httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yannick Mercier" <yanmerc...@gmail.com>
Subject Re: [users@httpd] Valid users cannot login with authnz_ldap
Date Fri, 27 Apr 2007 10:04:40 GMT
try to use something that doesnt start with dc= in your base dn

AuthLDAPURL ldap://silver.abc.co.za/dc=abc,dc=co,dc=za?uid

make it for example :

AuthLDAPURL ldap://silver.abc.co.za/ou=Users,dc=abc,dc=co,dc=za?uid


On 4/26/07, mxc <mark@jumpingbean.co.za> wrote:
>
>
> Hi all,
>
> We are experiencing a strange problem when trying to get mod-authnz-ldap.
> Users that do not exist have the following entry written to the error.log,
> which seems correct to me.
>
> [Fri Apr 27 03:14:28 2007] [warn] [client 192.168.12.123] [4161] auth_ldap
> authenticate: user ggggggg authentication failed; URI /asdsd [User not
> found][No such object]
> [Fri Apr 27 03:14:28 2007] [error] [client 192.168.12.123] user ggggggg
> not
> found: /asdsd
>
>
>
> Users that do exist but use the incorrect password have the following
> written to the error log. This seems correct to.
>
> [Thu Apr 26 22:39:49 2007] [warn] [client 192.168.12.123] [4116] auth_ldap
> authenticate: user charles authentication failed; URI /asdsd
> [ldap_simple_bind_s() to check user credentials failed][Invalid
> credentials]
> [Thu Apr 26 22:39:49 2007] [error] [client 192.168.12.123] user mark:
> authentication failure for "/asdsd": Password Mismatch
>
>
> Users with the correct name and password have no entry written to the log
> file but they are presented with the login dialog box again. This is what
> I
> have in my conf file
>
>
> <Location />
>        AuthType Basic
>        AuthName "IT Intranet"
>        AuthBasicProvider ldap
>        AuthLDAPBindDN uid=binduser,ou=people,dc=abc,dc=co,dc=za
>        AuthLDAPBindPassword <secret>
>        AuthzLDAPAuthoritative on
>        AuthLDAPURL ldap://silver.abc.co.za/dc=abc,dc=co,dc=za?uid
>        Require valid-user
> </Location>
>
> I can see the query going through to our openldap server with the
> following
> response.
>
>
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 fd=49 ACCEPT from
> IP=192.168.12.2:55975 (IP=0.0.0.0:389)
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND
> dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" method=128
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND
> dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 RESULT tag=97 err=0
> text=
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH
> base="dc=abc,dc=co,dc=za" scope=2 deref=3
> filter="(&(objectClass=*)(uid=charles))"
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH attr=uid
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND anonymous
> mech=implicit ssf=0
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND
> dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" method=128
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND
> dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0
> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 RESULT tag=97 err=0
> text=
>
>
> What am I doing wrong?
> --
> View this message in context:
> http://www.nabble.com/Valid-users-cannot-login-with-authnz_ldap-tf3655263.html#a10211874
> Sent from the Apache HTTP Server - Users mailing list archive at
> Nabble.com.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message