[Auth_ldap] False negatives from auth_ldap 1.6.0
Joe Formoso
jformoso at stevens.edu
Tue Feb 22 12:41:33 PST 2005
All,
I've got auth_ldap 1.6.0 installed on a Debian 3.0 box which is
also running Apache/1.3.26 Ben-SSL/1.48. We've had problems with a
couple of directories which are using auth_ldap authentication, in the
form of false negatives. For reference, the .htaccess file is
approximately:
----------------------------------------------------------------
AuthName "Username and Password"
AuthType Basic
AuthLDAPBindDN uid=binduser,ou=people,o=foo.bar,o=foo
AuthLDAPBindPassword bindpass
AuthLDAPUrl
ldap://ldap.foo.bar:389/ou=people,o=foo.bar,o=foo
<Limit GET POST>
require group cn=group1, ou=groups, o=foo.bar, o=foo
require user user1
require user user2
</Limit>
----------------------------------------------------------------
Coincident with the false negatives are entries in the Apache
error_log of the form:
----------------------------------------------------------------
[Tue Feb 22 15:23:57 2005] [error] [client 1.2.3.4] Search must return exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=jsmith)): URI /testdir/
----------------------------------------------------------------
As mentioned, this is intermittent, but aggravating. I don't
believe the false negatives are coming from the LDAP server, as we have
several other services authenticating against it (an
iPlanet/SunONE/whatevertheycallitnow LDAP server) and have never seen a
problem. If there are any suggestions for where to start troubleshooting,
I'd be most appreciative.
--Joe
-----
Joe Formoso (jformoso at stevens-tech.edu),
Senior Systems Administrator, IT Department, Stevens Institute of Technology
More information about the Auth_ldap
mailing list