Oops, I forgot to mention; for:
> LDAP_PW_FILTER_EDIR uid=%u
we've also tried:
LDAP_PW_FILTER_EDIR mail=%s
and in fact that particular openldap error might have been when we were
trying that.
--
Jim Toth
[log in to unmask]
[Nothing below this point not in my earlier email]
On Thu, Apr 10, 2008 at 03:38:06PM -0400, Jim Toth ([log in to unmask]) said:
> We've started looking at this as well, and haven't had any luck yet.
> LISTSERV seems to find the ldap entry for (say) "[log in to unmask]"
> successfully, but then tries to bind as "[log in to unmask]" rather than
> as "uid=foo,ou=People,dc=vcu,dc=edu".
>
> I'm currently trying this:
>
> LDAP_SERVER_EDIR ldaps://edir.vcu.edu
> LDAP_UID_EDIR uid=foo,ou=apps,dc=vcu,dc=edu
> LDAP_AUTH_EDIR XXXXXXXXXXXXXXXXXXXXXXX
> LDAP_PW_BASE_EDIR ou=People,dc=VCU,dc=edu
> LDAP_PW_FILTER_EDIR uid=%u
> LDAP_DEFAULT_EMAIL_EDIR mail
> LDAP_DEFAULT_NAME_EDIR sn
>
> When I try to log in via the web interface after that, I'm getting
> something like this in the LISTSERV log (where I've slightly obscured the data):
>
> 10 Apr 2008 14:44:21 From [ANONYMOUS]@[10.99.999.999]: X-LOGIN [log in to unmask] 128.172.193.33 PW=[redacted]
> 10 Apr 2008 14:45:06 >>> Error X'01200113' looking up LDAP account <<<
> 10 Apr 2008 14:45:06 -> Severity: Error
> 10 Apr 2008 14:45:06 -> Facility: LDAP interface
> 10 Apr 2008 14:45:06 -> Abstract: Unspecified error (34) - Refer to LDAP library documentation
> 10 Apr 2008 14:45:06 -> LDAP err: Invalid DN syntax
> 10 Apr 2008 14:45:06 To [ANONYMOUS]@[10.99.999.999]: ***BADPW***
>
> I don't have access to our LDAP logs, but if I point it at an openldap
> server, it has something like this in the log around this time:
>
> Apr 10 14:24:55 europa slapd[17173]: daemon: conn=3375 fd=26 connection from IP=10.99.999.999 (IP=0.0.0.0:389) accepted.
> Apr 10 14:24:55 europa slapd[17173]: bind: invalid dn ([log in to unmask])
>
>
> On Mon, Feb 18, 2008 at 05:33:20PM +0100, Eric Thomas ([log in to unmask]) said:
> > > I have set the following:
> > > LDAP_SERVER_nickname=ldaps://ubldap.buffalo.edu
> > > LDAP_UID_nickname=LDAPBINDUSER
> > > LDAP_AUTH_nickname=XXXXXXXX
> > > LDAP_PW_BASE_nickname=ou=people,dc=buffalo,dc=edu
> > > LDAP_PW_FILTER_nickname='%u'
> > > LDAP_DEFAULT_EMAIL_nickname=eduPersonPrincipalName
> > > LDAP_DEFAULT_NAME_nickname=cn
> >
> > You will need:
> >
> > LDAP_PW_SERVERS=nickname (same nickname you used above)
> >
> > I also think your filter is wrong. I don't know the layout of your particular directory, but based on your sample, it ought to be something like:
> >
> > LDAP_PW_FILTER_nickname=(eduPersonPrincipalName=%s)
> >
> > The DEFAULT_EMAIL and DEFAULT_NAME variables are used when pulling subscriber data out of the directory. For password validation, LISTSERV uses the exact filter you specify.
> >
> > Eric
> >
|