Hello Marc! Thanks for reply! Yes, I have ldapsearch, and have already tried it: # extended LDIF # # LDAPv3 # base <dc=three,dc=two,dc=one> with scope subtree # filter: sAMAccountName=UsernameToTry # requesting: ALL # ... UsernameToTry info here ... # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 1 # numReferences: 3 So it works OK. I must say, that other LDAP connections work fine: KnowledgeTree, Mantis, VisualSVN's ldap... 2009/2/26 Marc Patermann <hans.moser@xxxxxxxxxxxxxxxxxxxxxxxx>: > Hi, > > Anton Yakimov schrieb: >> >> Hi everyone, >> >> I have a strange error with authnz_ldap_module. >> I have searched the web and tried a lot of combinations, but nothing >> helps. >> >> This list is my only hope (ok, not the only, I cab also try >> svnserve+sasl+ldap). >> >> Here is my subversion.conf: >> >> LoadModule dav_svn_module modules/mod_dav_svn.so >> <Location /repos> >> DAV svn >> SVNPath /var/www/svn/repos >> AuthName "Test repository" >> AuthType Basic >> AuthBasicProvider ldap >> AuthLDAPUrl "ldap://server.three.two.one:389/dc=three, >> dc=two, >> dc=one?sAMAccountName?sub?(objectClass=*) NONE" >> AuthLDAPBindDN "admin@xxxxxxxxxxxxx" >> AuthLDAPBindPassword "password" >> Require valid-user >> </Location> >> >> And here are related error.log strings: >> ... >> [Thu Feb 26 16:47:11 2009] [debug] mod_authnz_ldap.c(373): [client >> 192.168.12.138] [11270] auth_ldap authenticate: using URL >> ldap://server.three.two.one:389/dc=three, dc=two, >> dc=one?sAMAccountName?sub?(objectClass=*) NONE >> [Thu Feb 26 16:47:11 2009] [warn] [client 192.168.12.138] [11270] >> auth_ldap authenticate: user authentication failed; URI /repos >> [ldap_search_ext_s() for user failed][Bad search filter] > > Do you have ldapsearch installed? > try > # ldapsearch -x -h server.three.two.one -D admin@xxxxxxxxxxxxx -w password > -b dc=three,dc=two,dc=one sAMAccountName=UsernameToTry > > What does it say? > > "sub" and "objectclass=*" may be the defaults anyway. > > > Marc > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > -- Best Regards, Anton Yakimov --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|