Wednesday October 07, 2009 Meena Vyas
All
|
DTrace Web Server 7.0
|
ACLs Web Server 7.0
|
General Web Server 7.0
|
HttpCompression Web Server 7.0
|
Intrusion Detection Web Server 7.0
|
Open Web Server
|
Reference Deployments of Web Server 7.0
|
Reverse Proxy Web Server 7.0
|
Security Web Server 7.0
|
Troubleshooting Web Server 7.0
|
WebDAV Web Server 7.0
Wednesday October 07, 2009 About LDAP connections in Sun Web Server 7.0
About LDAP connections in Sun Web Server 7.0
When I have in my server.xml confiured an Sun LDAP server as given below :
<auth-db> <name>ldap</name> <url>ldap://localhost:1369/o%3DTestCentral</url> <property> <name>binddn</name> <value>cn=Directory Manager</value> </property> <property> <name>bindpw</name> <value>...</value><encoded/> </property> </auth-db>
When I have ACL set
acl "uri=/"; deny (all) user="anyone"; allow (all) user="all";
When I send a request via browser as user "alpha" and its correct password.
First it binds as the user specified in server.xml "binddn" property ( in this case "cn=Directory Manager")
Then sends a LDAP search query with filter "uid=alpha".
Third step it does is it binds as that user "alpha" with the password user specified. If bind is successful, access is allowed.
Here are the entries I get in LDAP server access logs:
[07/Oct/2009:13:16:16 +051800] conn=2 op=-1 msgId=-1 - fd=34 slot=34 LDAP connection from 127.0.0.1 to 127.0.0.1 [07/Oct/2009:13:16:16 +051800] conn=2 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3 [07/Oct/2009:13:16:16 +051800] conn=2 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [07/Oct/2009:13:16:16 +051800] conn=2 op=1 msgId=2 - SRCH base="o=testcentral" scope=2 filter="(uid=alpha)" attrs="c" [07/Oct/2009:13:16:16 +051800] conn=2 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0 [07/Oct/2009:13:16:16 +051800] conn=2 op=2 msgId=3 - BIND dn="uid=alpha,o=TestCentral" method=128 version=3 [07/Oct/2009:13:16:16 +051800] conn=2 op=2 msgId=3 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=alpha,o=testcentral"
To understand why we see these three entries, I started debugging Web Server from LASUserEval function and came at get_is_valid_password_ldap function. Note that line numbers in Open Web Server may differ but the concepts are the same :
t@16 (l@16) stopped in get_is_valid_password_ldap at line 455 in file "ldapacl.cpp"
467 if ((rv = ld->find_userdn(raw_user, basedn, &userdn)) == LDAPU_SUCCESS) {
(dbx) p filter
filter = "uid=alpha"
...
t@16 (l@16) stopped in LdapSession::find_userdn at line 1253 in file "LdapOps.cpp"
1253 retval = find(base, LDAP_SCOPE_SUBTREE, filter, attrs, 1 /* no attrs */, res);
(dbx) s
...
t@16 (l@16) stopped in LdapSession::find at line 1174 in file "LdapOps.cpp"
1174 res = search(base, scope, filter, (char **)attrs, attrsonly, 0);
(dbx) p base
base = 0x6ed6048 "o=TestCentral"
(dbx) p filter
filter = 0xfbfbc98c "uid=alpha"
...
(dbx) n
t@16 (l@16) stopped in LdapSession::search at line 289 in file "LdapSession.cpp"
289 rv = bindAsDefault();
(dbx) s
t@16 (l@16) stopped in LdapSession::bindAsDefault at line 235 in file "LdapSession.cpp"
235 int msg_id = ldap_simple_bind(session, ldapRealm->getBindName(), ldapRealm->getBindPwd());
(dbx) p msg_id
msg_id = 1
...
(dbx) n
t@16 (l@16) stopped in LdapSession::bindAsDefault at line 240 in file "LdapSession.cpp"
240 int ret = ldap_result( session, msg_id, 0, &time_out, &res);
(dbx) p ret
ret = 97
...
As we can see Web Server first tries to bindAsDefault ie. bind as cn=Directory Manager. by looking at LDAP Server logs, we confirm this.
[07/Oct/2009:14:52:03 +051800] conn=4 op=-1 msgId=-1 - fd=34 slot=34 LDAP connection from 127.0.0.1 to 127.0.0.1 [07/Oct/2009:14:52:03 +051800] conn=4 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3 [07/Oct/2009:14:52:03 +051800] conn=4 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
When bind is successful, now it tries LDAP search on basedn="o=TestCentra" with filter "uid=alpha"
...
(dbx) n
t@16 (l@16) stopped in LdapSession::search at line 296 in file "LdapSession.cpp"
296 rv = lastoprv = ldap_search_ext_s(session, base, scope, filter,
297 attrs, attrsonly,
298 NULL, NULL, &time_out, LDAP_NO_LIMIT, &search_results);
(dbx) p base
base = 0x6ed6048 "o=TestCentral"
(dbx) p scope
scope = 2
(dbx) p filter
filter = 0xfbfbc98c "uid=alpha"
...
(dbx) n
t@16 (l@16) stopped in LdapSession::find at line 1178 in file "LdapOps.cpp"
1178 break;
(dbx) n
t@16 (l@16) stopped in LdapSession::find at line 1187 in file "LdapOps.cpp"
1187 numEntries = res->entries();
(dbx) n
t@16 (l@16) stopped in LdapSession::find at line 1189 in file "LdapOps.cpp"
1189 if (numEntries == 1) {
(dbx) p numEntries
numEntries = 1
(dbx) n
...
(dbx) n
t@16 (l@16) stopped in LdapSession::find_userdn at line 1278 in file "LdapOps.cpp"
1278 *dn = entry->DN();
(dbx) p *dn
*dn = 0x2d87b0 "uid=alpha,o=TestCentral"
(dbx)
...
Looking at LDAP server access logs it has created this "SRCH" entry :
[07/Oct/2009:14:55:51 +051800] conn=4 op=1 msgId=2 - SRCH base="o=testcentral" scope=2 filter="(uid=alpha)" attrs="c" [07/Oct/2009:14:55:51 +051800] conn=4 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
So at the end of find_userdn function, we get our userdn "uid=alpha,o=TestCentral". Coming back to debugger
(dbx) p userdn userdn = 0x2d87b0 "uid=alpha,o=TestCentral" (dbx) t@16 (l@16) stopped in get_is_valid_password_ldap at line 531 in file "ldapacl.cpp" 531 rv = ld->userdn_password(userdn, raw_pw); (dbx) s ... (dbx) n t@16 (l@16) stopped in LdapSession::userdn_password at line 1052 in file "LdapOps.cpp" 1052 int msgid = ldap_simple_bind(session, userdn, password); (dbx) p userdn userdn = 0x2d87b0 "uid=alpha,o=TestCentral" ... (dbx) n t@16 (l@16) stopped in LdapSession::userdn_password at line 1058 in file "LdapOps.cpp" 1058 rc = ldap_result(session, msgid, 0, &zerotime, &res ); (dbx) n (dbx) p rc rc = 97 ...
As we can see Web Server tries to bind to LDAP server with userdn "uid=alpha,o=TestCentral" and we can confirm that by looking at LDAP server logs :
[07/Oct/2009:15:00:37 +051800] conn=4 op=2 msgId=3 - BIND dn="uid=alpha,o=TestCentral" method=128 version=3 [07/Oct/2009:15:00:37 +051800] conn=4 op=2 msgId=3 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=alpha,o=testcentral"
Also refer Jyri's blog for troubleshooting
Posted by meena ( Oct 07 2009, 03:47:18 PM IST ) Permalink Comments [4]
Friday July 10, 2009 Installing Sun Java System Web Server 7.0 on CentOS 5.3 or Fedora 10-11 or Ubuntu
Installing Sun Java System Web Server 7.0 on CentOS 5.3 or Fedora 10/11 or Ubuntu
In my free time, I just tried out Sun Java System Web Server 7.0 update 5 on CentOS 5.3 and Fedora10 and 11 and Ubuntu. Joe has also written a similar blog on this
Download Sun Java System Web Server 7.0 for Linux from http://www.sun.com/download/index.jsp?cat=Web%20%26%20Proxy%20Servers&tab=3&subcat=Web%20Servers and extract the contents of tar.gz file
$gunzip sjsws-7_0u5-linux-i586.tar.gz; tar -xvf sjsws-7_0u5-linux-i586.tar
Run installer, it will fail
$./setup
error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory
CentOS
To fix this problem install "compat-libstdc++-33" package as shown below$sudo yum -y install compat-libstdc++-33
Now run setup, it will work fine.
Fedora 10/11
Install "compat-libstdc++-33" package as shown below$sudo yum -y install compat-libstdc++-33
There is one more problem in Fedora 11 but is fixed in 7.0 update 6.
If you get error message like
lib/libfreebl3.so: version `NSSRAWHASH_3.12.3' not found (required by /lib64/libcrypt.so.1)
You need workaround as given in http://forums.sun.com/thread.jspa?messageID=10769043#10769043
Ubuntu
You need to install libstdc++5 as shown below
$sudo apt-get install libstdc++5
If you get an error which has something that looks like /bin/domainname not found, you need to install
$sudo apt-get install nis
I have tested on Ubuntu 9.04.
*Note that Sun Java System Web Server 7.0 update 5 or 6 is not officially certified or supported on CentOS or Fedora or Ubuntu, but here's how you can make it work.
References
http://wikis.sun.com/display/WebServer/Installing+on+Ubuntu
http://jmccabe.org/blog/CentOS_WebServer_Install
http://blogs.sun.com/kkranz/entry/installing_sun_java_system_web
http://ubuntuforums.org/showthread.php?t=855603
Posted by meena ( Jul 10 2009, 06:48:32 PM IST ) Permalink Comments [2]
Thursday May 14, 2009 Installing Sun Java System Web Server 7.0 on Mandriva
Installing Sun Java System Web Server 7.0 on Mandriva
If you are getting an error "The Runtime User ID does not exist. Specify a valid UNIX user." while installing Sun Java System Web Server on Mandriva, all you have to do is create a softlink as shown below. Its simple !
#ln -s /bin/id /usr/bin/id
You can also check if /usr/bin/cat exists or not. If it doesn't, then you have to create a softlink as given below
#ln -s /bin/cat /usr/bin/cat
*Note that Sun Java System Web Server is not officially certified or supported on Mandriva
Thursday March 15, 2007 Troubleshooting memory leaks and memory corruptions in Sun Java System Web Server 7.0
Troubleshooting memory leaks and memory corruptions in Sun Java System Web Server 7.0
In this blog I am trying to show how to use libumem and watchmalloc to find more information about memory leaks and memory corruptions in Sun Java System Web Server 7.0.... READ MORE >>>>
[Read More] Posted by meena ( Mar 15 2007, 12:53:56 PM IST ) Permalink Comments [2]
Wednesday March 14, 2007 Troubleshooting Web Server crashes : enabling core dumps
Troubleshooting Web Server crashes : enabling core dumps
I get a lot of questions regarding what to do when Web Server instance
crashes as shown by error logs and you do not find the core file.
>>> READ MORE >>>
This blog copyright 2009 by meena
