Oops, I forgot to mention; for: > LDAP_PW_FILTER_EDIR uid=%u we've also tried: LDAP_PW_FILTER_EDIR mail=%s and in fact that particular openldap error might have been when we were trying that. -- Jim Toth [log in to unmask] [Nothing below this point not in my earlier email] On Thu, Apr 10, 2008 at 03:38:06PM -0400, Jim Toth ([log in to unmask]) said: > We've started looking at this as well, and haven't had any luck yet. > LISTSERV seems to find the ldap entry for (say) "[log in to unmask]" > successfully, but then tries to bind as "[log in to unmask]" rather than > as "uid=foo,ou=People,dc=vcu,dc=edu". > > I'm currently trying this: > > LDAP_SERVER_EDIR ldaps://edir.vcu.edu > LDAP_UID_EDIR uid=foo,ou=apps,dc=vcu,dc=edu > LDAP_AUTH_EDIR XXXXXXXXXXXXXXXXXXXXXXX > LDAP_PW_BASE_EDIR ou=People,dc=VCU,dc=edu > LDAP_PW_FILTER_EDIR uid=%u > LDAP_DEFAULT_EMAIL_EDIR mail > LDAP_DEFAULT_NAME_EDIR sn > > When I try to log in via the web interface after that, I'm getting > something like this in the LISTSERV log (where I've slightly obscured the data): > > 10 Apr 2008 14:44:21 From [ANONYMOUS]@[10.99.999.999]: X-LOGIN [log in to unmask] 128.172.193.33 PW=[redacted] > 10 Apr 2008 14:45:06 >>> Error X'01200113' looking up LDAP account <<< > 10 Apr 2008 14:45:06 -> Severity: Error > 10 Apr 2008 14:45:06 -> Facility: LDAP interface > 10 Apr 2008 14:45:06 -> Abstract: Unspecified error (34) - Refer to LDAP library documentation > 10 Apr 2008 14:45:06 -> LDAP err: Invalid DN syntax > 10 Apr 2008 14:45:06 To [ANONYMOUS]@[10.99.999.999]: ***BADPW*** > > I don't have access to our LDAP logs, but if I point it at an openldap > server, it has something like this in the log around this time: > > Apr 10 14:24:55 europa slapd[17173]: daemon: conn=3375 fd=26 connection from IP=10.99.999.999 (IP=0.0.0.0:389) accepted. > Apr 10 14:24:55 europa slapd[17173]: bind: invalid dn ([log in to unmask]) > > > On Mon, Feb 18, 2008 at 05:33:20PM +0100, Eric Thomas ([log in to unmask]) said: > > > I have set the following: > > > LDAP_SERVER_nickname=ldaps://ubldap.buffalo.edu > > > LDAP_UID_nickname=LDAPBINDUSER > > > LDAP_AUTH_nickname=XXXXXXXX > > > LDAP_PW_BASE_nickname=ou=people,dc=buffalo,dc=edu > > > LDAP_PW_FILTER_nickname='%u' > > > LDAP_DEFAULT_EMAIL_nickname=eduPersonPrincipalName > > > LDAP_DEFAULT_NAME_nickname=cn > > > > You will need: > > > > LDAP_PW_SERVERS=nickname (same nickname you used above) > > > > I also think your filter is wrong. I don't know the layout of your particular directory, but based on your sample, it ought to be something like: > > > > LDAP_PW_FILTER_nickname=(eduPersonPrincipalName=%s) > > > > The DEFAULT_EMAIL and DEFAULT_NAME variables are used when pulling subscriber data out of the directory. For password validation, LISTSERV uses the exact filter you specify. > > > > Eric > >