Hi Fred,
that was the issue. Using
sAMAccountName=$\USER$
helped to solve my problem.
Many thanks
On 10/2/2012 3:35 PM, Grooms, Frederick W wrote:
Serouche,
The Login Name on an Active Directory LDAP search is usually sAMAccountName, so in the
configuration form "AREA LDAP Configuration" the User Search Filter would be
sAMAccountName=$\USER$
Make sure in your setup that you should be querying for the login in a field
called uid. What Danny said about using Microsoft's LDP tool (as part of the
Windows Support Tools) or another LDAP tool like the Softerra LDAP Browser
(http://www.softerra.com/download.htm) is a great suggestion.
Fred
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Danny Kellett
Sent: Tuesday, October 02, 2012 5:58 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP authentication issue
Hi,
Its this line that is the issue:
*/<ARSYS.AREA.LDAP> <FINER> ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")
So under that baseDn, the query uid=testman could not be found.
Ask your domain admin to check the baseDn and use something like ldp.exe
to search for uid=testman.
Kind regards
Danny
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Maniac
Sent: Tuesday, October 02, 2012 3:50 AM
To: arslist@ARSLIST.ORG
Subject: LDAP authentication issue
hi list,
could not find any previous post with the following issue.
Here is what is in my arplugin.log file
...
1 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7404 */+VL
AREAVerifyLoginCallback -- user testman
2 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7407
*/<ARSYS.AREA.LDAP> <FINEST> AREAVerifyLoginCallback
3 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7409
*/<ARSYS.AREA.LDAP> <FINER> ldap_init("hqdcc1.domain.org", 389)
4 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7411
*/<ARSYS.AREA.LDAP> <FINER> connect timeout previously: -1
5 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7413
*/<ARSYS.AREA.LDAP> <FINER> connect timeout used: 40000
6 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7415
*/<ARSYS.AREA.LDAP> <FINER> ldap_simple_bind("CN=xsldapro,OU=Service
Accounts,OU=Location,OU=New Structure,DC=ads,DC=domain,DC=org", hidden)
7 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7445
*/<ARSYS.AREA.LDAP> <FINEST> After the bind
8 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7447
*/<ARSYS.AREA.LDAP> <FINER> ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")
9 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4920
*/<ARSYS.AREA.LDAP> <FINE> We do not know the user
10 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4923
*/<ARSYS.AREA.LDAP> <FINER> LicenseMask=1 LicenseWrite=2 LicenseFTS=0
LicenseReserved1=0 Notification=3 Email=<NULL> LoginStatus=1
ModificationTime=0
11 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4925
*/<ARSYS.AREA.LDAP> <FINER> Groups=<NULL>
12 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4927
*/-VL FAIL
<END OF LOG FILE>^@
...
who is this "We" at line 9?
My config settings are based on what the doc says ('authentication chain
= 'AREA - ARS', cross ref pass is checked also authenticate unregistered
users, RPC port set to 390695)
The logs show the bind being done (line 7) but then something "does not
know the user" ...
any help/tips on what could be wrong is very much appreciated.
Regards
Serouche
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"