[Zope] [LDAP] Does LDAPUserFolder work with Zope 2.6.0?

Jens Vagelpohl jens@zope.com
Sat, 30 Nov 2002 10:59:25 -0500 

colin,

i's like to take a close look at this. is there any way i could...

a) get access to the box where you run zope so i could step through the 
LDAPUserFolder code myself (the goal is to determine exactly what it is 
that the LDAP server does during the "hang")

b) connect to the LDAP server from here with the settings that you use 
yourself and try to replicate and debug the problem myself

please let me know (off the list)

jens


On Thursday, Nov 28, 2002, at 16:04 US/Eastern, Colin Sampaleanu wrote:

> Could this be happening because the directory server is returning a 
> search result with a continuation reference? I have been hitting the 
> server with a java program, and have seen that it is returning a 
> search result with one (valid) entry, for the user, but there is also 
> a continuation reference of "" coming back as part of that result. Now 
> looking into this, this is supposed to happen when you do a search 
> against Active Directory which crosses domains, and you are not 
> hitting an Active Directory Catalog Master (basically an instance of 
> the server which has not been set up a catalog master, having 
> multi-domain information). I am definitely hitting a catalog master, 
> but it is still returning the "" continuation, so something weird is 
> going on. My hunch, in any case (and I may be completely off) is that 
> maybe LDAPUserfolder does not know what to do with the continuation 
> reference. Could this be it?
>
>
> Jens Vagelpohl wrote:
>
>> if you know how to use the python debugger you could step through the 
>> code (starting in the validate method) to determine exactly where the 
>> lag is. strategically placed logging (print statements, logging 
>> calls) would also help.
>>
>> jens
>>
>>
>> On Monday, Nov 25, 2002, at 18:14 US/Eastern, Colin Sampaleanu wrote:
>>
>>> Brad Clements wrote:
>>>
>>>> On 25 Nov 2002 at 17:07, Colin Sampaleanu wrote:
>>>>
>>>>
>>>>> Unfortunately I am not running LDAP on the same machine. I did 
>>>>> consider the
>>>>> fact that perhaps this was the same issue, but the machine appears
>>>>> responsive otherwise. What is interesting is that after about 10 
>>>>> minutes it
>>>>> _does_ come back, saying that the user/credentials are not value. 
>>>>> So
>>>>> LDAPUserFolder does not necessarilly think it has a problem, it 
>>>>> just thinks
>>>>> there is an authenticaiton issue. Of course I would say if it 
>>>>> takes 10
>>>>> minutes there is a sever problem somewhere, never mind the fact 
>>>>> that the
>>>>> authentication should work..
>>>>>
>>>>
>>>> Sounds like there is a firewall between the two systems, configured 
>>>> to drop packets rather than generate an ICMP port unreachable 
>>>> response.
>>>>
>>>> ipchains in the way?
>>>>
>>>>
>>> No, they're on the same subnet, can can see each other fine. And 
>>> python-ldap comes back from the query immediately, so there is no 
>>> real ldap issue as far as I can tell, it is some sort of problem 
>>> between LDAPUserFolder and python-ldap, more likely, or the way the 
>>> LDAPUserFolder is doing its lookups...
>>>
>
>