ii php7.3-cli [php-cli] 7.3.4-2
ii php7.3-curl [php-curl] 7.3.4-2
ii php7.3-gd [php-gd] 7.3.4-2
ii php7.3-imap [php-imap] 7.3.4-2
ii php7.3-ldap [php-ldap] 7.3.4-2
ii php7.3-mbstring [php-mbstring] 7.3.4-2
ii php7.3-recode [php-recode] 7.3.4-2
ii schema2ldif 1.3-3
ii smarty-gettext 1.6.1-1
ii smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
fusiondirectory recommends no packages.
Versions of packages fusiondirectory suggests:
pn argonaut-server <none>
ii fusiondirectory-schema 1.2.3-4
ii slapd 2.4.47+dfsg-3
-- debconf information:
* fusiondirectory/upgrade-confirm: true
fusiondirectory/upgrade-canceled:
Version: 1.2.3-4
Severity: normal
Dear Maintainer,
Upgrading from stretch to buster results in a broken fusiondirectory installation. fusiondirectory fails to bind to the LDAP server.
The error that is reported is as follows:
```
Fatal error
FATAL: Error when connecting the LDAP. Server said 'Could not bind to cn=admin,dc=ldap,dc=example,dc=com ((unknown error code), while operating on '' using LDAP server 'ldap://localhost:389')'.
Please fix the above error and reload the page.
```
I was able to get to the setup page by renaming the /etc/fusiondirectory/fusiondirectory.conf file, however when I get to the setup page for the LDAP connection and fill in the user information, attempting to bind as the user fails.
Note that installing on a clean system(which leads to bug #931959) does let fusiondirectory bind to the LDAP server without a problem, but only after running fusiondirectory-insert-schema -m /etc/ldap/schema/core-fd-conf.schema. This leads me to believe this problem is related to the upgrade procedure.
I possibly had an error earlier with not having the mbstring PHP module, due to not installing it for PHP7.3, however the setup did warn me about this.
Note that I also get the following error when attemping to read the config:
# fusiondirectory-setup --check-ldap --show-config
! Failed to bind to LDAP server: decode error 17<=>30 0 8 at /usr/share/perl5/Convert/ASN1/_decode.pm line 113.
This command works fine on the clean system when it is configured to read from the remote LDAP server.
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages fusiondirectory depends on:
ii apache2 [httpd] 2.4.38-3
ii debconf [debconf-2.0] 1.5.71
ii fusiondirectory-smarty3-acl-render 1.2.3-4
ii gettext 0.19.8.1-9
ii javascript-common 11
ii libarchive-extract-perl 0.80-1
ii libcrypt-cbc-perl 2.33-2
ii libfile-copy-recursive-perl 0.44-1
ii libjs-prototype 1.7.1-3
ii libjs-scriptaculous 1.9.0-2
ii libnet-ldap-perl 1:0.6500+dfsg-1
ii libpath-class-perl 0.37-1
ii libperl5.24 [libdigest-sha-perl] 5.24.1-3+deb9u5
ii libterm-readkey-perl 2.38-1
ii libxml-twig-perl 1:3.50-1.1
ii openssl 1.1.1c-1
ii php 2:7.3+69
ii php-cas 1.3.6-1
ii php-curl 2:7.3+69
ii php-fpdf 3:1.8.1.dfsg-2
ii php-gd 2:7.3+69
ii php-imagick 3.4.3-4.1
ii php-imap 2:7.3+69
ii php-ldap 2:7.3+69
ii php-recode 2:7.3+69
ii php7.0 [php] 7.0.33-0+deb9u3
ii php7.0-cli [php-cli] 7.0.33-0+deb9u3
ii php7.0-gd [php-gd] 7.0.33-0+deb9u3
ii php7.0-imap [php-imap] 7.0.33-0+deb9u3
ii php7.0-ldap [php-ldap] 7.0.33-0+deb9u3
ii php7.0-mbstring [php-mbstring] 7.0.33-0+deb9u3
ii php7.0-recode [php-recode] 7.0.33-0+deb9u3
ii php7.3 [php] 7.3.4-2
ii php7.3-cli [php-cli] 7.3.4-2
ii php7.3-curl [php-curl] 7.3.4-2
ii php7.3-gd [php-gd] 7.3.4-2
ii php7.3-imap [php-imap] 7.3.4-2
ii php7.3-ldap [php-ldap] 7.3.4-2
ii php7.3-mbstring [php-mbstring] 7.3.4-2
ii php7.3-recode [php-recode] 7.3.4-2
ii schema2ldif 1.3-3
ii smarty-gettext 1.6.1-1
ii smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
fusiondirectory recommends no packages.
Versions of packages fusiondirectory suggests:
pn argonaut-server <none>
ii fusiondirectory-schema 1.2.3-4
ii slapd 2.4.47+dfsg-3
-- debconf information:
* fusiondirectory/upgrade-confirm: true
fusiondirectory/upgrade-canceled:
Robert Middleton
Jul 30, 2019, 12:20:02 PM7/30/19
to
I have fixed this issue on my end; it may be an erroneous bug on the
upgrade portion.
About the time that I upgraded from stretch->buster, I also turned on
the SSL connections on slapd. It seems that earlier versions of
fusiondirectory will connect to localhost just fine, but because of
the SSL cert it seems like it was failing.
Bad connection string:
ldap://localhost:389
Good connection string:
ldap://ldap.example.com:389
Regardless, the error that comes back is still completely useless,
since it does not tell you anything about possible SSL errors.
-Robert Middleton
upgrade portion.
About the time that I upgraded from stretch->buster, I also turned on
the SSL connections on slapd. It seems that earlier versions of
fusiondirectory will connect to localhost just fine, but because of
the SSL cert it seems like it was failing.
Bad connection string:
ldap://localhost:389
Good connection string:
ldap://ldap.example.com:389
Regardless, the error that comes back is still completely useless,
since it does not tell you anything about possible SSL errors.
-Robert Middleton
Mike Gabriel
Jul 30, 2019, 4:10:03 PM7/30/19
to
Control: severity -1 important
Hi,
thanks for the feedback.
Lowering severity to important.
Mike
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.g...@das-netzwerkteam.de, http://das-netzwerkteam.de
Hi,
thanks for the feedback.
Mike
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.g...@das-netzwerkteam.de, http://das-netzwerkteam.de
0 new messages