Re: [389-users] Users added in group via add member not able to authenticate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi  Daniel,
 
When I created the group IT it came as cn=IT itself. Also this string that I gave is provided in the apache configuration file in the VirtualHost of the folder secure.
So anyone hitting that folder would required user authentication from the ldap server connected using that string.
This works perfectly fine when someone login using ituser1 as its directly under OU=shared but not with users under IT group.Seems that its not authenticating other users as its not in this OU ( [User not found] )
Note that I can see all the members inside the IT group added as add member.
 
 
Thank you for helping.

On Mon, Jul 19, 2010 at 4:01 PM, Daniel Maher <dma+389users@xxxxxxxxx> wrote:
On 07/19/2010 12:16 PM, ashish nair wrote:
> Hi Daniel,
> When I try authenticating the users in the group IT, it is searching for
> that user in that OU itself. But the users that are added as members in
> the group are not able to because these are not present physically in
> that OU.
> auth_ldap authenticate: user user1 authentication failed; URI /secure
> [User not found][No such object]
> Thanks
> On Mon, Jul 19, 2010 at 2:49 PM, ashish nair <nair.ashish13@xxxxxxxxx
> <mailto:nair.ashish13@xxxxxxxxx>> wrote:
>
>     Hi Daniel,
>     Thanks for responding.
>     DC=ldapser,dc=com
>     |
>     OU=People
>         |--------user1...usern
>         |
>         |--------OU=shared
>                    |
>                    |--------------uid=ituser1
>                    |--------------cn=IT
>     This is the structure of the the ldap server.I have added users
>     user1...usern in the IT group via add member.
>     Now when I give the OU of shared as path for authentication, its
>     only accepting the logins
>     of the ituser1 but not of the group IT.
>     I need this setup as these users are common to a few OU's.
>     The ldap connecting string that is there in apache
>     "ldap://10.209.22.65:389/ou=shared,ou=People,dc=ldapser,dc=com?uid?sub?(objectClass=*)"
>     I tried both with uid and uniquemember. Both are not working .
>     Thanks again.

"cn=IT" ?  "cn" means "Common Name", and it generally contains a
person's name.  Based on what you've described above, there is no IT group.

The Apache error contains the string "/secure", but the LDAP search
string you provided does not.  You might want to verify that.

--
Daniel Maher <dma + 389users AT witbe DOT net>
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux