We've started looking at this as well, and haven't had any luck yet. LISTSERV seems to find the ldap entry for (say) "[log in to unmask]" successfully, but then tries to bind as "[log in to unmask]" rather than as "uid=foo,ou=People,dc=vcu,dc=edu". I'm currently trying this: LDAP_SERVER_EDIR ldaps://edir.vcu.edu LDAP_UID_EDIR uid=foo,ou=apps,dc=vcu,dc=edu LDAP_AUTH_EDIR XXXXXXXXXXXXXXXXXXXXXXX LDAP_PW_BASE_EDIR ou=People,dc=VCU,dc=edu LDAP_PW_FILTER_EDIR uid=%u LDAP_DEFAULT_EMAIL_EDIR mail LDAP_DEFAULT_NAME_EDIR sn When I try to log in via the web interface after that, I'm getting something like this in the LISTSERV log (where I've slightly obscured the data): 10 Apr 2008 14:44:21 From [ANONYMOUS]@[10.99.999.999]: X-LOGIN [log in to unmask] 128.172.193.33 PW=[redacted] 10 Apr 2008 14:45:06 >>> Error X'01200113' looking up LDAP account <<< 10 Apr 2008 14:45:06 -> Severity: Error 10 Apr 2008 14:45:06 -> Facility: LDAP interface 10 Apr 2008 14:45:06 -> Abstract: Unspecified error (34) - Refer to LDAP library documentation 10 Apr 2008 14:45:06 -> LDAP err: Invalid DN syntax 10 Apr 2008 14:45:06 To [ANONYMOUS]@[10.99.999.999]: ***BADPW*** I don't have access to our LDAP logs, but if I point it at an openldap server, it has something like this in the log around this time: Apr 10 14:24:55 europa slapd[17173]: daemon: conn=3375 fd=26 connection from IP=10.99.999.999 (IP=0.0.0.0:389) accepted. Apr 10 14:24:55 europa slapd[17173]: bind: invalid dn ([log in to unmask]) On Mon, Feb 18, 2008 at 05:33:20PM +0100, Eric Thomas ([log in to unmask]) said: > > I have set the following: > > LDAP_SERVER_nickname=ldaps://ubldap.buffalo.edu > > LDAP_UID_nickname=LDAPBINDUSER > > LDAP_AUTH_nickname=XXXXXXXX > > LDAP_PW_BASE_nickname=ou=people,dc=buffalo,dc=edu > > LDAP_PW_FILTER_nickname='%u' > > LDAP_DEFAULT_EMAIL_nickname=eduPersonPrincipalName > > LDAP_DEFAULT_NAME_nickname=cn > > You will need: > > LDAP_PW_SERVERS=nickname (same nickname you used above) > > I also think your filter is wrong. I don't know the layout of your particular directory, but based on your sample, it ought to be something like: > > LDAP_PW_FILTER_nickname=(eduPersonPrincipalName=%s) > > The DEFAULT_EMAIL and DEFAULT_NAME variables are used when pulling subscriber data out of the directory. For password validation, LISTSERV uses the exact filter you specify. > > Eric > -- Jim Toth [log in to unmask]