[Auth_ldap] Fwd: group based authentication fails
Frank Altpeter
frank.altpeter at gmail.com
Wed Feb 1 07:53:21 PST 2006
Sorry, accidentially hit the wrong button...
---------- Forwarded message ----------
From: Frank Altpeter <frank.altpeter at gmail.com>
Date: Feb 1, 2006 4:30 PM
Subject: Re: [Auth_ldap] group based authentication fails
To: Dave Carrigan <dave at rudedog.org>
On 2/1/06, Dave Carrigan <dave at rudedog.org> wrote:
> Frank Altpeter wrote:
>
> > Since i don't get any error messages in the log file, i'm quite blind
> > about the cause of the problem, but i don't get auth_ldap to accept my
> > login. The only way to get it working is to replace 'require group
> > ...' against 'require valid-user', which does fine.
>
> Bump up LogLevel to debug and it should tell you what searches it's
> performing which should help diagnose the problem.
Very good point - just missed that one :-)
Well,here's the output when i try to open my site:
{2450} Entering ldap_authenticate_basic_user
{2450} Entering auth_ldap_find_connection
{2450} authenticate: using URL
ldap://ldapserver.company.de/ou=mail,c=de,o=company?uid
{2450} inserting
`ldap://ldapserver.company.de/ou=mail,c=de,o=company?uid' into URL
cache
{2450} entry for `frank at company.de' is not in the cache
{2450} Entering auth_ldap_connect_to_server
{2450} Opening connection to ldap server(s) `ldapserver.company.de'
{2450} LDAP OP: init
{2450} Binding to server `ldapserver.company.de' as cn=root,o=company/secret
{2450} LDAP OP: simple bind
{2450} Peforming a search (scope=2) with filter
(&(objectclass=*)(uid=frank at company.de))
{2450} LDAP OP: search
{2450} DN returned from search is uid=frank at company.de, dc=company.de,
ou=mail, c=de, o=company
{2450} Validating user `uid=frank at company.de, dc=company.de, ou=mail,
c=de, o=company' via bind
{2450} LDAP OP: simple bind
{2450} authenticate: accepting
{2450} Adding user `uid=frank at company.de, dc=company.de, ou=mail,
c=de, o=company' to the cache
{2450} Entering ldap_check_auth
{2450} denying authentication
Strange - why does it say "authenticate: accepting" but in the end "denying" ?
>
> --
> Dave Carrigan
> Seattle, WA, USA
> dave at rudedog.org | http://www.rudedog.org/
> UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL-Postfix
>
> Dave is currently listening to The Redskins - Hold On (Live, 1986-09-15)
>
>
>
> _______________________________________________
> Auth_ldap mailing list
> Auth_ldap at rudedog.org
> http://www.rudedog.org/mailman/listinfo/auth_ldap
>
>
>
>
--
Le deagh dhùraghd,
Frank Altpeter
Two of the most famous products of Berkeley are LSD and Unix.
I don't think that this is a coincidence.
-- Anonymous
--
Le deagh dhùraghd,
Frank Altpeter
Two of the most famous products of Berkeley are LSD and Unix.
I don't think that this is a coincidence.
-- Anonymous
More information about the Auth_ldap
mailing list