Home > Archive > LDAP > May 2006 > Have to use DEBUG 1 to make Net::LDAPS work??
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Have to use DEBUG 1 to make Net::LDAPS work??
|
|
| dennis 2006-05-16, 7:18 pm |
|
I have a password reset app written in perl; it uses CGI.pm and Net::LDAP
with %args and settings for talking to Sun ONE LDAP over SSL.
When I set debug => '1' in %args, he binds ok, performs search, finds
entry, modifies password, and displays the appropriate next page -- albeit
with lots of debug messages. But when I set debug => '0', the bind works but
remaining ops fail, and I get Server Error (see error log)
#------------ web server log --------------------------------------
[16/May/2006:11:37:25] failure ( 6822): for host 20.6.25.155 trying to POST
/password/usd-cgi/reset.cgi, cgi_scan_headers reports: HTTP4044: the CGI
program
/opt/CAusd/webserver/password/cgi-bin/reset.cgi did not produce a valid
header (program terminated without a valid CGI header.
#------------------------------------------------------------------
Has anyone seen this problem? Know of a fix? I've put connection code at end.
If anyone would like to see fuller code, I put link on web site:
www.ideastream.com/net_ldap/reset.txt
/dennis
sub lookup_user {
<snip>
my %args = (
port => 636,
verify => 'require',
cafile => '/opt/CAusd/util/password/certs/cacert.pem',
sslversion => 'sslv3',
#debug => '0',
);
my $ldap = Net::LDAP->new("ldaps://$the->{ldaphost}", %args ) or die "$@";
| |
| Don C. Miller 2006-05-16, 7:18 pm |
| Dennis, when you run it from the command line what is the output using both
methods? It could be that part of the extra output provided by debug
provides enough "header" information for the web server in question. By the
way, what web server are you using and what version?
Don
-----Original Message-----
From: dennis [mailto:ddaupert@sbcglobal.net]
Sent: Tuesday, May 16, 2006 11:09 AM
To: perl-ldap@perl.org
Subject: Have to use DEBUG 1 to make Net::LDAPS work??
I have a password reset app written in perl; it uses CGI.pm and Net::LDAP
with %args and settings for talking to Sun ONE LDAP over SSL.
When I set debug => '1' in %args, he binds ok, performs search, finds entry,
modifies password, and displays the appropriate next page -- albeit with
lots of debug messages. But when I set debug => '0', the bind works but
remaining ops fail, and I get Server Error (see error log)
#------------ web server log --------------------------------------
[16/May/2006:11:37:25] failure ( 6822): for host 20.6.25.155 trying to POST
/password/usd-cgi/reset.cgi, cgi_scan_headers reports: HTTP4044: the CGI
program /opt/CAusd/webserver/password/cgi-bin/reset.cgi did not produce a
valid header (program terminated without a valid CGI header.
#------------------------------------------------------------------
Has anyone seen this problem? Know of a fix? I've put connection code at
end.
If anyone would like to see fuller code, I put link on web site:
www.ideastream.com/net_ldap/reset.txt
/dennis
sub lookup_user {
<snip>
my %args = (
port => 636,
verify => 'require',
cafile => '/opt/CAusd/util/password/certs/cacert.pem',
sslversion => 'sslv3',
#debug => '0',
);
my $ldap = Net::LDAP->new("ldaps://$the->{ldaphost}", %args ) or die "$@";
| |
| dennis 2006-05-16, 7:18 pm |
| On Tuesday 16 May 2006 14:13, Don C. Miller wrote:
> Dennis, when you run it from the command line what is the output using bo=
th
> methods? =A0It could be that part of the extra output provided by debug
> provides enough "header" information for the web server in question. =A0By
> the way, what web server are you using and what version?
Hi Don, I'm not actually certain how to run at command line supplying the b=
its=20
needed to run reset.cgi in different modes. I usually run it in a gross=20
manner (./reset.cgi) when making sure I haven't made any silly coding error=
s.
With no options, it pumps out the search page in which one enters the=20
username.=20
When accessed thru browser, by clicking the 'Search' button, there's a=20
variable named op that tells the script what to do next. For instance, when=
=20
in the user search form the op code named SHOWRESETFORM invokes the user=20
entry search routine, then invokes the routine that prints the actual=20
password reset form.
If you wouldn't mind showing me how to send reset.cgi the arguments at=20
commandline, I'll try running with different op codes and see what comes ou=
t.
The web server is Sun ONE 6.1; ldap server is Sun ONE Directory Server 5.2.
best,
/dennis
| |
| Don C. Miller 2006-05-16, 7:18 pm |
| Dennis, if you are passing arguments via GET you should be able to =
submit
parameters on the command line in parameter=3Dvalue¶meter2=3Dvalue =
pairs.
The strings must be urlencoded.
../reset.cgi username=3Djoebob&password=3Dtesting
If you are using POST it reads from standard in (you may have to set
CONTENT_LENGTH depending on what the CGI module(s) expect). Assuming =
bash
or equivalent shell.
export CONTENT_LENGTH=3D32
echo username=3Djoebob&password=3Dtesting | ./reset.cgi
Might do the trick. From the web log error you will want to make sure =
the
output contains proper header information with most likely a minimum of
"Content-type: mime/type" like "Content-type: text/html" with an extra =
line
after the header and before the content. Different web servers may =
require
slightly different header information. The output should not just be =
the
html page.
Don
-----Original Message-----
From: dennis [mailto:ddaupert@sbcglobal.net]=20
Sent: Tuesday, May 16, 2006 12:51 PM
To: perl-ldap@perl.org
Cc: Don C. Miller
Subject: Re: Have to use DEBUG 1 to make Net::LDAPS work??
On Tuesday 16 May 2006 14:13, Don C. Miller wrote:
> Dennis, when you run it from the command line what is the output using =
> both methods? =A0It could be that part of the extra output provided by =
> debug provides enough "header" information for the web server in=20
> question. =A0By the way, what web server are you using and what =
version?
Hi Don, I'm not actually certain how to run at command line supplying =
the
bits needed to run reset.cgi in different modes. I usually run it in a =
gross
manner (./reset.cgi) when making sure I haven't made any silly coding
errors.
With no options, it pumps out the search page in which one enters the
username.=20
When accessed thru browser, by clicking the 'Search' button, there's a
variable named op that tells the script what to do next. For instance, =
when
in the user search form the op code named SHOWRESETFORM invokes the user
entry search routine, then invokes the routine that prints the actual
password reset form.
If you wouldn't mind showing me how to send reset.cgi the arguments at
commandline, I'll try running with different op codes and see what comes
out.
The web server is Sun ONE 6.1; ldap server is Sun ONE Directory Server =
5.2.
best,
/dennis
| |
| dennis 2006-05-16, 7:18 pm |
| On Tuesday 16 May 2006 16:12, Don C. Miller wrote:
> The output should not just be the html page.
Hi Don,
I ran reset.cgi from cmd line in both modes, debug = 0 and debug = 1.
At cmd line both runs successfully bound to the ldap, searched, etc. There was
also some nice extraneous output. I also use log4perl, and have logger output
for both runs. I'll attach output file. There's a whole lot there that I do
not understand, and I'd be very grateful for any help in understanding these
secrets.
/dennis
| |
| Don C. Miller 2006-05-16, 7:18 pm |
| | |
| dennis 2006-05-17, 8:10 am |
| On Tuesday 16 May 2006 18:26, Don C. Miller wrote:
> We are way off the discussion of perl-ldap since this definitely is an
> issue with the cgi itself
Hi Don,
This script has worked successfully in our environment when running over the
non-secure port 389. It's only now that we're trying to teach it to talk to
port 636 that things have gone awry. Based on the debug results I now can
see, I am binding to the ldap successfully using ssl, so I see your point.
Before I go any further, tho, I need to make an apology. I failed to mention
clearly that the text I pasted into the file I attached earlier was only
partial output. I did not copy/paste all the html output. I am sorry for
wasting your time on that.
I did make one change based upon the debugging procedures you provided, and
their resulting info. My cgi script had been setup to print the header first,
then go off to selected subroutines, search or whatever, and print results,
etc. I noticed in my output that the html stream started, then midway down
the page the ldap transactions were seen, then the html stream continued. I
rearranged the subroutine calls so that the ldap queries occur first, then if
successful, the html page prints.
But I still get server error. The web server is getting  by the ldap
transactions, and I have no idea how to fix that. I'm attaching a zip
containing two files. I've first set the perl-ldap debug flag to zero, and
captured ALL cmd line output, as well as log4perl log. Ditto for debug = 1.
In both cases, when run thru browser, I get server error.
/dennis
|
|
|
|
|