[SOLVED]First bind failed! Bad file descriptor

[myotrs]

Hi all,

I was using OTRS 3.2.10 and yesterday I upgraded it to 3.3.1 on Windows Platform. After the upgrade when I configured the LDAP authentication in Kernel\Config.pm, I am getting the following error.

[Fri Nov 15 11:14:08 2013][Notice][Kernel::System::Auth::DB::Auth] User: <userid> authentication with wrong Pw!!! (Method: sha256, REMOTE_ADDR: <user ip address>)
[Fri Nov 15 11:14:08 2013][Error][Kernel::System::Auth::LDAP::Auth][183] First bind failed! Bad file descriptor

Below is the configuration I am using and works with 3.2.10 but not with 3.3.1. When tried to capture the network packets, it appears that LDAP->Bind function does not even attempt to make a call for LDAP Bind.

# ---------------------------------------------------- #
# Agent Authentication section
# ---------------------------------------------------- #

$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'changed.test';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=changed,DC=test';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=<userid>,OU=Application Accounts,OU=users,DC=changed,DC=test';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'some-pass';
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

* I have changed a few parameters in the above configuration for security purpose.

Did somebody face this issue with 3.3.1 on Windows or somebody who has tested this configuration. Any advise.

Thanks a lot.

regards,
Kuljeet

[wurzel]

Hi

first bind failed means often "bad password for search user"
Missing LDAP Perl Module?

on my system(s) LDAP on 3.3.x is working as expected.

Florian

[myotrs]

Hi Florian,

Password is fine as I can use the same password to connect to LDAP from OTRS system using 'ldp' utility.

If it is a password, problem, I should see some connection to LDAP server when packets capture is on. I don't see any attempt to connect.

Any suggestions.

regards,
Kuljeet

[Dger]

I've got the same error message after upgrading from 3.2.11 to 3.3.1.

Any help is greatly appreciated!

Rg Dom

[wurzel]

Hi,

someone posted here in the forum an LDAP Configuration with the host ldaps:// prefix. Search for it, perhaps it helps.

Flo

[Dger]

Nope, I'm still getting the same error :-/

[myotrs]

Hi Flo,

I tried prefixing as you suggested but it is the same.

I am getting the error when the "$Self->{'AuthModule::LDAP::SearchUserDN1'} = " is provided to the LDAP.PM at line number 183.

I checked the 'SearchUserDN' using ldap browser and it is correct, password is correct but still I am getting the error.

If I roll back to 3.2.10 and copy paste the same LDAP configuration, it works. This proves that the configuration is correct.

Unable to figure out what is changed in 3.3.1 on Windows. It can be ruled out that some modules are missing (no deps like *NIX installation) because (correct me if I am wrong) OTRS Windows Installation file (.msi) contains everything until it is not compiled properly.

Any ideas???

Kuljeet

[myotrs]

Hi all,

I ran OTRS\bin>otrs.CheckModules.pl command to find out the LDAP version I have with 3.3.1 which is (v0.57) and that seems to have the problem. Net::LDAP (v0.56) works fine.

So this is what I did.

1. I installed OTRS v3.3.1.
2. Took a backup of StrawberryPerl folder/directory.
3. Copied StrawberryPerl folder/directory from OTRS 3.2.10 system.

and boom, LDAP Authentication started working. I am still testing the other functionality of OTRS and I believe it will be working fine with the older version of Perl.

So the conclusion is StrawberryPerl has the problem with new LDAP version.

Hope this helps and OTRS team take some measures to fix this problem in Perl with the support of Perl vendor.

regards,
Kuljeet

[wurzel]

Hi,

please open a bug for this on bugs.otrs.org

thx

Florian

[Dger]

Great! That works..

[Mike_B]

Hi,

A different solution (and the one we're going to apply in OTRS 3.3.2) is to delete the file [OTRS]\StrawberryPerl\perl\vendor\lib\IO\Socket\INET6.pm.

See also http://bugs.otrs.org/show_bug.cgi?id=10004

I'd like to point out that if you'd use ActiveState Perl, this issue does not occur.
--
Mike

[myotrs]

Hi,

A different solution (and the one we're going to apply in OTRS 3.3.2) is to delete the file [OTRS]\StrawberryPerl\perl\vendor\lib\IO\Socket\INET6.pm.

See also http://bugs.otrs.org/show_bug.cgi?id=10004

I'd like to point out that if you'd use ActiveState Perl, this issue does not occur.
--
Mike

Hi Mike,

Thanks a lot. Yes, the solution works like a charm.

and now I don't have to loose the functionality of new modules.

regards,
Kuljeet

[crythias]

A better answer is to add

Code: Select all

 inet4 => 1,

to your params in Config.pm. This forces only using IPv4 and ignores IPv6, plus it will survive upgrades.