httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mxc <m...@jumpingbean.co.za>
Subject [users@httpd] Valid users cannot login with authnz_ldap
Date Fri, 27 Apr 2007 01:17:40 GMT

Hi all,

We are experiencing a strange problem when trying to get mod-authnz-ldap. 
Users that do not exist have the following entry written to the error.log,
which seems correct to me.

[Fri Apr 27 03:14:28 2007] [warn] [client 192.168.12.123] [4161] auth_ldap
authenticate: user ggggggg authentication failed; URI /asdsd [User not
found][No such object]
[Fri Apr 27 03:14:28 2007] [error] [client 192.168.12.123] user ggggggg not
found: /asdsd



Users that do exist but use the incorrect password have the following
written to the error log. This seems correct to.

[Thu Apr 26 22:39:49 2007] [warn] [client 192.168.12.123] [4116] auth_ldap
authenticate: user charles authentication failed; URI /asdsd
[ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
[Thu Apr 26 22:39:49 2007] [error] [client 192.168.12.123] user mark:
authentication failure for "/asdsd": Password Mismatch


Users with the correct name and password have no entry written to the log
file but they are presented with the login dialog box again. This is what I
have in my conf file


<Location />
        AuthType Basic
        AuthName "IT Intranet"
        AuthBasicProvider ldap
        AuthLDAPBindDN uid=binduser,ou=people,dc=abc,dc=co,dc=za
        AuthLDAPBindPassword <secret>
        AuthzLDAPAuthoritative on 
        AuthLDAPURL ldap://silver.abc.co.za/dc=abc,dc=co,dc=za?uid 
        Require valid-user
</Location>

I can see the query going through to our openldap server with the following
response.


Apr 27 03:06:18 silver slapd[30520]: conn=1333 fd=49 ACCEPT from
IP=192.168.12.2:55975 (IP=0.0.0.0:389) 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND
dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" method=128 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND
dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 RESULT tag=97 err=0
text= 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH
base="dc=abc,dc=co,dc=za" scope=2 deref=3
filter="(&(objectClass=*)(uid=charles))" 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH attr=uid 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND anonymous
mech=implicit ssf=0 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND
dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" method=128 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND
dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0 
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 RESULT tag=97 err=0
text= 


What am I doing wrong?
-- 
View this message in context: http://www.nabble.com/Valid-users-cannot-login-with-authnz_ldap-tf3655263.html#a10211874
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message