Hello Rumi, Thank you for your assistance. I have double checked my settings and copy-pasted "SQL_ENCRYPTION_ON_PASSWORD = 1" into my virtuoso.ini. However, it did not work for me. And, I already use LDAP V3.
I believe the problem is my Virtuoso does not make any requests to the LDAP server during log in to isql. I checked this by seeing OpenLDAP's log file with loglevel -1. Which version of Virtuoso do you use? Seems that my Virtuoso is something wrong. Regards, Shinichi On Wed, Mar 13, 2013 at 5:30 PM, Rumi <[email protected]> wrote: > Hello Shinichi , > > > On 13-Mar-13 5:33 AM, Shinichi Kai wrote: >> >> Hello Rumi, >> >> I followed the steps you provided, but I still get "Bad login" error. >> Are there other settings to make the LDAP feature work? >> >> I performed following steps: >> 1) Set SQL_ENCRYPTION_ON_PASSWORD in the [Client] section in >> virtuoso.ini to "1". >> 2) Restart the Virtuoso. >> 3) Remove my already imported user and re-imporeted the user from my >> LDAP server again. >> 4) Change "User type" to "SQL/ODBC" in Editting Account screen. >> 5) Log in into iSQL. >> >> I still get "CL034: Bad login" error and Virtuoso does not make any >> LDAP requests. >> -- error messages --- >> *** Error 28000: [Virtuoso Driver]CL034: Bad login >> at line 0 of Top-Level: >> --------------------- >> >> -- virtuoso.log --- >> Incorrect login for myuser from IP [127.0.0.1] >> --------------------- >> >> My imported user settings in the Editting Account is following: >> - User Type: SQL/ODBC >> - LDAP Authentication: enabled >> - LDAP Server: ldap://localhost:389 >> >> If I set LDAP Authentication to "disabled", I can sucessfully log in to >> iSQL. > > > The steps seem to be fine. > Please make sure you have in the ini file exactly this line ( please > copy-paste it re. sorting out extra white spaces etc. ): > > SQL_ENCRYPTION_ON_PASSWORD = 1 > > > Also what are the settings for your LDAP server in Conductor->System > Admin->User Accounts->LDAP Server? > If you are using "LDAP Version" 2, I would recommend to switch to version 3 > and re-try again. > Locally I have imported LDAP server with version 3 ( no TLS ) and for the > imported user with pwd exactly the same as it is on the LDAP server, > I can then successfully log in into ISQL. > An option also to be you to check your pwd can you log in with it on the > LDAP server in general. > > Here are the settings for my imported user as per System Admin->User > Accounts-><myuser>->Edit: > -- User Enabled: checked > -- User Type: SQL/ODBC > -- Default Qual/Catalog: DB > -- Primary Role: none > -- e-mail: xxxx > -- DAV Home path: /DAV/home/username/ > -- Default permissions: rw-r-t > -- Quota: 5 MB > -- LDAP Authentication: enabled > -- LDAP Server: ldap://yyy:389 > > > Please let me know if this worked for you re. changing the settings. > > > Best Regards, > Rumi > > > >> >> Regards, >> Shinichi >> >> On Wed, Mar 13, 2013 at 2:59 AM, Rumi <[email protected]> wrote: >>> >>> Hello Shinichi, >>> >>> >>> On 12-Mar-13 3:15 PM, Shinichi Kai wrote: >>>> >>>> Hello Rumi, >>>> >>>> I set LDAP Authentication "enabled" on an imported user and tried to >>>> log in to Virtuoso with isql. >>>> However, I got "CL034: Bad login" error and Virtuoso did not make any >>>> LDAP requests to the LDAP server. I checked this by looking at the >>>> LDAP server log file. Do you have any ideas what causes this behavior? >>>> Am I missing something? >>> >>> >>> By default when importing users, they have setting "User type" set to >>> "WebDAV". >>> You can check this from Virtuoso Conductor->System Admin->User >>> Accounts->your-user Edit ->field "User type". >>> >>> Here is what you should do in order to be able to log in into iSQL with >>> your >>> user imported from a given LDAP server: >>> >>> 1) Make sure you have set in Virtuoso ini the SQL_ENCRYPTION_ON_PASSWORD >>> parameter to 1 in the [Client] section, i.e.: >>> >>> ;virtuoso.ini >>> .... >>> [Client] >>> SQL_ENCRYPTION_ON_PASSWORD = 1 >>> ... >>> >>> 2) Set the "User type" of the imported LDAP user to be "SQL/ODBC" -- >>> Virtuoso Conductor->System Admin->User Accounts->your-user Edit ->field >>> "User type". >>> >>> 3) Log in into iSQL: >>> >>> isql host:port user-name user-password >>> >>> We shortly will update our doc to reflect the steps from above. >>> >>> >>> Best Regards, >>> Rumi >>> >>> >>> >>>> My environment is following: >>>> - Cent OS 6.3 64bit >>>> - Virtuoso Open-Source Edition v6.1.6 >>>> >>>> >>>> (http://sourceforge.net/projects/virtuoso/files/virtuoso/6.1.6/virtuoso-opensource-6.1.6.tar.gz/download) >>>> - Open LDAP 2.4.23 >>>> >>>> Regards, >>>> Shinichi >>>> >>>> On Tue, Mar 12, 2013 at 12:16 AM, Rumi <[email protected]> wrote: >>>>> >>>>> Hello Kai, >>>>> >>>>> >>>>> On 11-Mar-13 3:32 PM, Shinichi Kai wrote: >>>>>> >>>>>> Hello Rumi, >>>>>> >>>>>> Thank you for your prompt reply. >>>>>> >>>>>>> for ex. if "enabled", user will be able to perform LDAP >>>>>>> Authentication >>>>>>> etc. >>>>>> >>>>>> How do I perform LDAP Authentication during login to Virtuoso (e.g. >>>>>> isql or sparql-auth endpoint, etc.)? >>>>>> I enabled LDAP Authentication on an already imported user and tried to >>>>>> login to isql with the imported user, but I got "CL034: Bad login" >>>>>> error. If I disable LDAP Authentication on the imported user, I >>>>>> successfully login to isql with the imported user. >>>>>> >>>>>> I believe that I am able to perform LDAP Authentication by utilizing >>>>>> procedures and ldap_search() function described here >>>>>> (http://docs.openlinksw.com/virtuoso/databaseadmsrv.html#usermodel). >>>>>> What does Virtuoso actually do when LDAP Authentication is set to >>>>>> "enabled" in the Conductor's Editing Account? And, what if LDAP >>>>>> Authentication is set to "account check"? >>>>> >>>>> >>>>> -- if set to "enabled", then on an attempt to log in into Virtuoso, the >>>>> system tries to log in into the LDAP server with the given username and >>>>> password. If this succeeds, then the user logs in successfully in >>>>> Virtuoso. >>>>> >>>>> -- if set to "account check", then on an attempt to log in into >>>>> Virtuoso, >>>>> the system performs a check if there is such an user on the LDAP >>>>> server. >>>>> If >>>>> yes, then the user logs in successfully in Virtuoso. >>>>> >>>>> Best Regards, >>>>> Rumi >>>>> >>>>> >>>>> >>>>>> I searched the documentation for this feature but I couldn't find it. >>>>>> Do I have a misunderstanding about Virtuoso's LDAP Authentication >>>>>> feature? >>>>>> >>>>>> Regards, >>>>>> Shinichi >>>>>> >>>>>> On Mon, Mar 11, 2013 at 2:24 AM, Rumi <[email protected]> wrote: >>>>>>> >>>>>>> Hello Kai, >>>>>>> >>>>>>> >>>>>>> On 10-Mar-13 4:03 AM, Kai Shinichi wrote: >>>>>>> >>>>>>> Hello experts, >>>>>>> >>>>>>> I installed Virtuoso Open-Source Edition v6.1.6 and successfully >>>>>>> imported >>>>>>> users by "LDAP Import" in Virtuoso Conductor. >>>>>>> >>>>>>> When I imported users in Virtuoso Conductor, I saw "LDAP >>>>>>> Authentication" >>>>>>> pull-down menu in "Map LDAP Search data" screen but I couldn't find >>>>>>> any >>>>>>> documentation for this pull-down menu. >>>>>>> >>>>>>> Is there any useful documentation for that? >>>>>>> >>>>>>> >>>>>>> The LDAP Authentication drop-down values are respectively: disabled, >>>>>>> enabled, account check. >>>>>>> Depending on what was selected for a desired user to be imported, >>>>>>> this will be added as an LDAP Authentication value for the user in >>>>>>> question >>>>>>> to the Virtuoso DB. >>>>>>> You can check for an already imported user from Virtuoso Conductor -> >>>>>>> System >>>>>>> Admin -> User Accounts -> User (Edit)-> "LDAP Authentication", for >>>>>>> ex. >>>>>>> if >>>>>>> "enabled", user will be able to perform LDAP Authentication etc. >>>>>>> >>>>>>> Best Regards, >>>>>>> Rumi >>>>>>> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> Shinichi ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Virtuoso-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/virtuoso-users
