LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: LDAP on LISTSERV 15.5

Jim Toth <[log in to unmask]>

Thu, 10 Apr 2008 15:38:06 -0400

text/plain (60 lines)

We've started looking at this as well, and haven't had any luck yet.
LISTSERV seems to find the ldap entry for (say) "[log in to unmask]"
successfully, but then tries to bind as "[log in to unmask]" rather than
as "uid=foo,ou=People,dc=vcu,dc=edu".

I'm currently trying this:

    LDAP_SERVER_EDIR        ldaps://edir.vcu.edu
    LDAP_UID_EDIR           uid=foo,ou=apps,dc=vcu,dc=edu
    LDAP_AUTH_EDIR          XXXXXXXXXXXXXXXXXXXXXXX
    LDAP_PW_BASE_EDIR       ou=People,dc=VCU,dc=edu
    LDAP_PW_FILTER_EDIR     uid=%u
    LDAP_DEFAULT_EMAIL_EDIR mail
    LDAP_DEFAULT_NAME_EDIR  sn

When I try to log in via the web interface after that, I'm getting
something like this in the LISTSERV log (where I've slightly obscured the data):

    10 Apr 2008 14:44:21 From [ANONYMOUS]@[10.99.999.999]: X-LOGIN [log in to unmask] 128.172.193.33 PW=[redacted]
    10 Apr 2008 14:45:06 >>> Error X'01200113' looking up LDAP account <<<
    10 Apr 2008 14:45:06  -> Severity: Error
    10 Apr 2008 14:45:06  -> Facility: LDAP interface
    10 Apr 2008 14:45:06  -> Abstract: Unspecified error (34) - Refer to LDAP library documentation
    10 Apr 2008 14:45:06  -> LDAP err: Invalid DN syntax
    10 Apr 2008 14:45:06 To   [ANONYMOUS]@[10.99.999.999]: ***BADPW***

I don't have access to our LDAP logs, but if I point it at an openldap
server, it has something like this in the log around this time:

    Apr 10 14:24:55 europa slapd[17173]: daemon: conn=3375 fd=26 connection from IP=10.99.999.999 (IP=0.0.0.0:389) accepted.
    Apr 10 14:24:55 europa slapd[17173]: bind: invalid dn ([log in to unmask])


On Mon, Feb 18, 2008 at 05:33:20PM +0100, Eric Thomas ([log in to unmask]) said:
> > I have set the following:
> > LDAP_SERVER_nickname=ldaps://ubldap.buffalo.edu
> > LDAP_UID_nickname=LDAPBINDUSER
> > LDAP_AUTH_nickname=XXXXXXXX
> > LDAP_PW_BASE_nickname=ou=people,dc=buffalo,dc=edu
> > LDAP_PW_FILTER_nickname='%u'
> > LDAP_DEFAULT_EMAIL_nickname=eduPersonPrincipalName
> > LDAP_DEFAULT_NAME_nickname=cn
>
> You will need:
>
> LDAP_PW_SERVERS=nickname (same nickname you used above)
>
> I also think your filter is wrong. I don't know the layout of your particular directory, but based on your sample, it ought to be something like:
>
> LDAP_PW_FILTER_nickname=(eduPersonPrincipalName=%s)
>
> The DEFAULT_EMAIL and DEFAULT_NAME variables are used when pulling subscriber data out of the directory. For password validation, LISTSERV uses the exact filter you specify.
>
>   Eric
>

--
Jim Toth
[log in to unmask]

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM