Re: authnz_ldap_module: [Bad search filter] error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Marc!

Thanks for reply!
Yes, I have ldapsearch, and have already tried it:

# extended LDIF
#
# LDAPv3
# base <dc=three,dc=two,dc=one> with scope subtree
# filter: sAMAccountName=UsernameToTry
# requesting: ALL
#

... UsernameToTry info here ...

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3

So it works OK.

I must say, that other LDAP connections work fine:
KnowledgeTree, Mantis, VisualSVN's ldap...

2009/2/26 Marc Patermann <hans.moser@xxxxxxxxxxxxxxxxxxxxxxxx>:
> Hi,
>
> Anton Yakimov schrieb:
>>
>> Hi everyone,
>>
>> I have a strange error with authnz_ldap_module.
>> I have searched the web and tried a lot of combinations, but nothing
>> helps.
>>
>> This list is my only hope (ok, not the only, I cab also try
>> svnserve+sasl+ldap).
>>
>> Here is my subversion.conf:
>>
>> LoadModule dav_svn_module     modules/mod_dav_svn.so
>> <Location /repos>
>>    DAV svn
>>    SVNPath /var/www/svn/repos
>>    AuthName "Test repository"
>>    AuthType Basic
>>    AuthBasicProvider ldap
>>    AuthLDAPUrl                 "ldap://server.three.two.one:389/dc=three,
>> dc=two,
>> dc=one?sAMAccountName?sub?(objectClass=*) NONE"
>>    AuthLDAPBindDN              "admin@xxxxxxxxxxxxx"
>>    AuthLDAPBindPassword        "password"
>>    Require valid-user
>> </Location>
>>
>> And here are related error.log strings:
>> ...
>> [Thu Feb 26 16:47:11 2009] [debug] mod_authnz_ldap.c(373): [client
>> 192.168.12.138] [11270] auth_ldap authenticate: using URL
>> ldap://server.three.two.one:389/dc=three, dc=two,
>> dc=one?sAMAccountName?sub?(objectClass=*) NONE
>> [Thu Feb 26 16:47:11 2009] [warn] [client 192.168.12.138] [11270]
>> auth_ldap authenticate: user authentication failed; URI /repos
>> [ldap_search_ext_s() for user failed][Bad search filter]
>
> Do you have ldapsearch installed?
> try
> # ldapsearch -x -h server.three.two.one -D admin@xxxxxxxxxxxxx -w password
> -b dc=three,dc=two,dc=one sAMAccountName=UsernameToTry
>
> What does it say?
>
> "sub" and "objectclass=*" may be the defaults anyway.
>
>
> Marc
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>



-- 
Best Regards,
Anton Yakimov

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux