Thanks,
After a lot of research we found that Apple baked in ltb project when you turn
on the websites feature.
Question - Is it possible to unlock a locked out user with ltb project? Our
password policy is set to 5 attempts per policy and we get a lot of lockouts
-Jared
On Wed, Nov 25, 2015 at 6:00 AM, null
<[email protected]> wrote:
> Send ltb-users mailing list submissions to
> [email protected]
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.ltb-project.org/listinfo/ltb-users
> or, via email, send a message with subject or body 'help' to
> [email protected]
> You can reach the person managing the list at
> [email protected]
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of ltb-users digest..."
> Today's Topics:
> 1. Re: Help with OpenDirectory / OpenLDAP (Cl?ment OUDOT)
> ----------------------------------------------------------------------
> Message: 1
> Date: Tue, 24 Nov 2015 19:02:29 +0100
> From: Cl?ment OUDOT <[email protected]>
> Subject: Re: [Ltb-users] Help with OpenDirectory / OpenLDAP
> To: [email protected]
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="windows-1252"; Format="flowed"
> Hello,
> I don't know why, but the error appears when LTB SSP checks the password
> submitted by the user. It should receive a 49 error code if the password
> is bad, not 50. As I don't really know how Apple OpenDirectory works, I
> can't help you a lot. You can indeed try to use the uid=root account.
> --
> Cl?ment OUDOT
> Consultant en logiciels libres, Expert infrastructure et s?curit?
> Savoir-faire Linux
> Le 24/11/2015 00:08, Jared Schwartz a ?crit :
>> Just a quick update - I dug into the slapd.conf and linked files and
>> found they use The basedn starting with uid=root (not diradmin) but I
>> have no idea how to find the secret / password
>>
>> -Jared
>>
>>
>> On Mon, Nov 23, 2015 at 3:33 PM, Jared Schwartz
>> <[email protected] <mailto:[email protected]>> wrote:
>>
>> Hello All,
>>
>> We are attempting to setup self service that connects to an
>> OpenDirectory server (that is a Apple fork of OpenLDAP)
>>
>> I am close to getting it to work, but I think I am overlooking
>> something obvious..
>>
>> I have configured my settings as:
>>
>> (diradmin in the directory admin)
>> (snipped server names below)
>>
>> # LDAP
>> $ldap_url = "ldap://servername.network.lan:389";;
>> $ldap_starttls = false;
>> $ldap_binddn =
>> "uid=diradmin,cn=users,dc=servername,dc=network,dc=lan";
>> $ldap_bindpw = "password";
>> $ldap_base = "cn=users,dc=servername,dc=network,dc=lan";
>> $ldap_login_attribute = "uid";
>> $ldap_fullname_attribute = "cn";
>> $ldap_filter =
>> "(&(objectClass=person)($ldap_login_attribute={login}))";
>>
>>
>> I am not quite sure I understand the below option as it is not
>> explained in detail on the website, or what to set it to:
>>
>> # Who changes the password?
>> # Also applicable for question/answer save
>> # user: the user itself
>> # manager: the above binddn
>> $who_change_password = "user";
>>
>> Another issue is I don't fully understand how to build the
>> ldap_filter
>> for open directory. $ldap_filter =
>> "(&(objectClass=person)(uid={login}))"; I verified that the
>> objectClass person exists but I am not sure where to find uid=login
>>
>> The error I get on the webpage is "Login or password incorrect"
>>
>> In the PHP error logs i see:
>>
>> [23-Nov-2015 21:25:47 Europe/Berlin] PHP Warning: ldap_bind(): Unable
>> to bind to server: Insufficient access in
>> /Applications/MAMP/htdocs/pages/change.php on line 141
>>
>> [23-Nov-2015 21:25:47 Europe/Berlin] LDAP - Bind user error 50
>> (Insufficient access)
>>
>> I have verified that the username and password are valid for the
>> highest level open directory user - so I am confused on how to fix
>> this issue.
>>
>> Any help is greatly appreciated.
>>
>> -Jared
>>
>>
>>
>>
>> _______________________________________________
>> ltb-users mailing list
>> [email protected]
>> http://lists.ltb-project.org/listinfo/ltb-users
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20151124/bcffd272/attachment-0001.htm>
> ------------------------------
> _______________________________________________
> ltb-users mailing list
> [email protected]
> http://lists.ltb-project.org/listinfo/ltb-users
> End of ltb-users Digest, Vol 61, Issue 9
> ****************************************_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
