[Auth_ldap] Problems during authentication phase with auth_ldap 1.6.1 andapache 1.3.9

Ronnie Gilkey ronnie at puryear-it.com
Tue Aug 15 07:26:00 PDT 2006 

Gary,

Can you authenticate properly without using SSL?  In your configuration 
you have:

#############

AuthLDAPURL     ldap://localhost:8001/dc=blackboard, dc=com
Localhost:8001 is linked to the SSL LDAP port on the LDAP server by
stunnel.

#############

Try connecting over plaintext to debug and use a traffic sniffer to 
ensure that it is working properly-- ethereal works very well.  I would 
also remove any blank spaces from the URL and DNs to be safe.

If you are going to connect over SSL your URL should use ldaps:// not 
ldap://.

Ronnie

-- 
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com

"Best Practices for Managing Linux and UNIX Servers"
Download your free copy:
http://www.puryear-it.com/bestpractices.htm


Gary Walker wrote:
> Hi.  I'm new to the list and hoping someone can help me explain some of
> the following behaviors.
>
> I'm troubleshooting a problem with auth_ldap's behavior on an older
> system.  I'm using the latest auth_ldap source built against apache
> 1.3.9 and openldap 1.2.9.  Here's a sample of my .htaccess file:
>
> AuthLDAPAuthoritative   off
> AuthName        "Login"
> AuthType        Basic
> AuthLDAPVersion "3"
> AuthLDAPBindDN  "uid=searchuser, ou=specials, dc=blackboard, dc=com"
> AuthLDAPBindPassword    searchuserpassword
> AuthLDAPURL     ldap://localhost:8001/dc=blackboard, dc=com
> AuthUserFile    /dev/null
> <Limit PUT POST GET>
> require valid-user
> </Limit>
>
> Localhost:8001 is linked to the SSL LDAP port on the LDAP server by
> stunnel.  The LDAP server is running SunOne directory server 5.2P2.
>
> What's happening is this--auth_ldap is authenticating regardless of
> whether or not a valid password has been entered so long as a username
> which exists in the LDAP directory is used.  Here's the error log from
> apache:
>
> [Tue Aug 15 09:31:30 2006] [debug] auth_ldap.c(145): [client
> 10.10.107.100] {25005} Entering auth_ldap_connect_to_server
> [Tue Aug 15 09:31:30 2006] [debug] auth_ldap.c(165): [client
> 10.10.107.100] {25005} Opening connection to ldap server(s) `localhost'
> [Tue Aug 15 09:31:30 2006] [debug] auth_ldap.c(168): [client
> 10.10.107.100] {25005} LDAP OP: init
> [Tue Aug 15 09:31:30 2006] [debug] auth_ldap.c(288): [client
> 10.10.107.100] {25005} Binding to server `localhost' as uid=searchuser,
> ou=specials, dc=blackboard, dc=com/searchuserpassword
> [Tue Aug 15 09:31:30 2006] [debug] auth_ldap.c(298): [client
> 10.10.107.100] {25005} LDAP OP: simple bind
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(605): [client
> 10.10.107.100] {25005} Peforming a search (scope=2) with filter
> (&(objectclass=*)(uid=gwalker))
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(609): [client
> 10.10.107.100] {25005} LDAP OP: search
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(616): [client
> 10.10.107.100] {25005} Server is down; reconnecting and starting over
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(112): [client
> 10.10.107.100] {25005} Server is down; reconnecting and starting over
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(116): [client
> 10.10.107.100] {25005} Freeing connection to ldap server(s) `localhost'
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(145): [client
> 10.10.107.100] {25005} Entering auth_ldap_connect_to_server
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(165): [client
> 10.10.107.100] {25005} Opening connection to ldap server(s) `localhost'
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(168): [client
> 10.10.107.100] {25005} LDAP OP: init
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(288): [client
> 10.10.107.100] {25005} Binding to server `localhost' as uid=searchuser,
> ou=specials, dc=blackboard, dc=com/searchuserpassword
> [Tue Aug 15 09:31:31 2006] [debug] auth_ldap.c(298): [client
> 10.10.107.100] {25005} LDAP OP: simple bind
> [Tue Aug 15 09:31:32 2006] [debug] auth_ldap.c(605): [client
> 10.10.107.100] {25005} Peforming a search (scope=2) with filter
> (&(objectclass=*)(uid=gwalker))
> [Tue Aug 15 09:31:32 2006] [debug] auth_ldap.c(609): [client
> 10.10.107.100] {25005} LDAP OP: search
> [Tue Aug 15 09:31:32 2006] [debug] auth_ldap.c(616): [client
> 10.10.107.100] {25005} Server is down; reconnecting and starting over
> [Tue Aug 15 09:31:32 2006] [debug] auth_ldap.c(112): [client
> 10.10.107.100] {25005} Server is down; reconnecting and starting over
> [Tue Aug 15 09:31:32 2006] [debug] auth_ldap.c(116): [client
> 10.10.107.100] {25005} Freeing connection to ldap server(s) `localhost'
> [Tue Aug 15 09:31:32 2006] [debug] auth_ldap.c(145): [client
> 10.10.107.100] {25005} Entering auth_ldap_connect_to_server
>
> Now, the strange thing is this:  auth_ldap is reporting that the server
> is down/reconnecting/starting over.  When I tcpdump the port, I see
> clearly that the LDAP server responds to the search request with the
> record for the user, including the user's DN.
>
> Has anyone seen this behavior previously?  Is there anything I can do to
> resolve it?
>
> Thanks for your assistance,
>
> Gary
> gewalker at gmail.com
> gwalker at blackboard.com
>
>
>
> This e-mail is intended only for the personal and confidential use of the recipient(s) named above. 
> It may include Blackboard confidential and proprietary information, and is not for redistribution.
>
>
>
> _______________________________________________
> Auth_ldap mailing list
> Auth_ldap at rudedog.org
> http://www.rudedog.org/mailman/listinfo/auth_ldap
>

More information about the Auth_ldap mailing list