try to use something that doesnt start with dc= in your base dn
AuthLDAPURL ldap://silver.abc.co.za/dc=abc,dc=co,dc=za?uid
make it for example :
AuthLDAPURL ldap://silver.abc.co.za/ou=Users,dc=abc,dc=co,dc=za?uid
On 4/26/07, mxc <[EMAIL PROTECTED]> wrote:
Hi all,
We are experiencing a strange problem when trying to get mod-authnz-ldap.
Users that do not exist have the following entry written to the error.log,
which seems correct to me.
[Fri Apr 27 03:14:28 2007] [warn] [client 192.168.12.123] [4161] auth_ldap
authenticate: user ggggggg authentication failed; URI /asdsd [User not
found][No such object]
[Fri Apr 27 03:14:28 2007] [error] [client 192.168.12.123] user ggggggg
not
found: /asdsd
Users that do exist but use the incorrect password have the following
written to the error log. This seems correct to.
[Thu Apr 26 22:39:49 2007] [warn] [client 192.168.12.123] [4116] auth_ldap
authenticate: user charles authentication failed; URI /asdsd
[ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Apr 26 22:39:49 2007] [error] [client 192.168.12.123] user mark:
authentication failure for "/asdsd": Password Mismatch
Users with the correct name and password have no entry written to the log
file but they are presented with the login dialog box again. This is what
I
have in my conf file
<Location />
AuthType Basic
AuthName "IT Intranet"
AuthBasicProvider ldap
AuthLDAPBindDN uid=binduser,ou=people,dc=abc,dc=co,dc=za
AuthLDAPBindPassword <secret>
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://silver.abc.co.za/dc=abc,dc=co,dc=za?uid
Require valid-user
</Location>
I can see the query going through to our openldap server with the
following
response.
Apr 27 03:06:18 silver slapd[30520]: conn=1333 fd=49 ACCEPT from
IP=192.168.12.2:55975 (IP=0.0.0.0:389)
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND
dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" method=128
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND
dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 RESULT tag=97 err=0
text=
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH
base="dc=abc,dc=co,dc=za" scope=2 deref=3
filter="(&(objectClass=*)(uid=charles))"
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH attr=uid
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND anonymous
mech=implicit ssf=0
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND
dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" method=128
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND
dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0
Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 RESULT tag=97 err=0
text=
What am I doing wrong?
--
View this message in context:
http://www.nabble.com/Valid-users-cannot-login-with-authnz_ldap-tf3655263.html#a10211874
Sent from the Apache HTTP Server - Users mailing list archive at
Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
