LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: LDAP on LISTSERV 15.5

Jim Toth <[log in to unmask]>

Thu, 10 Apr 2008 15:47:48 -0400

text/plain (76 lines)

Oops, I forgot to mention; for:

>     LDAP_PW_FILTER_EDIR     uid=%u

we've also tried:

    LDAP_PW_FILTER_EDIR     mail=%s

and in fact that particular openldap error might have been when we were
trying that.

--
Jim Toth
[log in to unmask]



[Nothing below this point not in my earlier email]

On Thu, Apr 10, 2008 at 03:38:06PM -0400, Jim Toth ([log in to unmask]) said:
> We've started looking at this as well, and haven't had any luck yet.
> LISTSERV seems to find the ldap entry for (say) "[log in to unmask]"
> successfully, but then tries to bind as "[log in to unmask]" rather than
> as "uid=foo,ou=People,dc=vcu,dc=edu".
>
> I'm currently trying this:
>
>     LDAP_SERVER_EDIR        ldaps://edir.vcu.edu
>     LDAP_UID_EDIR           uid=foo,ou=apps,dc=vcu,dc=edu
>     LDAP_AUTH_EDIR          XXXXXXXXXXXXXXXXXXXXXXX
>     LDAP_PW_BASE_EDIR       ou=People,dc=VCU,dc=edu
>     LDAP_PW_FILTER_EDIR     uid=%u
>     LDAP_DEFAULT_EMAIL_EDIR mail
>     LDAP_DEFAULT_NAME_EDIR  sn
>
> When I try to log in via the web interface after that, I'm getting
> something like this in the LISTSERV log (where I've slightly obscured the data):
>
>     10 Apr 2008 14:44:21 From [ANONYMOUS]@[10.99.999.999]: X-LOGIN [log in to unmask] 128.172.193.33 PW=[redacted]
>     10 Apr 2008 14:45:06 >>> Error X'01200113' looking up LDAP account <<<
>     10 Apr 2008 14:45:06  -> Severity: Error
>     10 Apr 2008 14:45:06  -> Facility: LDAP interface
>     10 Apr 2008 14:45:06  -> Abstract: Unspecified error (34) - Refer to LDAP library documentation
>     10 Apr 2008 14:45:06  -> LDAP err: Invalid DN syntax
>     10 Apr 2008 14:45:06 To   [ANONYMOUS]@[10.99.999.999]: ***BADPW***
>
> I don't have access to our LDAP logs, but if I point it at an openldap
> server, it has something like this in the log around this time:
>
>     Apr 10 14:24:55 europa slapd[17173]: daemon: conn=3375 fd=26 connection from IP=10.99.999.999 (IP=0.0.0.0:389) accepted.
>     Apr 10 14:24:55 europa slapd[17173]: bind: invalid dn ([log in to unmask])
>
>
> On Mon, Feb 18, 2008 at 05:33:20PM +0100, Eric Thomas ([log in to unmask]) said:
> > > I have set the following:
> > > LDAP_SERVER_nickname=ldaps://ubldap.buffalo.edu
> > > LDAP_UID_nickname=LDAPBINDUSER
> > > LDAP_AUTH_nickname=XXXXXXXX
> > > LDAP_PW_BASE_nickname=ou=people,dc=buffalo,dc=edu
> > > LDAP_PW_FILTER_nickname='%u'
> > > LDAP_DEFAULT_EMAIL_nickname=eduPersonPrincipalName
> > > LDAP_DEFAULT_NAME_nickname=cn
> >
> > You will need:
> >
> > LDAP_PW_SERVERS=nickname (same nickname you used above)
> >
> > I also think your filter is wrong. I don't know the layout of your particular directory, but based on your sample, it ought to be something like:
> >
> > LDAP_PW_FILTER_nickname=(eduPersonPrincipalName=%s)
> >
> > The DEFAULT_EMAIL and DEFAULT_NAME variables are used when pulling subscriber data out of the directory. For password validation, LISTSERV uses the exact filter you specify.
> >
> >   Eric
> >

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM