Drobo

lighttpd and ldap authentication

Hello,

I’m new to drobo, got a drobo fs which works fine!

I’ve installed lighttpd succesfully, and managed to make webdav works.

Now, I try to set up ldap authentication with lighttpd, with no success.
I’ve a working configuration on a normal pc, same config does not work on drobo fs.

Does anyone knows hot to make it work ?

Thanks four your help !

I’m not familiar with lighthttp, can you post the errorlogs and/or the config?

You can PM to me if you’d prefer not to post them.

Hi,

these are logs :

Note: I know my password is correct :wink:

Please also see the config in lighttpd.conf :

#### auth module                                  
auth.backend               = "ldap"           
auth.debug                 = 2                  
auth.backend.ldap.hostname = "ldap.company.com"
auth.backend.ldap.base-dn  = "ou=people,dc=company,dc=com"
auth.backend.ldap.filter   = "(uid=$)"                           
auth.backend.ldap.allow-empty-pw = "disable"
auth.require               = ( "/" =>                      
                               (
                                 "method"  => "basic",
                                 "realm"   => "Company",
                                 "require" => "valid-user"
                               )        
                             )

Configuration looks sound.

Two suggestions:

  1. Since you’re using non-encrypted ldap binding you might want to get a wireshark dump and take a look at that.
  2. I can send you an strace binary and we can do a syscall trace of lighttpd and check that for issues.

I’d suggest starting with wireshark and examining the ldap traffic.

Do you know how to do that or do you need more detailed instructions?

Thanks for your support !

  1. I launched tcpdump on my ldap server, I do not see packets coming from my drobo (I can see icmp ping messages).
    Is it possible to launch tcpdump on drobo directly ?
    I’ll try to snif my network just after my drobo

  2. Sure strace should be a great idea !

Regards

Lemme build an strace and tcpdump package - back in 30 mins or so.[hr]
http://drobo.pwn.me/strace[hr]

http://drobo.pwn.me/strace
http://drobo.pwn.me/tcpdump
http://drobo.pwn.me/lsof

Those are just the binaries… I can’t really reboot my drobo from here to create the .tgz DroboFS packages but, from our conversations thus far I get the impression you know how to handle executables.

I’ll package them into formal DroboApps this evening and submit them for inclusion in the DroboApps directory.

Let me know if you need anything else. That should be enough tools to debug anything.

Ho noidd,

thanks for your support !
I’ve put all your apps on my droboFS, but I can’t make it works, as I get a Segmentation Fault.

# pwd
/mnt/DroboFS/Shares/DroboApps
# ./strace 
Segmentation fault
# ./lsof 
Segmentation fault
# ./tcpdump 
-sh: ./tcpdump: not found

Any ideas ? :wink:

It might be because of the firmware update.

Did you upgrade to 1.0.4 yet (since that came out between my posting and your reply).

It’s a Drobo FS :

I’m upgrading to 1.0.4 right now

What worries me most about this is that I don’t understand why this Segfaults. This means that I’m missing something fundimental wrt the SDK.

Hi !

I’ve tested agin your utils apps, works fine now. Maybe files were corrupted last time I downloaded.

With tcpdump, I still not see request to the ldap server.

here is strace infos :

And lsof (onsly) lighttpd :

Can you run the strace again with the -ff and -s4096 flag. I need to see more of the read/write and check for other threads/child procs.

What browser are you using?

It appears that it’s sending an OPTIONS / request straight off the bat which is so strange I don’t believe it. Hence the -ff -s4096 request.

Thanks,

Red[hr]

epoll_wait(0x6, 0x44f88, 0x401, 0x3e8)  = 1
accept(4, {sa_family=AF_INET, sin_port=htons(41634), sin_addr=inet_addr("192.168.0.220")}, [16]) = 7

This is the server accepting the connection on the listening file-descriptor (4) and assigning the accepted connection to file descriptor 7.

Corresponding output from lsof is:

lighttpd  7905  root    4u     inet      99344      0t0      TCP *:80 (LISTEN)
lighttpd  7905  root    7u     inet      99741      0t0      TCP 92.168.0.59:80->192.168.0.220:51032 (ESTABLISHED)

So, that’s consistent.

read(7, "OPTIONS / HTTP/1.1\r\nUser-Agent: "..., 4159) = 138
setsockopt(7, SOL_TCP, TCP_CORK, [1], 4) = 0
writev(7, [{"HTTP/1.1 401 Unauthorized\r\nWWW-A"..., 178}, {"<?xml version=\"1.0\" encoding=\"is"..., 351}], 2) = 529

It received the “OPTIONS / HTTP/1.1” request immediately off the bat and responded with a 401 (as it should imho).

read(7, "OPTIONS / HTTP/1.1\r\nUser-Agent: "..., 4159) = 189
write(3, "2010-05-26 10:46:21: (http_auth."..., 100) = 100

I need to see the full output of these lines. The -s4096 will show me the first 4096 bytes of every read and write.

Given the lack of attempt to contact the LDAP server it would seem to me that either the configuration is wrong (it looked good to me) or that the packaged lighttpd doesn’t have ldap support compiled into it.

Do you get anything with a:

strings /path/to/lighttpd | grep -i ldap

?

Hi,

thanks again for your usefull help. I didn’t know the strings command.

I see now that ldap support is not there ! ;(

# strings /mnt/DroboFS/Shares/DroboApps/lighttpd/lighttpd
[...]
Features:
        + IPv6 support
        - zlib support
        - bzip2 support
        + crypt support
        - SSL Support
        - PCRE support
        - mySQL support
        - LDAP support
        - memcached support
        - FAM support
        - LUA support
        - xml support
        - SQLite support
        - GDBM support
[...]

Need now to build with enabling this feature… :s[hr]
Note for myself : next time, see build options or help !

# /mnt/DroboFS/Shares/DroboApps/lighttpd/lighttpd -V
lighttpd/1.4.26 - a light and fast webserver
Build-Date: Mar 22 2010 15:13:54

Event Handlers:

	+ select (generic)
	+ poll (Unix)
	+ rt-signals (Linux 2.4+)
	+ epoll (Linux 2.6)
	- /dev/poll (Solaris)
	- kqueue (FreeBSD)

Network handler:

	+ writev
	+ mmap support

Features:

	+ IPv6 support
	- zlib support
	- bzip2 support
	+ crypt support
	- SSL Support
	- PCRE support
	- mySQL support
	- LDAP support
	- memcached support
	- FAM support
	- LUA support
	- xml support
	- SQLite support
	- GDBM support

Happy to help.

You might want to write to the drobo package maintainer and ask them to do an update. It may be time for a revision update anyways…

Actually, on the subject of apps I think that DRI needs a policy of package ownership when they publish specifically around package abondonment.

I tried to contact the packager for a different application and got nothing.

The package needs updates but the packager is non-responsive. I’ve updated my own but am reluctant to push the updates to DRI while someone else owns it.

Hey Jennifer, Is there someone we can talk to about this at DRI? Actually, about the whole droboapp process.

Thanks,

Red

I will see.