Chris Curran wrote:
I have a LDAP server setup in my Tbird Address Book. To test the
connection, in Tbird addr book I choose the 'Offline' tab then
'Download Now'. It asks me for a username and password - I enter them
and at that point I'm back where I began in Tbird. I check the log
files in FDS (access) and there are a number of entries - all those
beginning with "RESULT" have "err=0". Therefore, I conclude that I am
logging into FDS without error.
This just means there was no error when it did what you asked it for.
It doesn't necessarily mean you (i.e. tbird) asked it for the right
thing. :)
If you grep the access log on conn=#, where # is the connection # from
thunderbird, you'll see a number of things:
1. What thunderbird connected as - either a dn, or "" (i.e. anonymous).
2. What basedn it is searching on - this needs to match something that
is in your directory.
3. The search filter you used - this needs to match some data in your
directory.
4. The number of results that matched the search - if this is 0, and
err is also 0, it means you did a valid search, but didn't match
anything in the directory.
5. The error result - err=0 just means the search you did was "valid",
though it might not be what you want.
Note also that there are multiple operations within one session, each of
which can have an error.
The following is a sample output of the logs from thunderbird for a
typical online search:
===========================================================
The initial connection:
[03/Aug/2005:11:04:42 -0400] conn=28 fd=71 slot=71 connection from
192.168.1.181 to 192.168.1.201
The bind - in this case, I have tbird binding as anonymous. err=0 means
the bind was successful
[03/Aug/2005:11:04:42 -0400] conn=28 op=0 BIND dn="" method=128 version=3
[03/Aug/2005:11:04:42 -0400] conn=28 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
The search. In this cases, my directory server's base dn is o=isp.
Thunderbird searches for all entries that contain what you typed in
mail, cn, givenname, or sn. The access log also shows the list of
attributes tbird is asking the directory to return. Includes a number
of custom tbird attributes (which you'd have to extend your schema to
support) as well as a number of standard attributes, such as mail, cn,
sn, givenname, telephonenumber, etc). err=0, so the search was
successful, but nentries also equals 0, meaning that I had no matching
data in my server (which is true - I haven't put anything in this server
I pointed at yet).
[03/Aug/2005:11:05:06 -0400] conn=28 op=1 SRCH base="o=isp" scope=2
filter="(|(mail=*jeff*)(cn=*jeff*)(givenName=*jeff*)(sn=*jeff*))"
attrs="modifyTimestamp
xmozillausehtmlmail description notes custom4 custom3 custom2 custom1
birthyear homeurl
workurl nscpaimscreenname c company o departmentNumber department
orgunit ou title c
zip postalCode region st l l street postOfficeBox carphone cellphone
mobile pagerphone pager
facsimileTelephoneNumber facsimileTelephoneNumber homePhone
telephoneNumber
xmozillasecondemail mail xmozillanickname displayName cn cn sn sn
givenName"
[03/Aug/2005:11:05:06 -0400] conn=28 op=1 RESULT err=0 tag=101
nentries=0 etime=0
Note that this showed 3 operations, of which any could contain an
error. Also, note that thunderbird has the option to add a custom
filter (on the advanced tab), so you can limit searches to, say,
objectclass=person (default is objectclass=*, which is all entries in
the directory).
One thing that's different - you said you are downloading for offline use.
I added a test user, and did what you did - clicked on properties,
offline, then download now. It asks for a username and password, and
here's what the logs show:
==============================================================================
Initial connection:
[03/Aug/2005:11:20:22 -0400] conn=51 fd=77 slot=77 connection from
192.168.1.181 to 192.168.1.201
Binds as anonymous ('cause I didn't enter a DN to bind as):
[03/Aug/2005:11:20:22 -0400] conn=51 op=0 BIND dn="" method=128 version=3
[03/Aug/2005:11:20:22 -0400] conn=51 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
Searches for the "username" I entered. Looking at the logs, thunderbird
looks at the mail attrbute to match username to an entry. So - the
"username" you have to enter is the email address of whoever you want to
log in as. Once I did that, it worked (err=0, and nentries=1, which
means it found my entry).
[03/Aug/2005:11:20:33 -0400] conn=51 op=1 SRCH base="o=isp" scope=2
filter="(mail=jclowser@xxxxxxxxxxx)" attrs="cn"[03/Aug/2005:11:20:33
-0400] conn=51 op=1 RESULT err=0 tag=101 nentries=1 etime=0
Once it finds my entry, it unbinds and closes the connection:
[03/Aug/2005:11:20:34 -0400] conn=51 op=2 UNBIND
[03/Aug/2005:11:20:34 -0400] conn=51 op=2 fd=77 closed - U1
Opens a new connection:
[03/Aug/2005:11:20:34 -0400] conn=52 fd=79 slot=79 connection from
192.168.1.181 to 192.168.1.201
Binds as the DN of my entry (what it found above). err=0, so it binds
successfully with my password:
[03/Aug/2005:11:20:34 -0400] conn=52 op=0 BIND dn="uid=jclowser,o=isp"
method=128 version=3
[03/Aug/2005:11:20:34 -0400] conn=52 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn="uid=jclowser,o=isp"
The following is interesting, and maybe meaningless against FDS (I guess
it's looking for some kinda of changelog indicator, so it only dl's new
stuff)? FDS provides the dataversion, but not the others, and adding
users doesn't seem to change dataversion, so not sure if this is
meaningful against FDS (and it's probably just for efficiency anyway, so
nothing critical):
[03/Aug/2005:11:20:34 -0400] conn=52 op=1 SRCH base="" scope=0
filter="(objectClass=*)" attrs="changeLog firstchangenumber
lastchangenumber dataversion"
[03/Aug/2005:11:20:34 -0400] conn=52 op=1 RESULT err=0 tag=101
nentries=1 etime=0
Next, searches the directory for all the entries. In my case, this is
successful and returns 4 entries,
[03/Aug/2005:11:32:10 -0400] conn=52 op=2 SRCH base="o=isp" scope=2
filter="(objectClass=*)" attrs=ALL
[03/Aug/2005:11:32:10 -0400] conn=52 op=2 RESULT err=0 tag=101
nentries=4 etime=0
My guess is that thunderbird will search against the live directory if
you are online, or against what was downloaded if you are offline. Note
that if your directory has a lot of users, you may very well hit the
sizelimit, and not get the entire directory. You probably want to add
nsSizeLimit to any users that do this, and set it to -1 (or at least to
the number of users in your directory), and further set the objectclass
to something other than objectclass=* in mozilla (say,
"objectclass=person", or
"(|(objectclass=person)(objectclass=mailgroup)), or "(mail=*)" or
something appropriate to your data) for efficiency.
- Jeff
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
