[Auth_ldap] Domino LDAP Group Member Authentication

[paul.regan at dds.co.uk]

Hi .. I'm trying to get group membership working with a domino ldap 
directory .. The log seems to indicate its actually querying the directory 
but its not making a match against the login name, which you can see from 
the ldapsearch does exist in the group.

What I'm trying to achieve is access to a directory for the User 'Paul 
Regan' by being a member of 'UK-IS@ ... I've attached my apache config, 
apache debug log extract and an ldapsearch to see if anyone can suggest 
where i'm going wrong ..

Thanks, Paul

************************************************

LDAPSearch

C:\Program Files\lotus\notes>ldapsearch.exe -v -h ldap.dds.co.uk 
"(&(objectClass=dominoGroup)(cn=UK-IS))"
ldap_sslinit( ldap.dds.co.uk, 389 )
filter pattern: (&(objectClass=dominoGroup)(cn=UK-IS))
returning: ALL

*** Filter is: ((&(objectClass=dominoGroup)(cn=UK-IS))) ***
CN=UK-IS
cn=UK-IS
cn=ukis
mail=ukis
description=IS Department (Keep)
objectclass=dominoGroup
objectclass=groupOfNames
objectclass=top
grouptitle=0
member=CN=Paul Regan,OU=Europe,O=DDS

Apache .htaccess file

AuthType Basic
AuthName "Secret Garden"
AuthLDAPURL ldap://ldap.dds.co.uk:389/?CN
AuthLDAPGroupAttribute member
require group CN=UK-IS
#require valid-user


Apache Log Snip

[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(80): version 1.6.1: 
Trying to parse an url `ldap://ldap.dds.co.uk:389/?CN'
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(101): Url parse: 
Host: ldap.dds.co.uk
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(103): Url parse: 
Port: 389
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(105): Url parse: DN: 

[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(107): Url parse: 
Attrib: CN
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(109): Url parse: 
Scope: base
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(114): Url parse: 
Filter: (null)
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_config.c(163): {3341} not 
requesting secure LDAP
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(508): [client 10.2.64.6] 
{3341} Entering ldap_authenticate_basic_user
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(332): [client 10.2.64.6] 
{3341} Entering auth_ldap_find_connection
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(526): [client 10.2.64.6] 
{3341} authenticate: using URL ldap://ldap.dds.co.uk:389/?CN
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(460): [client 10.2.64.6] 
{3341} inserting `ldap://ldap.dds.co.uk:389/?CN' into URL cache
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(579): [client 10.2.64.6] 
{3341} entry for `Paul Regan' is not in the cache
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(145): [client 10.2.64.6] 
{3341} Entering auth_ldap_connect_to_server
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(165): [client 10.2.64.6] 
{3341} Opening connection to ldap server(s) `ldap.dds.co.uk'
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(168): [client 10.2.64.6] 
{3341} LDAP OP: init
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(288): [client 10.2.64.6] 
{3341} Binding to server `ldap.dds.co.uk' as (null)/(null)
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(298): [client 10.2.64.6] 
{3341} LDAP OP: simple bind
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(605): [client 10.2.64.6] 
{3341} Peforming a search (scope=2) with filter (&(objectclass=*)(CN=Paul 
Regan))
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(609): [client 10.2.64.6] 
{3341} LDAP OP: search
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(656): [client 10.2.64.6] 
{3341} DN returned from search is CN=Paul Regan,OU=Europe,O=DDS
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(676): [client 10.2.64.6] 
{3341} Validating user `CN=Paul Regan,OU=Europe,O=DDS' via bind
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(686): [client 10.2.64.6] 
{3341} LDAP OP: simple bind
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(708): [client 10.2.64.6] 
{3341} authenticate: accepting
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(711): [client 10.2.64.6] 
{3341} Adding user `CN=Paul Regan,OU=Europe,O=DDS' to the cache
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(755): [client 10.2.64.6] 
{3341} Entering ldap_check_auth
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(901): [client 10.2.64.6] 
{3341} testing for group membership in `CN=UK-IS'
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(906): [client 10.2.64.6] 
{3341} testing for member=CN=Paul Regan,OU=Europe,O=DDS
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_cache.c(323): [client 
10.2.64.6] {3341} Searching cache for `member'/`CN=Paul 
Regan,OU=Europe,O=DDS' and dn `CN=UK-IS'
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(145): [client 10.2.64.6] 
{3341} Entering auth_ldap_connect_to_server
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(288): [client 10.2.64.6] 
{3341} Binding to server `ldap.dds.co.uk' as (null)/(null)
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(298): [client 10.2.64.6] 
{3341} LDAP OP: simple bind
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_cache.c(361): [client 
10.2.64.6] {3341} Doing LDAP compare of member=CN=Paul 
Regan,OU=Europe,O=DDS in entry CN=UK-IS
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_cache.c(365): [client 
10.2.64.6] {3341} LDAP OP: compare
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap_cache.c(384): [client 
10.2.64.6] {3341} Compare failed
[Wed Feb  8 16:47:18 2006] [debug] auth_ldap.c(938): [client 10.2.64.6] 
{3341} denying authentication
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.rudedog.org/pipermail/auth_ldap/attachments/20060210/41cefbd3/attachment.htm