Re: [users] Re: LDAP Login Access by Organization Unit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, applying the mentioned module into an Apache 2.2, the log still provide the LDAP access into the first 2 ldap ou's (as far I can read from the log). Still weird

[Tue Jun 03 12:48:37 2014] [debug] mod_authnz_ldap.c(390): [client ip.add.re.ss] [8713] auth_ldap authenticate: using URL ldap://ldap-address1 ldap-address2/OU=NewYork,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x2ab2eefc66f0 msgid 4
wait4msg ld 0x2ab2eefc66f0 msgid 4 (infinite timeout)
wait4msg continue ld 0x2ab2eefc66f0 msgid 4 all 1
** ld 0x2ab2eefc66f0 Connections:
* host: ldap-address1  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Jun  3 12:48:37 2014

** ld 0x2ab2eefc66f0 Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x2ab2eefc66f0 Response Queue:
   Empty
ldap_chkResponseList ld 0x2ab2eefc66f0 msgid 4 all 1
ldap_chkResponseList returns ld 0x2ab2eefc66f0 NULL
ldap_int_select
read1msg: ld 0x2ab2eefc66f0 msgid 4 all 1
read1msg: ld 0x2ab2eefc66f0 msgid 4 message type bind
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg: ld 0x2ab2eefc66f0 0 new referrals
read1msg:  mark request completed, ld 0x2ab2eefc66f0 msgid 4
request done: ld 0x2ab2eefc66f0 msgid 4
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_parse_result
ldap_msgfree
ldap_search_ext
put_filter: "(&(objectClass=*)(sAMAccountName=User-Chi))"
put_filter: AND
put_filter_list "(objectClass=*)(sAMAccountName=User-Chi)"
put_filter: "(objectClass=*)"
put_filter: simple
put_simple_filter: "objectClass=*"
put_filter: "(sAMAccountName=User-Chi)"
put_filter: simple
put_simple_filter: "sAMAccountName=User-Chi"
ldap_build_search_req ATTRS:
    sAMAccountName
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x2ab2eefc66f0 msgid 5
wait4msg ld 0x2ab2eefc66f0 msgid 5 (infinite timeout)
wait4msg continue ld 0x2ab2eefc66f0 msgid 5 all 1
** ld 0x2ab2eefc66f0 Connections:
* host: ldap-address1  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Jun  3 12:48:37 2014

** ld 0x2ab2eefc66f0 Outstanding Requests:
 * msgid 5,  origid 5, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x2ab2eefc66f0 Response Queue:
   Empty
ldap_chkResponseList ld 0x2ab2eefc66f0 msgid 5 all 1
ldap_chkResponseList returns ld 0x2ab2eefc66f0 NULL
ldap_int_select
read1msg: ld 0x2ab2eefc66f0 msgid 5 all 1
read1msg: ld 0x2ab2eefc66f0 msgid 5 message type search-result
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg: ld 0x2ab2eefc66f0 0 new referrals
read1msg:  mark request completed, ld 0x2ab2eefc66f0 msgid 5
request done: ld 0x2ab2eefc66f0 msgid 5
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 5, msgid 5)
ldap_parse_result
ldap_msgfree
ldap_err2string
[Tue Jun 03 12:48:37 2014] [warn] [client ip.add.re.ss] [8713] auth_ldap authenticate: user User-Chi authentication failed; URI /svn/ [User not found][No such object]
[Tue Jun 03 12:48:37 2014] [debug] mod_authnz_ldap.c(390): [client ip.add.re.ss] [8713] auth_ldap authenticate: using URL ldap://ldap-address1 ldap-address2/OU=Miami,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
ldap_search_ext
put_filter: "(&(objectClass=*)(sAMAccountName=User-Chi))"
put_filter: AND
put_filter_list "(objectClass=*)(sAMAccountName=User-Chi)"
put_filter: "(objectClass=*)"
put_filter: simple
put_simple_filter: "objectClass=*"
put_filter: "(sAMAccountName=User-Chi)"
put_filter: simple
put_simple_filter: "sAMAccountName=User-Chi"
ldap_build_search_req ATTRS:
    sAMAccountName
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x2ab2eefc66f0 msgid 6
wait4msg ld 0x2ab2eefc66f0 msgid 6 (infinite timeout)
wait4msg continue ld 0x2ab2eefc66f0 msgid 6 all 1
** ld 0x2ab2eefc66f0 Connections:
* host: ldap-address1  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Jun  3 12:48:37 2014

** ld 0x2ab2eefc66f0 Outstanding Requests:
 * msgid 6,  origid 6, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x2ab2eefc66f0 Response Queue:
   Empty
ldap_chkResponseList ld 0x2ab2eefc66f0 msgid 6 all 1
ldap_chkResponseList returns ld 0x2ab2eefc66f0 NULL
ldap_int_select
read1msg: ld 0x2ab2eefc66f0 msgid 6 all 1
read1msg: ld 0x2ab2eefc66f0 msgid 6 message type search-result
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg: ld 0x2ab2eefc66f0 0 new referrals
read1msg:  mark request completed, ld 0x2ab2eefc66f0 msgid 6
request done: ld 0x2ab2eefc66f0 msgid 6
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 6, msgid 6)
ldap_parse_result
ldap_msgfree
ldap_err2string
[Tue Jun 03 12:48:37 2014] [warn] [client ip.add.re.ss] [8713] auth_ldap authenticate: user User-Chi authentication failed; URI /svn/ [User not found][No such object]
[Tue Jun 03 12:48:37 2014] [warn] [client ip.add.re.ss] [8713] auth_ldap authenticate: user User-Chi authentication failed; URI /svn/ [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
[Tue Jun 03 12:48:37 2014] [error] [client ip.add.re.ss] user User-Chi: authentication failure for "/svn/": Password Mismatch


 



On Mon, Jun 2, 2014 at 6:05 PM, Eric Covener <covener@xxxxxxxxx> wrote:
On Mon, Jun 2, 2014 at 10:06 AM, Darly Senecal Baptiste
<dsenecalb@xxxxxxxxx> wrote:
> [Fri May 30 13:24:13 2014] [debug] mod_authnz_ldap.c(390): [client
> ip.add.re.ss] [10449] auth_ldap authenticate: using URL
> ldap://ldap-ldap-address1
> ldap-ldap-address2/OU=Miamin,DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)
> [Fri May 30 13:24:13 2014] [warn] [client ip.add.re.ss] [10449] auth_ldap
> authenticate: user Chi-User authentication failed; URI /svn/ [User not
> found][No such object]
> [Fri May 30 13:24:13 2014] [warn] [client ip.add.re.ss] [10449] auth_ldap
> authenticate: user Chi-User authentication failed; URI /svn/ [LDAP:
> ldap_simple_bind_s() failed][Invalid credentials]

Unfortunately still a mystery  What exact version are you on? .  It is
odd that you don't see the debug message between each warn message.
The latest 2.2.x, AFAICT, would not be able to issue the errors that
way.

The debug mod_ldap_debug mod here might help w/o needing to change
mod_ldap/mod_authnz_ldap:

  https://github.com/covener/apache-modules

It provides some details of interaction with your LDAP sdk to give a
hint about what's going on at that layer.  It may be difficult to
scrub effectively.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux