Hi,
I am trying to use LDAP to authenticate access to Fedora.
I have set up an LDPA using Apache Directory Server and created an entry as
seen below in the LDIF section and tested that this user can bind with the
credentials.
When I try to configure Fedora using the entry in the WEB XML section below
it gives the error message in the FEDORA LOG section.
It appears that the user name is not being found and so the binding does not
occur and the later authentication attempts fail.
Does anybody have any ideas on how to get this working?
LDIF
-------------------------------------------------------------------
version: 1
dn: commonName=ben,ou=users,ou=system
objectClass: person
objectClass: top
commonName: ben
sn: Ryan
userPassword:: e1NIQX1NY3cvVlhialNUOEpVSTFKZXp4UDJxYk1sQm89
-------------------------------------------------------------------
WEB XML
-------------------------------------------------------------------
<filter-name>LdapFilterForAttributes</filter-name>
<filter-class>fedora.server.security.servletfilters.ldap.FilterLdap</filter-class>
<init-param>
<param-name>version</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>authenticate</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>url</param-name>
<param-value>ldap://localhost:10389</param-value>
</init-param>
<init-param>
<param-name>search-base</param-name>
<param-value>ou=users, ou=system</param-value>
</init-param>
<init-param>
<param-name>search-filter</param-name>
<param-value>(cn={0})</param-value>
</init-param>
<init-param>
<param-name>id-attribute</param-name>
<param-value>cn</param-value>
</init-param>
<init-param>
<param-name>attributes</param-name>
<param-value>cn, userPassword</param-value>
</init-param>
<init-param>
<param-name>security-authentication</param-name>
<param-value>simple</param-value>
</init-param>
<init-param>
<param-name>security-principal</param-name>
<param-value>commonName=ben, ou=users, ou=system</param-value>
</init-param>
<init-param>
<param-name>security-credentials</param-name>
<param-value>XXXXXX</param-value>
</init-param>
<init-param>
<param-name>password-attribute</param-name>
<param-value>userPassword</param-value>
</init-param>
</filter>
<filter>
-------------------------------------------------------------------
FEDORA LOG
-------------------------------------------------------------------
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() ldap explicit version==3
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() ldap version==3
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() ldap url==ldap://localhost:10389
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() binding to protected directory
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterSetup)
>>>>>>>>>>>>>>>>>>LdapFilterForAttributes
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
applyFilter() result==
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
applyFilter() regex ==\{0\}
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
applyFilter() arg ==commonName=ben, ou=users, ou=system
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
applyFilter() result==
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() bind w simple
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() user==
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() passwd==XXXXXX
DEBUG 2010-07-30 09:04:28.671 [http-8080-Processor25] (FilterLdap) A
getEnvironment() < {java.naming.provider.url=ldap://localhost:10389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.version=3, java.naming.security.principal=,
java.naming.security.authentication=simple,
java.naming.security.credentials=XXXXXXX}
DEBUG 2010-07-30 09:09:14.750 [http-8080-Processor24] (FilterSetup)
>>>>>>>>>>>>>>>>>>LdapFilterForAttributes
DEBUG 2010-07-30 09:09:14.750 [http-8080-Processor24] (FilterLdap) A
getNamingEnumeration() >
INFO 2010-07-30 09:09:14.750 [http-8080-Processor24] (FilterLdap) A
getNamingEnumeration() -not- binding individual user
DEBUG 2010-07-30 09:09:14.750 [http-8080-Processor24] (FilterSetup)
>>>>>>>>>>>>>>>>>>LdapFilterForAttributes
DEBUG 2010-07-30 09:09:14.750 [http-8080-Processor24] (FilterLdap) A
getNamingEnumeration() >
ERROR 2010-07-30 09:09:14.765 [http-8080-Processor24] (FilterLdap) A
getNamingEnumeration() exception getting ldap context [LDAP: error code 49 -
INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]
-------------------------------------------------------------------
Regards,
Ben
---------------------------------------------------------------------
Dr Ben Ryan
Timescapes Archive Technical Officer
School of Sociology and Social Policy
Faculty of Education, Social Sciences and Law
Social Science Building
The University of Leeds
Leeds LS2 9JT
Email: [email protected]<mailto:[email protected]>
Tel: 0113 343 7319
Website: http://www.timescapes.leeds.ac.uk<http://www.timescapes.leeds.ac.uk/>
---------------------------------------------------------------------
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
