Hello all,
I'm new to the forum, just signed up since I'm working on moving an IRC server over to anope. I'm trying to integrate anope with my LDAP server over port 389 with starttls. In order to do that, I've had to go hack a bit on the module since it doesn't seem to natively support that yet (I'll submit a patch when I'm done to contribute), but so far only m_ldap works, and only partially at that. I can't seem to get m_ldap_authenticate to work (I don't need m_ldap_oper). When it tries to add the user (which is weird since it should see that user accounts already exist, and my user account exists on my LDAP server) it logs the following:
[May 20 20:52:36 2019] COMMAND: ethin!~ethin@234.162.207.74.srtnet.com used IDENTIFY and identified for account ethin
[May 20 20:52:36 2019] USERS: ethin!~ethin@234.162.207.74.srtnet.com is now identified as ethin
[May 20 20:52:36 2019] M_LDAP: Error running LDAP query: Protocol error
[May 20 20:52:36 2019] M_LDAP_AUTHENTICATION: Error adding newly created account to LDAP: Protocol error
[May 20 20:52:36 2019] M_LDAP_AUTHENTICATION: Updated email address for ethin (ethin) to -
If I turn on debug, the following is logged:
[May 20 21:24:54 2019] m_ldap_authentication: searching for (&(uid=ethin)(objectClass=inetOrgPerson))
[May 20 21:24:54 2019] m_ldap_authenticationn: binding as uid=Ethin,ou=members,dc=sso,dc=the-gdn,dc=net
[May 20 21:24:54 2019] Sent: :002AAAAAG NOTICE 00197J80B :Your account �ethin� has been successfully created.
[May 20 21:24:54 2019] Sent: :002AAAAAG PRIVMSG #services :COMMAND: ethin!~ethin@234.162.207.74.srtnet.com used ID and identified for account ethin
[May 20 21:24:54 2019] COMMAND: ethin!~ethin@234.162.207.74.srtnet.com used ID and identified for account ethin
[May 20 21:24:54 2019] Sent: :002AAAAAG NOTICE 00197J80B :Password accepted - you are now recognized.
[May 20 21:24:54 2019] Sent: :002AAAAAG SVS2MODE 00197J80B +d ethin
[May 20 21:24:54 2019] Sent: :002AAAAAD PRIVMSG #services :USERS: ethin!~ethin@234.162.207.74.srtnet.com is now identified as ethin
[May 20 21:24:54 2019] USERS: ethin!~ethin@234.162.207.74.srtnet.com is now identified as ethin
I'm not sure what exactly is going on. Would anyone mind helping me out and telling me what else I need to do to finish adding TLS support or to fix this problem?
Edit: I should also note a few extra things:
1) I have hacked the m_ldap server to use starttls, not any other module that involves ldap.
2) the queries, when performed with ldapsearch, work fine and do not return any errors.
3) The libraries that ldapsearch is linked to and the ldap library that anope is linked to are the same.
4) I have verified that m_ldap is using LDAPv3.
