[Auth_ldap] (uri=) means no auth

Greg Leffler greg.leffler at louisville.edu
Mon Sep 6 16:45:45 PDT 2004 

Hi everyone,

I can't get auth_ldap to work. I'm using Apache 1.3.31 and auth_ldap
1.6.

Apache seems to be running a search for (uid=) instead of
(uid=WHATEVER_THEY_ENTERED), and I can't figure out why. See below:

[Mon Sep  6 19:28:20 2004] [debug] apache_ssl.c(2058): CIPHER is RC4-SHA
[Mon Sep  6 19:28:21 2004] [debug] buff.c(271): read returned 630
rwstate=1 state=3 rstate=240 cren=0 aren=0 accept=1
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(66): version
1.6.0: Trying to parse an url `ldap://127.0.0.1:3389/dc=speedacm,
dc=org'
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(87): Url parse:
Host: 127.0.0.1
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(89): Url parse:
Port: 3389
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(91): Url parse:
DN: dc=speedacm, dc=org
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(93): Url parse:
Attrib: (null)
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(95): Url parse:
Scope: base
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(100): Url parse:
Filter: (null)
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap_config.c(147): {31687} not
requesting secure LDAP
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(480): [client
66.134.154.188] {31687} Entering ldap_authenticate_basic_user
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(306): [client
66.134.154.188] {31687} Entering auth_ldap_find_connection
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(498): [client
66.134.154.188] {31687} authenticate: using URL
ldap://127.0.0.1:3389/dc=speedacm, dc=org
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(432): [client
66.134.154.188] {31687} inserting `ldap://127.0.0.1:3389/dc=speedacm,
dc=org' into URL cache
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(551): [client
66.134.154.188] {31687} entry for `' is not in the cache
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(145): [client
66.134.154.188] {31687} Entering auth_ldap_connect_to_server
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(165): [client
66.134.154.188] {31687} Opening connection to ldap server(s) `127.0.0.1'
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(168): [client
66.134.154.188] {31687} LDAP OP: init
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(262): [client
66.134.154.188] {31687} Binding to server `127.0.0.1' as (null)/(null)
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(272): [client
66.134.154.188] {31687} LDAP OP: simple bind
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(577): [client
66.134.154.188] {31687} Peforming a search (scope=2) with filter
(&(objectclass=*)(uid=))
[Mon Sep  6 19:28:21 2004] [debug] auth_ldap.c(581): [client
66.134.154.188] {31687} LDAP OP: search
[Mon Sep  6 19:28:21 2004] [error] [client 66.134.154.188] Search must
return exactly 1 entry; found 0 entries for search
(&(objectclass=*)(uid=)): URI /manage/register/index.php

Running that (useless) search on my LDAP server gives this:

Sep  6 23:07:49 rat slapd[31896]: conn=2336 fd=69 ACCEPT from
IP=192.168.1.21:4752 (IP=0.0.0.0:389)
Sep  6 23:07:49 rat slapd[17976]: conn=2336 op=0 BIND dn="" method=128
Sep  6 23:07:49 rat slapd[17976]: conn=2336 op=0 RESULT tag=97 err=0
text=
Sep  6 23:07:49 rat slapd[22310]: conn=2336 op=1 SRCH
base="dc=speedacm,dc=org" scope=2
filter="(&(objectClass=*)(?=undefined))"
Sep  6 23:07:49 rat slapd[22310]: conn=2336 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Sep  6 23:07:58 rat slapd[3024]: conn=2336 op=2 SRCH
base="dc=speedacm,dc=org" scope=2
filter="(&(objectClass=*)(?=undefined))"
Sep  6 23:07:58 rat slapd[3024]: conn=2336 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text=
Sep  6 23:07:58 rat slapd[3024]: conn=2336 op=2 UNBIND
Sep  6 23:07:58 rat slapd[3024]: conn=2336 fd=69 closed

And running it with my userid gives this:

Sep  6 23:31:05 rat slapd[31896]: conn=2419 fd=36 ACCEPT from
IP=192.168.1.21:3754 (IP=0.0.0.0:389)
Sep  6 23:31:05 rat slapd[22310]: conn=2419 op=0 BIND dn="" method=128
Sep  6 23:31:05 rat slapd[22310]: conn=2419 op=0 RESULT tag=97 err=0
text=
Sep  6 23:31:05 rat slapd[21712]: conn=2419 op=1 SRCH
base="dc=speedacm,dc=org" scope=2
filter="(&(objectClass=*)(uid=gpleff02))"
Sep  6 23:31:05 rat slapd[21712]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Sep  6 23:31:06 rat slapd[21712]: conn=2419 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Sep  6 23:31:06 rat slapd[3024]: conn=2419 op=2 UNBIND
Sep  6 23:31:06 rat slapd[3024]: conn=2419 fd=36 closed

Which appears to be correct output. I'm at a loss as to why apache has
decided to use (uid=) for authentication, but would really like to know
how to fix it to get LDAP authorization working.
-- 
-!- As easy as 1, 2, 3.1415926535897932384626433832795028841 
Greg Leffler -- http://gleffler.us
Next upcoming event: 6 Sep Labor Day (yay!)
OpenPGP: 9EEA B804 2263 1ECA 78C4  6C02 B397 013F 0137 4F66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.rudedog.org/pipermail/auth_ldap/attachments/20040906/d3b02a8c/attachment.pgp

More information about the Auth_ldap mailing list