[SOLVED]First bind failed! Bad file descriptor

Moderator: crythias

Post Reply
myotrs
OTRS newbie
Posts: 11
Joined: 15 Nov 2013, 18:52
OTRS Version?: 4.0.5
Real Name: Kuljeet Singh

[SOLVED]First bind failed! Bad file descriptor

Post by myotrs » 15 Nov 2013, 19:05

Hi all,

I was using OTRS 3.2.10 and yesterday I upgraded it to 3.3.1 on Windows Platform. After the upgrade when I configured the LDAP authentication in Kernel\Config.pm, I am getting the following error.

[Fri Nov 15 11:14:08 2013][Notice][Kernel::System::Auth::DB::Auth] User: <userid> authentication with wrong Pw!!! (Method: sha256, REMOTE_ADDR: <user ip address>)
[Fri Nov 15 11:14:08 2013][Error][Kernel::System::Auth::LDAP::Auth][183] First bind failed! Bad file descriptor

Below is the configuration I am using and works with 3.2.10 but not with 3.3.1. When tried to capture the network packets, it appears that LDAP->Bind function does not even attempt to make a call for LDAP Bind.

# ---------------------------------------------------- #
# Agent Authentication section
# ---------------------------------------------------- #

$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'changed.test';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=changed,DC=test';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=<userid>,OU=Application Accounts,OU=users,DC=changed,DC=test';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'some-pass';
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

* I have changed a few parameters in the above configuration for security purpose.

Did somebody face this issue with 3.3.1 on Windows or somebody who has tested this configuration. Any advise.

Thanks a lot.

regards,
Kuljeet
Last edited by myotrs on 20 Nov 2013, 17:57, edited 1 time in total.
"Production": OTRS: 5.0.6
"Dev | Test": OTRS: 5.0.6
OS: DEV-> RHEL, PROD->RHEL
Apache2.2.15/MySQL 5+

wurzel
OTRS guru
Posts: 2741
Joined: 08 Jul 2010, 22:25
OTRS Version?: 6.0.x

Re: First bind failed! Bad file descriptor

Post by wurzel » 15 Nov 2013, 19:27

Hi

first bind failed means often "bad password for search user"
Missing LDAP Perl Module? ;)

on my system(s) LDAP on 3.3.x is working as expected.

Florian
    ((OTRS)) Community Edition 6.0.x, LAMP LIVE auf Debian 9
    OTRS 7 SILVER

    -- Ich beantworte keine Forums-Fragen PN - No PN please

    I won't answer to unfriendly users any more. A greeting and regards are just polite.

    myotrs
    OTRS newbie
    Posts: 11
    Joined: 15 Nov 2013, 18:52
    OTRS Version?: 4.0.5
    Real Name: Kuljeet Singh

    Re: First bind failed! Bad file descriptor

    Post by myotrs » 15 Nov 2013, 19:30

    Hi Florian,

    Password is fine as I can use the same password to connect to LDAP from OTRS system using 'ldp' utility.

    If it is a password, problem, I should see some connection to LDAP server when packets capture is on. I don't see any attempt to connect.

    Any suggestions.

    regards,
    Kuljeet
    "Production": OTRS: 5.0.6
    "Dev | Test": OTRS: 5.0.6
    OS: DEV-> RHEL, PROD->RHEL
    Apache2.2.15/MySQL 5+

    Dger
    OTRS newbie
    Posts: 8
    Joined: 11 Jul 2013, 16:38
    OTRS Version?: 3.2.8

    Re: First bind failed! Bad file descriptor

    Post by Dger » 20 Nov 2013, 09:56

    I've got the same error message after upgrading from 3.2.11 to 3.3.1.

    Any help is greatly appreciated!

    Rg Dom

    wurzel
    OTRS guru
    Posts: 2741
    Joined: 08 Jul 2010, 22:25
    OTRS Version?: 6.0.x

    Re: First bind failed! Bad file descriptor

    Post by wurzel » 20 Nov 2013, 13:50

    Hi,

    someone posted here in the forum an LDAP Configuration with the host ldaps:// prefix. Search for it, perhaps it helps.

    Flo
      ((OTRS)) Community Edition 6.0.x, LAMP LIVE auf Debian 9
      OTRS 7 SILVER

      -- Ich beantworte keine Forums-Fragen PN - No PN please

      I won't answer to unfriendly users any more. A greeting and regards are just polite.

      Dger
      OTRS newbie
      Posts: 8
      Joined: 11 Jul 2013, 16:38
      OTRS Version?: 3.2.8

      Re: First bind failed! Bad file descriptor

      Post by Dger » 20 Nov 2013, 16:49

      Nope, I'm still getting the same error :-/

      myotrs
      OTRS newbie
      Posts: 11
      Joined: 15 Nov 2013, 18:52
      OTRS Version?: 4.0.5
      Real Name: Kuljeet Singh

      Re: First bind failed! Bad file descriptor

      Post by myotrs » 20 Nov 2013, 16:54

      Hi Flo,

      I tried prefixing as you suggested but it is the same.

      I am getting the error when the "$Self->{'AuthModule::LDAP::SearchUserDN1'} = " is provided to the LDAP.PM at line number 183.

      I checked the 'SearchUserDN' using ldap browser and it is correct, password is correct but still I am getting the error.

      If I roll back to 3.2.10 and copy paste the same LDAP configuration, it works. This proves that the configuration is correct.

      Unable to figure out what is changed in 3.3.1 on Windows. It can be ruled out that some modules are missing (no deps like *NIX installation) because (correct me if I am wrong) OTRS Windows Installation file (.msi) contains everything until it is not compiled properly.

      Any ideas???

      Kuljeet
      "Production": OTRS: 5.0.6
      "Dev | Test": OTRS: 5.0.6
      OS: DEV-> RHEL, PROD->RHEL
      Apache2.2.15/MySQL 5+

      myotrs
      OTRS newbie
      Posts: 11
      Joined: 15 Nov 2013, 18:52
      OTRS Version?: 4.0.5
      Real Name: Kuljeet Singh

      [SOLVED]Re: First bind failed! Bad file descriptor

      Post by myotrs » 20 Nov 2013, 17:52

      Hi all,

      I ran OTRS\bin>otrs.CheckModules.pl command to find out the LDAP version I have with 3.3.1 which is (v0.57) and that seems to have the problem. Net::LDAP (v0.56) works fine.

      So this is what I did.

      1. I installed OTRS v3.3.1.
      2. Took a backup of StrawberryPerl folder/directory.
      3. Copied StrawberryPerl folder/directory from OTRS 3.2.10 system.

      and boom, LDAP Authentication started working. I am still testing the other functionality of OTRS and I believe it will be working fine with the older version of Perl.

      So the conclusion is StrawberryPerl has the problem with new LDAP version.

      Hope this helps and OTRS team take some measures to fix this problem in Perl with the support of Perl vendor.

      regards,
      Kuljeet
      "Production": OTRS: 5.0.6
      "Dev | Test": OTRS: 5.0.6
      OS: DEV-> RHEL, PROD->RHEL
      Apache2.2.15/MySQL 5+

      wurzel
      OTRS guru
      Posts: 2741
      Joined: 08 Jul 2010, 22:25
      OTRS Version?: 6.0.x

      Re: [SOLVED]First bind failed! Bad file descriptor

      Post by wurzel » 20 Nov 2013, 23:14

      Hi,

      please open a bug for this on bugs.otrs.org

      thx

      Florian
        ((OTRS)) Community Edition 6.0.x, LAMP LIVE auf Debian 9
        OTRS 7 SILVER

        -- Ich beantworte keine Forums-Fragen PN - No PN please

        I won't answer to unfriendly users any more. A greeting and regards are just polite.

        Dger
        OTRS newbie
        Posts: 8
        Joined: 11 Jul 2013, 16:38
        OTRS Version?: 3.2.8

        Re: [SOLVED]First bind failed! Bad file descriptor

        Post by Dger » 21 Nov 2013, 09:01

        Great! That works..

        Mike_B
        Moderator
        Posts: 266
        Joined: 12 Jan 2010, 18:16
        OTRS Version?: CVS HEAD

        Re: [SOLVED]First bind failed! Bad file descriptor

        Post by Mike_B » 22 Nov 2013, 11:59

        Hi,

        A different solution (and the one we're going to apply in OTRS 3.3.2) is to delete the file [OTRS]\StrawberryPerl\perl\vendor\lib\IO\Socket\INET6.pm.

        See also http://bugs.otrs.org/show_bug.cgi?id=10004

        I'd like to point out that if you'd use ActiveState Perl, this issue does not occur.
        --
        Mike
        huntingbears.nl - @michielbeijen on Twitter

        myotrs
        OTRS newbie
        Posts: 11
        Joined: 15 Nov 2013, 18:52
        OTRS Version?: 4.0.5
        Real Name: Kuljeet Singh

        Re: [SOLVED]First bind failed! Bad file descriptor

        Post by myotrs » 22 Nov 2013, 23:11

        Mike_B wrote:Hi,

        A different solution (and the one we're going to apply in OTRS 3.3.2) is to delete the file [OTRS]\StrawberryPerl\perl\vendor\lib\IO\Socket\INET6.pm.

        See also http://bugs.otrs.org/show_bug.cgi?id=10004

        I'd like to point out that if you'd use ActiveState Perl, this issue does not occur.
        --
        Mike

        Hi Mike,

        Thanks a lot. Yes, the solution works like a charm.

        and now I don't have to loose the functionality of new modules.

        regards,
        Kuljeet
        "Production": OTRS: 5.0.6
        "Dev | Test": OTRS: 5.0.6
        OS: DEV-> RHEL, PROD->RHEL
        Apache2.2.15/MySQL 5+

        crythias
        Moderator
        Posts: 10096
        Joined: 04 May 2010, 18:38
        OTRS Version?: 5.0.x
        Location: SouthWest Florida, USA
        Contact:

        Re: [SOLVED]First bind failed! Bad file descriptor

        Post by crythias » 01 Apr 2014, 15:39

        A better answer is to add

        Code: Select all

         inet4 => 1,
        to your params in Config.pm. This forces only using IPv4 and ignores IPv6, plus it will survive upgrades.
        OTRS 5.0.x (private/testing/public) on Linux with MySQL database. Also on github.
        Please edit your signature to include your OTRS version, Operating System, and database type.
        Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
        Need help? Before you ask

        Post Reply