Thanks for the reply. I tried that and I still get the same results :( Yannick Mercier wrote: > > try to use something that doesnt start with dc= in your base dn > > AuthLDAPURL ldap://silver.abc.co.za/dc=abc,dc=co,dc=za?uid > > make it for example : > > AuthLDAPURL ldap://silver.abc.co.za/ou=Users,dc=abc,dc=co,dc=za?uid > > > On 4/26/07, mxc <mark@xxxxxxxxxxxxxxxxx> wrote: >> >> >> Hi all, >> >> We are experiencing a strange problem when trying to get mod-authnz-ldap. >> Users that do not exist have the following entry written to the >> error.log, >> which seems correct to me. >> >> [Fri Apr 27 03:14:28 2007] [warn] [client 192.168.12.123] [4161] >> auth_ldap >> authenticate: user ggggggg authentication failed; URI /asdsd [User not >> found][No such object] >> [Fri Apr 27 03:14:28 2007] [error] [client 192.168.12.123] user ggggggg >> not >> found: /asdsd >> >> >> >> Users that do exist but use the incorrect password have the following >> written to the error log. This seems correct to. >> >> [Thu Apr 26 22:39:49 2007] [warn] [client 192.168.12.123] [4116] >> auth_ldap >> authenticate: user charles authentication failed; URI /asdsd >> [ldap_simple_bind_s() to check user credentials failed][Invalid >> credentials] >> [Thu Apr 26 22:39:49 2007] [error] [client 192.168.12.123] user mark: >> authentication failure for "/asdsd": Password Mismatch >> >> >> Users with the correct name and password have no entry written to the log >> file but they are presented with the login dialog box again. This is what >> I >> have in my conf file >> >> >> <Location /> >> AuthType Basic >> AuthName "IT Intranet" >> AuthBasicProvider ldap >> AuthLDAPBindDN uid=binduser,ou=people,dc=abc,dc=co,dc=za >> AuthLDAPBindPassword <secret> >> AuthzLDAPAuthoritative on >> AuthLDAPURL ldap://silver.abc.co.za/dc=abc,dc=co,dc=za?uid >> Require valid-user >> </Location> >> >> I can see the query going through to our openldap server with the >> following >> response. >> >> >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 fd=49 ACCEPT from >> IP=192.168.12.2:55975 (IP=0.0.0.0:389) >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND >> dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" method=128 >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 BIND >> dn="uid=binduser,ou=people,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0 >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=1 RESULT tag=97 err=0 >> text= >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH >> base="dc=abc,dc=co,dc=za" scope=2 deref=3 >> filter="(&(objectClass=*)(uid=charles))" >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SRCH attr=uid >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=2 SEARCH RESULT tag=101 >> err=0 nentries=1 text= >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND anonymous >> mech=implicit ssf=0 >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND >> dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" method=128 >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 BIND >> dn="uid=charles,ou=People,dc=abc,dc=co,dc=za" mech=SIMPLE ssf=0 >> Apr 27 03:06:18 silver slapd[30520]: conn=1333 op=3 RESULT tag=97 err=0 >> text= >> >> >> What am I doing wrong? >> -- >> View this message in context: >> http://www.nabble.com/Valid-users-cannot-login-with-authnz_ldap-tf3655263.html#a10211874 >> Sent from the Apache HTTP Server - Users mailing list archive at >> Nabble.com. >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server >> Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > > -- View this message in context: http://www.nabble.com/Valid-users-cannot-login-with-authnz_ldap-tf3655263.html#a10220161 Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|