Wednesday, June 1, 2022

[389-users] Re: How do display the actual ldap request sent by an app?

Rainer,

The directory's access log may provide you with the information you need to resolve the issue. Grep for the originating IP or bindDN, then grep for the connection number (conn=xxxxx) within the results. The output from the second grep should provide the entire sequence of events for that connection, including the connection, bind, operations, unbind, and the results for each including success and failure ldap error codes. The op=x field within the output indicates the operation order.

Hope that helps.

David Ritenour
Senior Directory Engineer
MartinFederal Consulting, LLC
513 Madison Street SE
Huntsville, AL 35801

-----Original Message-----
From: Rainer Duffner <rainer@ultra-secure.de>
Sent: Wednesday, June 1, 2022 4:21 AM
To: General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: [389-users] Re: How do display the actual ldap request sent by an app?

** WARNING: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


The app is a java app.

When the user is added, there is no error in the 389-server error log - but the user isn't really added.


The use-case is a bit complicated and I have asked them to create a simpler version of the java-app that just adds the user and that is easier to replicate.

The absurd thing is that it works in the test-environment, but not in production :-(


The app itself is running outside my realm, I have no access to their logs.




Rainer



> Am 01.06.2022 um 10:16 schrieb Lewis Robson <robsonl@conscious.co.uk>:
>
> Whats the app you're using? Is there any logging for this app?
> follow the general logs from the machine running the app in another
> tty so you can see if anythings happening, also, tcpdump to follow the
> traffic between the hosts may help here (I assume it is if ldapmodify
> is working, but more data may help)
>
> it sounds to me like there is an issue with the app initiating the request.
>
> On 01/06/2022 09:08, Rainer Duffner wrote:
>> Hi,
>> as I mentioned in my other post, an app has „suddenly" stopped to work with 389-server 1.3.10 correctly.
>> The app tries to add a user, but the user is not added and no apparent error is logged.
>> I tried adding a user manually with ldapmodify - but that still works, with the credentials of the user the app is using.
>> I set
>> nsslapd-errorlog-level: 128
>> but that slowed down the server too much because it still gets
>> traffic from the load-balancer health-checks… Rainer
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org To
>> unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedorap
>> roject.org Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>
> --
> Lewis Robson
> Systems Administrator
> Conscious Solutions Limited
>
> Tel: 0117 325 0200
> Web: https://www.conscious.co.uk
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org To
> unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedorapr
> oject.org Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email and any such files in error and that any use, dissemination, forwarding, printing or copying of this email and/or any such files is strictly prohibited. If you have received this email in error please immediately notify hr@martinfed.com - (855) 212-1810 , and destroy the original message and any such files.
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment