* Alan AZZERA <azzera.alan@xxxxxxxxx> [2009-09-24 20:56]: > I did this at first. I believe it works, since I'm able to retrieve > information that concerns me. I don't need to authenticate myself on > the OpenLDAP server to get most information. But I need to do so if I > want to retrieve, for example, the hash of my password. To be honest, > I essentially know nothing about LDAP. I believed that RTFM would be > sufficient... Note that usually you don't retrieve the password (hashed or not; and a properly configured DSA also shouln't let you have it) and compare the value yourself, but use an LDAP bind operation and let the DSA verify the password via whatever means (e.g. via Kerberos, i.e. the DSA might not even have the password). > The web server is under my control, the LDAP server is not. Thus I > certainly can do a pcap capture (ngrep/tshark) and view it with > WireShark... Asking what the log has for connections from your webserver's IP also works if the DSA is not under control. Other than that the dump in conjunction with a protocol analyzer should at least give you an LDAP status code, which you can look up in the RFC (currently 4511). http://tools.ietf.org/html/rfc4511#section-4.1.9 > I wrote in a quick and dirty manner a small Python script which is > able to authenticate an user against the LDAP server. I really don't > understand why Apache can't ! Is there a possible issue on the LDAP > server side ? When command line clients (and your python script work; but this depends on how you're donig the authentication, see above) I'd say this is rather unlikely. -peter --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|