I've compiled the LDAP test in hobbit, and I'm trying
to test the login ability. However, I'm not sure it's working.
All the test status shows me is O.K..
Here's what's in my bb-hosts file:
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
Am I missing something here? What's a good way to test if I'm actually
doing a login test of ldap? What does the status normally show?
Thanks..James
Henrik,
I could really use some help on this one.
Can you point me in the right direction?
Thanks..James
From: James Wade [mailto:jkwade at futurefrontiers.com] Sent: Tuesday, November 14, 2006 12:10 PM To: hobbit at hswn.dk Subject: [hobbit] LDAP Test
I've compiled the LDAP test in hobbit, and I'm trying
to test the login ability. However, I'm not sure it's working.
All the test status shows me is O.K..
Here's what's in my bb-hosts file:
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
Am I missing something here? What's a good way to test if I'm actually
doing a login test of ldap? What does the status normally show?
Thanks..James
James Wade wrote:
Henrik,
I could really use some help on this one.
Can you point me in the right direction?
Thanks….James
*From:* James Wade [mailto:jkwade at futurefrontiers.com] *Sent:* Tuesday, November 14, 2006 12:10 PM *To:* hobbit at hswn.dk *Subject:* [hobbit] LDAP Test
I’ve compiled the LDAP test in hobbit, and I’m trying
to test the login ability. However, I’m not sure it’s working.
All the test status shows me is O.K….
Here’s what’s in my bb-hosts file:
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
Am I missing something here? What’s a good way to test if I’m actually
doing a login test of ldap? What does the status normally show?
Thanks….James
You should put something to search for on the end of the line
eg 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389/uid=someuser (from memory its /attr=whatever cant see our working one right now)
it will tell you how many results are returned and I think fail if nothing is returned.
Also if your ldap DOESNT allow anonymous bind then the fact that the login works I guess is a test in itself
Allan
Allan,
I tried this, but the LDAP test just shows green that everything is O.K.
Do you get additional output anywhere showing that it pulled data from the ldap query?
James
-----Original Message----- From: Allan Spencer [mailto:allan at zandahar.net] Sent: Tuesday, November 14, 2006 4:26 PM To: hobbit at hswn.dk Subject: Re: [hobbit] LDAP Test
James Wade wrote:
Henrik,
I could really use some help on this one.
Can you point me in the right direction?
Thanks..James
*From:* James Wade [mailto:jkwade at futurefrontiers.com] *Sent:* Tuesday, November 14, 2006 12:10 PM *To:* hobbit at hswn.dk *Subject:* [hobbit] LDAP Test
I've compiled the LDAP test in hobbit, and I'm trying
to test the login ability. However, I'm not sure it's working.
All the test status shows me is O.K..
Here's what's in my bb-hosts file:
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
Am I missing something here? What's a good way to test if I'm actually
doing a login test of ldap? What does the status normally show?
Thanks..James
You should put something to search for on the end of the line
eg 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389/uid=someuser (from memory its /attr=whatever cant see our working one right now)
it will tell you how many results are returned and I think fail if nothing is returned.
Also if your ldap DOESNT allow anonymous bind then the fact that the login works I guess is a test in itself
Allan
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
James Wade wrote:
Henrik,
I could really use some help on this one.
Can you point me in the right direction?
Thanks….James
*From:* James Wade [mailto:jkwade at futurefrontiers.com] *Sent:* Tuesday, November 14, 2006 12:10 PM *To:* hobbit at hswn.dk *Subject:* [hobbit] LDAP Test
I’ve compiled the LDAP test in hobbit, and I’m trying
to test the login ability. However, I’m not sure it’s working.
All the test status shows me is O.K….
Here’s what’s in my bb-hosts file:
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
Am I missing something here? What’s a good way to test if I’m actually
doing a login test of ldap? What does the status normally show?
Thanks….James
Having some issues with my blacklist system at the moment that stopped my reply coming back to me
but also forgot just wanted to mention youll probably need to specify a base dn in your search so should be more like as follows
ldap://127.0.0.1:389/o=company?uid=someperson
just looke at one of ours and it returns as follows. Searching for a group and doing a login to search (no anonymous allowed)
Wed Nov 15 09:29:39 2006ldap://192.168.1.218:389/o=connell wagner?cn=CW LMS_ADMIN - OK
Searching LDAP for ldap://192.168.1.218:389/o=connell wagner?cn=CW LMS_ADMIN yields 1 results:
DN: O=Connell Wagner
Seconds: 0.01
On Tue, Nov 14, 2006 at 12:10:27PM -0600, James Wade wrote:
I've compiled the LDAP test in hobbit, and I'm trying to test the login ability. However, I'm not sure it's working.
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
What exactly are you trying to do here?
The "ldap:systemA:389" doesn't make sense. If you want just to test if the ldap port is open, then you should just use "ldap" - nothing more.
If you want to check if the ldap server is responding to queries, then you must provide a full URL-style LDAP query - see the bb-hosts man-page for details about how to do that.
Since you're messing the "ldaplogin", I assume you want to perform the "real" LDAP lookup test.
BTW, "ldaplogin" is only needed if your LDAP server requires authentication. Most LDAP servers allow anonymous connections for simple lookups.
Regards, Henrik
I've tried this:
ldap://systemA:389/ou=my,o=test,st=tx,c=us ldaplogin=ldapuser:passwdd
Didn't work though. I got the ou, o,st,c from the ldap folks.
Yes, I want to do a real ldap lookup. The ldap folks have created a test account for me. We had ldap hang today, so Hobbit showed everything fine, but now one could authenticate.
Thanks for the help.
James
-----Original Message----- From: Henrik Stoerner [mailto:henrik at hswn.dk] Sent: Tuesday, November 14, 2006 3:53 PM To: hobbit at hswn.dk Subject: Re: [hobbit] LDAP Test
On Tue, Nov 14, 2006 at 12:10:27PM -0600, James Wade wrote:
I've compiled the LDAP test in hobbit, and I'm trying to test the login ability. However, I'm not sure it's working.
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
What exactly are you trying to do here?
The "ldap:systemA:389" doesn't make sense. If you want just to test if the ldap port is open, then you should just use "ldap" - nothing more.
If you want to check if the ldap server is responding to queries, then you must provide a full URL-style LDAP query - see the bb-hosts man-page for details about how to do that.
Since you're messing the "ldaplogin", I assume you want to perform the "real" LDAP lookup test.
BTW, "ldaplogin" is only needed if your LDAP server requires authentication. Most LDAP servers allow anonymous connections for simple lookups.
Regards, Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On Tue, Nov 14, 2006 at 04:16:47PM -0600, James Wade wrote:
I've tried this:
ldap://systemA:389/ou=my,o=test,st=tx,c=us ldaplogin=ldapuser:passwdd
Do read the man-page. LDAP URL's are notoriously complex beasts; you would need something like
ldap://systemA:389/ou=my,o=test,st=tx,c=us??sub?(uid=thomsonm)
"sub" is the "scope" of the search and "uid=thomsonm" is the search criteria used to pick a single record from the directory (the "search filter" in LDAP lingo). The exact syntax is:
ldap://hostport/dn[?attrs[?scope[?filter[?exts]]]]
Check for an LDAP service by performing an LDAP request.
This tag is in the form of an LDAP URI (cf. RFC 2255).
This type of LDAP test requires that bbtest-net(1) was
built with support for LDAP, e.g. via the OpenLDAP library.
The components of the LDAP URI are:
* hostport is a host name with an optional ":portnumber"
* dn is the search base
* attrs is a comma separated list of attributes to request
* scope is one of these three strings:
base one sub (default=base)
* filter is filter
* exts are recognized set of LDAP and/or API extensions.Regards, Henrik
Thanks Henrik,
I tried that and it didn't work.
I've put several variations in bb-hosts, but ldap, always comes back green saying it's O.K., it never seems to actually go try to do an LDAP test.
Is there a manual process I can use to see if it's trying to do the ldap test.
One thing is that I originally compiled the program without LDAP support enabled, then went back and re-enabled support and recompiled and installed. Would perhaps something not get changed in the config files that should have?
It's as though the bb-hosts entry ignores anything after the ldap:hostname designation.
On another note, I tried using another port in the designation: ldap:hostname:3890, another system we have uses different port number for ldap. However, this would not work either. It kept going to port 389 verse 3890, and they don't have an ldap on that port.
Thanks for the help...James
-----Original Message----- From: Henrik Stoerner [mailto:henrik at hswn.dk] Sent: Tuesday, November 14, 2006 4:42 PM To: hobbit at hswn.dk Subject: Re: [hobbit] LDAP Test
On Tue, Nov 14, 2006 at 04:16:47PM -0600, James Wade wrote:
I've tried this:
ldap://systemA:389/ou=my,o=test,st=tx,c=us ldaplogin=ldapuser:passwdd
Do read the man-page. LDAP URL's are notoriously complex beasts; you would need something like
ldap://systemA:389/ou=my,o=test,st=tx,c=us??sub?(uid=thomsonm)
"sub" is the "scope" of the search and "uid=thomsonm" is the search criteria
used to pick a single record from the directory (the "search filter" in LDAP
lingo). The exact syntax is:
ldap://hostport/dn[?attrs[?scope[?filter[?exts]]]]
Check for an LDAP service by performing an LDAP request.
This tag is in the form of an LDAP URI (cf. RFC 2255).
This type of LDAP test requires that bbtest-net(1) was
built with support for LDAP, e.g. via the OpenLDAP library.
The components of the LDAP URI are:
* hostport is a host name with an optional ":portnumber"
* dn is the search base
* attrs is a comma separated list of attributes to request
* scope is one of these three strings:
base one sub (default=base)
* filter is filter
* exts are recognized set of LDAP and/or API extensions.Regards, Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On Tue, Nov 14, 2006 at 05:11:19PM -0600, James Wade wrote:
Is there a manual process I can use to see if it's trying to do the ldap test.
As the hobbit user, run bbcmd bbtest-net --debug HOSTNAME where HOSTNAME is the name you have in bb-hosts for your ldap server.
Also, could you please run bbcmd bbhostgrep "ldap*" and let us know what the result is ?
And check the ~hobbit/server/logs/bb-network.log file for any errors.
One thing is that I originally compiled the program without LDAP support enabled, then went back and re-enabled support and recompiled and installed. Would perhaps something not get changed in the config files that should have?
No.
Regards, Henrik
An HTML attachment was scrubbed... URL: <http://lists.xymon.com/pipermail/xymon/attachments/20061115/521c6707/attachment.html>
On Wednesday 15 November 2006 12:09, Kareem Mattazzi wrote:
I need help finding out how Hobbit uses snmp. or how it uses each version.. 1 or 2c and so on. I'm receiving errors on my switch. I believe that hobbit is using the wrong snmp version. I would like to know how I can make it use the correct version.
Hobbit by itself does not use SNMP. You would need to use an extension script, or separate SNMP collector (eg devmon) that reports to Hobbit. If you have not installed such an extension or collector, it is not related to Hobbit.
Regards, Buchan
-- Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
An HTML attachment was scrubbed... URL: <http://lists.xymon.com/pipermail/xymon/attachments/20061116/9c0a5270/attachment.html>
Henrik,
It doesn't look like it's doing the test at all.
Here's the info you requested:
$ bbcmd bbhostgrep "ldap*"
2006-11-15 11:07:30 Using default environment file /usr/local/apache/htdocs/hobbit/server/etc/hobbitserver.cfg 192.168.0.206 sau012 # ldap:sau012:389 192.168.0.166 smu004 # ldap:smu004:389 192.168.0.130 smu005 # ldap:smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james) 192.168.0.224 smu002 # ldap:smu002:389 192.168.0.226 smu003 # ldap:smu003:389 192.168.0.211 smu005 # ldap:smu005:389
Here's everything with ldap in the debug mode command you gave me below.
BBNETSVCS set to : smtp telnet ftp pop pop3 pop-3 ssh imap ssh1 ssh2 imap2 imap3 imap4 pop2 pop-2 nntp ftps telnets smtps pop3s imaps nntps ldap ldaps rsync bbd clamd spamd oratns qmtp qmqp vnc cupsd ajp13
2006-11-15 11:06:30 Adding tcp test IP=192.168.0.130, port=389, service=ldap, silent=0 2006-11-15 11:06:30 Sending results for service ldap 2006-11-15 11:06:30 Adding to combo msg: status smu005.ldap green <!-- [flags:OrdastLe] --> Wed Nov 15 11:06:30 2006 ldap ok 2006-11-15 11:06:30 Sending results for service ldaps status smu005.ldap green <!-- [flags:OrdastLe] --> Wed Nov 15 11:06:30 2006 ldap ok
-----Original Message----- From: Henrik Stoerner [mailto:henrik at hswn.dk] Sent: Wednesday, November 15, 2006 12:32 AM To: hobbit at hswn.dk Subject: Re: [hobbit] LDAP Test
On Tue, Nov 14, 2006 at 05:11:19PM -0600, James Wade wrote:
Is there a manual process I can use to see if it's trying to do the ldap test.
As the hobbit user, run bbcmd bbtest-net --debug HOSTNAME where HOSTNAME is the name you have in bb-hosts for your ldap server.
Also, could you please run bbcmd bbhostgrep "ldap*" and let us know what the result is ?
And check the ~hobbit/server/logs/bb-network.log file for any errors.
One thing is that I originally compiled the program without LDAP support enabled, then went back and re-enabled support and recompiled and installed. Would perhaps something not get changed in the config files that should have?
No.
Regards, Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On Wed, Nov 15, 2006 at 11:25:58AM -0600, James Wade wrote:
192.168.0.130 smu005 # ldap:smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james)
This is wrong. It should be
192.168.0.130 smu005 # ldap://smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james)
with the double-slashes after the "ldap:..." thing.
192.168.0.211 smu005 # ldap:smu005:389
And you have the same hostname - smu005 - listed twice. With different IP's to boot. That's why I asked you about errors in the bb-network.log file; there is probably a warning in there about this.
192.168.0.166 smu004 # ldap:smu004:389 192.168.0.224 smu002 # ldap:smu002:389 192.168.0.226 smu003 # ldap:smu003:389
These are also invalid syntax.
Regards, Henrik
Thanks Henrik,
It's fixed...
Can't believe I missed the double slashes.... I appreciate it.
Sorry about the dual hostname. That was a whitewash typo. I had to whitewash the names and IP addresses from the output.
Thanks again, it is working great now.
James
-----Original Message----- From: Henrik Stoerner [mailto:henrik at hswn.dk] Sent: Wednesday, November 15, 2006 12:05 PM To: hobbit at hswn.dk Subject: Re: [hobbit] LDAP Test
On Wed, Nov 15, 2006 at 11:25:58AM -0600, James Wade wrote:
192.168.0.130 smu005 # ldap:smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james)
This is wrong. It should be
192.168.0.130 smu005 # ldap://smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james)
with the double-slashes after the "ldap:..." thing.
192.168.0.211 smu005 # ldap:smu005:389
And you have the same hostname - smu005 - listed twice. With different IP's to boot. That's why I asked you about errors in the bb-network.log file; there is probably a warning in there about this.
192.168.0.166 smu004 # ldap:smu004:389 192.168.0.224 smu002 # ldap:smu002:389 192.168.0.226 smu003 # ldap:smu003:389
These are also invalid syntax.
Regards, Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
participants (5)
-
allan@zandahar.net
-
bgmilne@staff.telkomsa.net
-
henrik@hswn.dk
-
jkwade@futurefrontiers.com
-
kareem_mattazzi@hotmail.com