[users@httpd] mod_authnz_ldap - seemingly authenticating, but not working...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi all,

I'm trying to use this module to authenticate a web site here from my ldap server.  When accessing the site, it pops up the authentication dialog, takes my info and then rather than letting me into the site, sends me to the authentication dialog again (endlessly).

The authentication appears to work fine, and a query of the same credentials using ldapsearch from the web server works fine.  

I'm stumped and haven't seen anything like this out there elsewhere on google either...  Could anyone see anywhere where I've gone wrong here?

The only thing I see potentially wierd is that the ldap server logs:

ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)

during the transation...

Many thanks,

Tony


From access_log.wiki after a successful login:

203.0.153.46 - - [24/Sep/2006:09:08:19 +0930] "GET / HTTP/1.1" 401 482
203.0.153.46 - tony [24/Sep/2006:09:08:23 +0930] "GET / HTTP/1.1" 401 482

From error_log.wiki after an unsuccessful login:

[Sun Sep 24 08:49:38 2006] [warn] [client 203.0.153.46] [12211] auth_ldap authenticate: user tony authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
[Sun Sep 24 08:49:38 2006] [error] [client 203.0.153.46] user tony: authentication failure for "/": Password Mismatch

(there's nothing in there after a successful login)

My host config:

<VirtualHost *:80>
    ServerAdmin webmaster@xxxxxxx
    DocumentRoot /var/www/html/wiki
    ServerName wiki.cine.net.au
    ErrorLog logs/error_log.wiki
    CustomLog logs/access_log.wiki common

<Location "/">
  AuthType Basic
  AuthName "Admin Access"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPURL ldap://x.x.x.x/dc=cine,dc=net,dc=au?uid?sub?(objectClass=*)
  require valid-user
</Location>

</VirtualHost>

More LDAP debugs (cut down):

<= send_search_entry: conn 0 exit.
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 12
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00         0....e........   
ldap_write: want=14, written=14
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00         0....e........   
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 3f 02 01 03 60 3a 02                            0?...`:.         
ldap_read: want=57, got=57
  0000:  01 03 04 2b 63 6e 3d 54  6f 6e 79 20 43 6c 61 72   ...+cn=Tony Clar 
  0010:  6b 2c 6f 75 3d 75 73 65  72 73 2c 64 63 3d 63 69   k,ou=users,dc=ci 
  0020:  6e 65 2c 64 63 3d 6e 65  74 2c 64 63 3d 61 75 80   ne,dc=net,dc=au. 
  0030:  08 xx xx xx xx xx xx xx                         .xxxxxxx         
ber_get_next: tag 0x30 len 63 contents:
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Tony Clark,ou=users,dc=cine,dc=net,dc=au>
<<< dnPrettyNormal: <cn=Tony Clark,ou=users,dc=cine,dc=net,dc=au>, <cn=tony clark,ou=users,dc=cine,dc=net,dc=au>
do_bind: version=3 dn="cn=Tony Clark,ou=users,dc=cine,dc=net,dc=au" method=128
bdb_dn2entry("cn=tony clark,ou=users,dc=cine,dc=net,dc=au")
do_bind: v3 bind: "cn=Tony Clark,ou=users,dc=cine,dc=net,dc=au" to "cn=Tony Clark,ou=users,dc=cine,dc=net,dc=au"
send_ldap_result: conn=0 op=2 p=3
send_ldap_response: msgid=3 tag=97 err=0
ber_flush: 14 bytes to sd 12
  0000:  30 0c 02 01 03 61 07 0a  01 00 04 00 04 00         0....a........   
ldap_write: want=14, written=14
  0000:  30 0c 02 01 03 61 07 0a  01 00 04 00 04 00         0....a........   



tony clark
--------------------------------------------------------------- 
rising sun pictures - www.rsp.com.au 
redefining visual effects delivery 
---------------------------------------------------------------
address level 1 / 180 pulteney street
adelaide south australia 5000
---------------------------------------------------------------  
adelaide ph +61 8 8400 6400 fax +61 8 8400 6401 
sydney    ph +61 2 9338 6400 fax +61 2 9338 6401
--------------------------------------------------------------- 
rising sun research - http://research.rsp.com.au 
---------------------------------------------------------------




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux