Hello Shinichi , On 13-Mar-13 5:33 AM, Shinichi Kai wrote:
Hello Rumi,I followed the steps you provided, but I still get "Bad login" error. Are there other settings to make the LDAP feature work? I performed following steps: 1) Set SQL_ENCRYPTION_ON_PASSWORD in the [Client] section in virtuoso.ini to "1". 2) Restart the Virtuoso. 3) Remove my already imported user and re-imporeted the user from my LDAP server again. 4) Change "User type" to "SQL/ODBC" in Editting Account screen. 5) Log in into iSQL. I still get "CL034: Bad login" error and Virtuoso does not make any LDAP requests. -- error messages --- *** Error 28000: [Virtuoso Driver]CL034: Bad login at line 0 of Top-Level: --------------------- -- virtuoso.log --- Incorrect login for myuser from IP [127.0.0.1] --------------------- My imported user settings in the Editting Account is following: - User Type: SQL/ODBC - LDAP Authentication: enabled - LDAP Server: ldap://localhost:389 If I set LDAP Authentication to "disabled", I can sucessfully log in to iSQL.
The steps seem to be fine.Please make sure you have in the ini file exactly this line ( please copy-paste it re. sorting out extra white spaces etc. ):
SQL_ENCRYPTION_ON_PASSWORD = 1Also what are the settings for your LDAP server in Conductor->System Admin->User Accounts->LDAP Server? If you are using "LDAP Version" 2, I would recommend to switch to version 3 and re-try again. Locally I have imported LDAP server with version 3 ( no TLS ) and for the imported user with pwd exactly the same as it is on the LDAP server,
I can then successfully log in into ISQL.An option also to be you to check your pwd can you log in with it on the LDAP server in general.
Here are the settings for my imported user as per System Admin->User Accounts-><myuser>->Edit:
-- User Enabled: checked -- User Type: SQL/ODBC -- Default Qual/Catalog: DB -- Primary Role: none -- e-mail: xxxx -- DAV Home path: /DAV/home/username/ -- Default permissions: rw-r-t -- Quota: 5 MB -- LDAP Authentication: enabled -- LDAP Server: ldap://yyy:389 Please let me know if this worked for you re. changing the settings. Best Regards, Rumi
Regards, Shinichi On Wed, Mar 13, 2013 at 2:59 AM, Rumi <[email protected]> wrote:Hello Shinichi, On 12-Mar-13 3:15 PM, Shinichi Kai wrote:Hello Rumi, I set LDAP Authentication "enabled" on an imported user and tried to log in to Virtuoso with isql. However, I got "CL034: Bad login" error and Virtuoso did not make any LDAP requests to the LDAP server. I checked this by looking at the LDAP server log file. Do you have any ideas what causes this behavior? Am I missing something?By default when importing users, they have setting "User type" set to "WebDAV". You can check this from Virtuoso Conductor->System Admin->User Accounts->your-user Edit ->field "User type". Here is what you should do in order to be able to log in into iSQL with your user imported from a given LDAP server: 1) Make sure you have set in Virtuoso ini the SQL_ENCRYPTION_ON_PASSWORD parameter to 1 in the [Client] section, i.e.: ;virtuoso.ini .... [Client] SQL_ENCRYPTION_ON_PASSWORD = 1 ... 2) Set the "User type" of the imported LDAP user to be "SQL/ODBC" -- Virtuoso Conductor->System Admin->User Accounts->your-user Edit ->field "User type". 3) Log in into iSQL: isql host:port user-name user-password We shortly will update our doc to reflect the steps from above. Best Regards, RumiMy environment is following: - Cent OS 6.3 64bit - Virtuoso Open-Source Edition v6.1.6 (http://sourceforge.net/projects/virtuoso/files/virtuoso/6.1.6/virtuoso-opensource-6.1.6.tar.gz/download) - Open LDAP 2.4.23 Regards, Shinichi On Tue, Mar 12, 2013 at 12:16 AM, Rumi <[email protected]> wrote:Hello Kai, On 11-Mar-13 3:32 PM, Shinichi Kai wrote:Hello Rumi, Thank you for your prompt reply.for ex. if "enabled", user will be able to perform LDAP Authentication etc.How do I perform LDAP Authentication during login to Virtuoso (e.g. isql or sparql-auth endpoint, etc.)? I enabled LDAP Authentication on an already imported user and tried to login to isql with the imported user, but I got "CL034: Bad login" error. If I disable LDAP Authentication on the imported user, I successfully login to isql with the imported user. I believe that I am able to perform LDAP Authentication by utilizing procedures and ldap_search() function described here (http://docs.openlinksw.com/virtuoso/databaseadmsrv.html#usermodel). What does Virtuoso actually do when LDAP Authentication is set to "enabled" in the Conductor's Editing Account? And, what if LDAP Authentication is set to "account check"?-- if set to "enabled", then on an attempt to log in into Virtuoso, the system tries to log in into the LDAP server with the given username and password. If this succeeds, then the user logs in successfully in Virtuoso. -- if set to "account check", then on an attempt to log in into Virtuoso, the system performs a check if there is such an user on the LDAP server. If yes, then the user logs in successfully in Virtuoso. Best Regards, RumiI searched the documentation for this feature but I couldn't find it. Do I have a misunderstanding about Virtuoso's LDAP Authentication feature? Regards, Shinichi On Mon, Mar 11, 2013 at 2:24 AM, Rumi <[email protected]> wrote:Hello Kai, On 10-Mar-13 4:03 AM, Kai Shinichi wrote: Hello experts, I installed Virtuoso Open-Source Edition v6.1.6 and successfully imported users by "LDAP Import" in Virtuoso Conductor. When I imported users in Virtuoso Conductor, I saw "LDAP Authentication" pull-down menu in "Map LDAP Search data" screen but I couldn't find any documentation for this pull-down menu. Is there any useful documentation for that? The LDAP Authentication drop-down values are respectively: disabled, enabled, account check. Depending on what was selected for a desired user to be imported, this will be added as an LDAP Authentication value for the user in question to the Virtuoso DB. You can check for an already imported user from Virtuoso Conductor -> System Admin -> User Accounts -> User (Edit)-> "LDAP Authentication", for ex. if "enabled", user will be able to perform LDAP Authentication etc. Best Regards, Rumi Regards, Shinichi------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Virtuoso-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/virtuoso-users
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Virtuoso-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/virtuoso-users
