Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8788: LDAP Proxy Service Issue on SuSe 11.x

Authentication Service ,  

1 August,17 at 04:59 PM


Centrify-ldapproxy does not take anything after the first URL no matter how to arrange them, tried each URL in single and double quotes, tried comma as separators.
alan-sles11-64e:~ # /usr/share/centrifydc/libexec/slapd -h ldap://localhost:389 ldaps://localhost:636
usage: /usr/share/centrifydc/libexec/slapd options
        -4              IPv4 only
        -6              IPv6 only
        -T {acl|add|auth|cat|dn|index|passwd|test}
                        Run in Tool mode
        -c cookie       Sync cookie of consumer
        -d level        Debug level
        -f filename     Configuration file
        -F dir  Configuration directory
        -g group        Group (id or name) to run as
        -h URLs         List of URLs to serve
        -l facility     Syslog facility (default: LOCAL4)
        -n serverName   Service name
        -o <opt>[=val] generic means to specify options; supported options:
                slp[={on|off|(attrs)}] enable/disable SLP using (attrs)
        -r directory    Sandbox directory to chroot to
        -s level        Syslog level
        -u user         User (id or name) to run as
        -V              print version info (-VV exit afterwards, -VVV print
                        info about static overlays and backends)
alan-sles11-64e:~ # /usr/share/centrifydc/libexec/slapd -h 'ldap://localhost:389 ldaps://localhost:636'
alan-sles11-64e:~ # ps -ef | grep slapd
root     22979     1  0 15:33 ?        00:00:00 /usr/share/centrifydc/libexec/slapd -h ldap://localhost:389 ldaps://localhost:636
root     22984   645  0 15:33 pts/1    00:00:00 grep slapd
From above information, SuSe 11 does not have sysetmd, so it is various level of shell function messed up the parameter.


+ OPTIONS='  -h '\''ldap://localhost:389 ldaps://localhost:636'\'''
+ daemon /usr/share/centrifydc/libexec/slapd -h ''\''ldap://localhost:389' 'ldaps://localhost:636'\'''

As result below, the strace output shows "daemon" command can parse "OPTIONS" correctly.
execve("/usr/share/centrifydc/libexec/slapd", ["/usr/share/centrifydc/libexec/sl", "-h", "ldap://localhost:389 ldaps://loc"], [/* 33 vars */]) = 0

On SuSe11:
+ OPTIONS='  -h '\''ldap://localhost:389 ldaps://localhost:636'\'''
+ startproc /usr/share/centrifydc/libexec/slapd -h ''\''ldap://localhost:389' 'ldaps://localhost:636'\'''
As result from below the trace output shows “startproc” command can’t parse “OPTIONS” well.
execve("/usr/share/centrifydc/libexec/slapd", ["/usr/share/centrifydc/libexec/sl"..., "-h", "'ldap://localhost:389", "ldaps://localhost:636'"], [/* 58 vars */]) = 0

Make the following change on /etc/init.d/Centrify-ldapproxy to fix this issue.

startproc $DAEMON $OPTIONS
echo "$DAEMON $OPTIONS" | xargs startproc
Then /etc/init.d/Centrify-ldapproxy and /usr/share/centrifydc/bin/Centrify-ldapproxy can work now.
sues11x64v3:/etc/init.d # /etc/init.d/centrify-ldapproxy start
Starting Centrify ldapproxy                                 done
sues11x64v3:/etc/init.d # ps -ef | grep slapd
root     30028     1  0 16:39 ?        00:00:00 /usr/share/centrifydc/libexec/slapd -h ldap://localhost:389 ldaps://localhost:636
root     30031  5710  0 16:39 pts/2    00:00:00 grep slapd
sues11x64v3:/etc/init.d # /etc/init.d/centrify-ldapproxy stop
Shutting down Centrify ldapproxy
sues11x64v3:/etc/init.d # ps -ef | grep slapd
root     30945  5710  0 16:48 pts/2    00:00:00 grep slapd 
sues11x64v3:/etc/init.d # /usr/share/centrifydc/bin/centrify-ldapproxy start
Centrify-ldapproxy Service started.
sues11x64v3:/etc/init.d # ps -ef |grep slapd
root     30375     1  0 16:44 ?        00:00:00 /usr/share/centrifydc/libexec/slapd -h ldap://localhost:389 ldaps://localhost:636
root     30398  5710  0 16:44 pts/2    00:00:00 grep slapd
sues11x64v3:/etc/init.d # /usr/share/centrifydc/bin/centrify-ldapproxy stop
Centrify-ldapproxy Service stopped.
sues11x64v3:/etc/init.d # ps -ef | grep slapd
root     30945  5710  0 16:48 pts/2    00:00:00 grep slapd
There is no permanent resolution on this SuSe platform.