> Also, LDAPLogin uses a DN specification, whereas groups do not.
I saw this issue and it is corrected in the next release.
changed user=>user to user=>"any LDAP user" and added base=>"any LDAPRoot"
So the full DN notation could be used in both parameters. Keep an eye on
the next release - your user specification will not work anymore - copy
the plain text of the Groups file before upgrade! The separtor is required
for the user=>(sep)user(sep) !!
>as to why group specs need to include the LDAP host and login details
If the host part is empty {} - the sepcifications from the LDAP section
will be used. At least there is a BUG in the LDAPlist feature - fixed in
the next release.
Thomas
Von: "Steve Moss" <[email protected]>
An: "ASSP development mailing list" <[email protected]>
Datum: 05.12.2011 10:43
Betreff: Re: [Assp-test] Antwort: Re: Antwort: Trouble With Groups
LDAP Query - 2
>> Has you defined 'LDAProot' in the functional LDAP section? <<
Yes, it is set to: DC=domain,DC=local
LDAP lookup works fine for local addresses - I have been using it for
ages - it's just the groups I am having issues with. I am a little
confused, also, as to why group specs need to include the LDAP host and
login details, as these are already specified in the LDAP section. Also,
LDAPLogin uses a DN specification, whereas groups do not.
----
Regards,
Steve Moss ([email protected]),
Microsoft Certified Professional - Small and Medium Sized Business.
FreeYourNet.
6 Pine View, Muxton, Telford, Shropshire TF2 8QX, U.K.
URL: http://www.freeyournet.com
Tel: +44 (0)7971 321586 Fax: +44 (0)1952 603703
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error, use of this
information (including disclosure, copying or distribution) may be
unlawful: please notify [email protected] and delete the message
immediately. All FreeYourNet's incoming and outgoing e-mails, and any
files transmitted with them, are checked for viruses and other malicious
software using up-to-date security scanners. While this e-mail (and any
attachments) has been found to be free of malicious software,
FreeYourNet cannot accept legal responsibility for, or for the
consequences of, any malicious software which may have been transmitted
herein.
FreeYourNet is a trading name of CoCo Systems Ltd., registered in
England and Wales No. 2339146. Registered office: 66 High Street,
Dawley, Telford, Shropshire TF4 2HD.
-----Original Message-----
From: Thomas Eckardt [mailto:[email protected]]
Sent: Sunday, December 04, 2011 3:17 PM
To: ASSP development mailing list
Subject: [Assp-test] Antwort: Re: Antwort: Trouble With Groups LDAP
Query - 2
>are defined in the LDAP section (and they work there)
Has you defined 'LDAProot' in the functional LDAP section?
Thomas
Von: "Steve Moss" <[email protected]>
An: "ASSP development mailing list"
<[email protected]>
Datum: 04.12.2011 14:33
Betreff: Re: [Assp-test] Antwort: Trouble With Groups LDAP Query
-
2
Hi Thomas,
The LDAP server is on a Windows SBS 2003 (ASSP v2 is on the same
machine), and it accepts unencrypted connections. That said, I get the
same results if I specify scheme=>ldaps (and STARTTLS=>0 or 1). On build
11338, diagnmstic LDAP logging shows:
STARTTLS => 0
attr => proxyaddresses
host => host
ldapfilt => (CN=firstname lastname)
password => pass
scheme => ldap
timeout => 15
user => Administrator
version => 3
This all appears correct, but I am still getting error 49. Any ideas?
----
Steve.
-----Original Message-----
From: Thomas Eckardt [mailto:[email protected]]
Sent: Sunday, December 04, 2011 8:31 AM
To: ASSP development mailing list
Subject: [Assp-test] Antwort: Trouble With Groups LDAP Query - 2
check the 'schema => ldap(s)' - possibly you try to authenticate
unencrypted (ldap) - and this is not allowed by your LDAP server?
I'm just testing some enhancements for the LDAP implementation in groups
-
just wait for the next release.
Thomas
Von: "Steve Moss" <[email protected]>
An: <[email protected]>
Datum: 04.12.2011 00:58
Betreff: [Assp-test] Trouble With Groups LDAP Query - 2
I see, Thomas, that you mark this as fixed in build 11337. I suspect it
isn't, though...
I am still getting LDAP error code 49 on bind, which indicates bad
credentials. I am definitely passing correct credentials, the same as
are defined in the LDAP section (and they work there). In the group
definition I have password=>"pass", but I suspect ASSP still isn't
passing the correct password via the LDAP query. For instance, if I
change the user to an invalid name I get LDAP code 32 instead, which is
correct. This indicates the (correct) password is the element causing
the authentication failure.
Sadly, ASSP logging/debug logging isn't helpful in this respect. Please
assess.
------------------------------------------------------------------------
------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally
privileged and protected in law and are intended solely for the use of
the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------
------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally
privileged and protected in law and are intended solely for the use of
the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
