[Auth_ldap] Fwd: group based authentication fails
Dave Carrigan
dave at rudedog.org
Wed Feb 1 08:06:46 PST 2006
Frank Altpeter wrote:
> {2450} LDAP OP: simple bind
> {2450} authenticate: accepting
> {2450} Adding user `uid=frank at company.de, dc=company.de, ou=mail,
> c=de, o=company' to the cache
> {2450} Entering ldap_check_auth
> {2450} denying authentication
>
> Strange - why does it say "authenticate: accepting" but in the end "denying" ?
It's a typo. It should say denying authorization. Your uid was
authenticated because you provided the correct password, but the
authorization is failing. For some reason it is ignoring the require
group directive, otherwise there would be an entry in the log saying
"testing for group membership".
Have you tried quoting the DN in the require group directive, i.e.:
require group "cn=Administrators, blah blah"
--
Dave Carrigan
Seattle, WA, USA
dave at rudedog.org | http://www.rudedog.org/
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL-Postfix
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://www.rudedog.org/pipermail/auth_ldap/attachments/20060201/d6e2969f/attachment.pgp
More information about the Auth_ldap
mailing list