Re: LDAP authentication issue

Remedy Maniac Thu, 04 Oct 2012 06:39:58 -0700

Hi Fred,

that was the issue. Using


sAMAccountName=$\USER$

helped to solve my problem.
Many thanks




On 10/2/2012 3:35 PM, Grooms, Frederick W wrote:

Serouche,

The Login Name on an Active Directory LDAP search is usually sAMAccountName, so in the 
configuration form "AREA LDAP Configuration" the User Search Filter would be 
sAMAccountName=$\USER$

Make sure in your setup that you should be querying for the login in a field 
called uid.  What Danny said about using Microsoft's LDP tool (as part of the 
Windows Support Tools) or another LDAP tool like the Softerra LDAP Browser 
(http://www.softerra.com/download.htm) is a great suggestion.

Fred

-----Original Message-----
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Danny Kellett
Sent: Tuesday, October 02, 2012 5:58 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP authentication issue

Hi,

Its this line that is the issue:

*/<ARSYS.AREA.LDAP> <FINER> ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")

So under that baseDn, the query uid=testman could not be found.

Ask your domain admin to check the baseDn and use something like ldp.exe
to search for uid=testman.

Kind regards
Danny

-----Original Message-----
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Maniac
Sent: Tuesday, October 02, 2012 3:50 AM
To: arslist@ARSLIST.ORG
Subject: LDAP authentication issue

hi list,

could not find any previous post with the following issue.
Here is what is in my arplugin.log file
...
1 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7404 */+VL
AREAVerifyLoginCallback          -- user testman
2 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7407
*/<ARSYS.AREA.LDAP> <FINEST> AREAVerifyLoginCallback
3 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7409
*/<ARSYS.AREA.LDAP> <FINER> ldap_init("hqdcc1.domain.org", 389)
4 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7411
*/<ARSYS.AREA.LDAP> <FINER> connect timeout previously: -1
5 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7413
*/<ARSYS.AREA.LDAP> <FINER> connect timeout used: 40000
6 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7415
*/<ARSYS.AREA.LDAP> <FINER> ldap_simple_bind("CN=xsldapro,OU=Service
Accounts,OU=Location,OU=New Structure,DC=ads,DC=domain,DC=org", hidden)
7 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7445
*/<ARSYS.AREA.LDAP> <FINEST> After the bind
8 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:38.7447
*/<ARSYS.AREA.LDAP> <FINER> ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")
9 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4920
*/<ARSYS.AREA.LDAP> <FINE> We do not know the user
10 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4923
*/<ARSYS.AREA.LDAP> <FINER> LicenseMask=1 LicenseWrite=2 LicenseFTS=0
LicenseReserved1=0 Notification=3 Email=<NULL> LoginStatus=1
ModificationTime=0
11 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4925
*/<ARSYS.AREA.LDAP> <FINER> Groups=<NULL>
12 <PLGN> <TID: 000005> <RPC ID: 0000000299> <Queue: AREA      >
<Client-RPC: 390695> /* Tue Oct 02 2012 10:40:43.4927
*/-VL                                FAIL
<END OF LOG FILE>^@
...

who is this "We" at line 9?
My config settings are based on what the doc says ('authentication chain
= 'AREA - ARS', cross ref pass is checked also authenticate unregistered
users, RPC port set to 390695)
The logs show the bind being done (line 7) but then something "does not
know the user" ...
any help/tips on what could be wrong is very much appreciated.
Regards
Serouche



_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"


_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP authentication issue

Reply via email to