Hello, I've had the same problem with Fedora 3.3 (with Fedora 3.2 it worked on our installation). I got LDAP authentication working by disabling the
deny-unallowed-file-resolution policy, which is part of the default policies of Fedora 3.3. Hope this helps. Best Regards Jens Pelzetter On Tue, 2010-02-02 at 09:22 +0200, Khaled Almahallawy wrote: > I am trying to enable LDAP Authentication on Fedora 3 , I followed > steps mentioned on > > http://www.fedora-commons.org/confluence/display/FCKB/Authenticating > +Fedora+2.2+against+LDAP, but I wasn’t able to get it up and running, > no exception is thrown, when I try to login using ldap user I only > get “401 Unauthorized Authentication failed” error message. > > > > Here is my fedora configuration and LDAP configuration. > > > > Fedora: > > - I disable FESL, SSL and API authentication. > > - Modified web.xml : > > <filter> > > > <filter-name>LdapFilterForAttributes</filter-name> > > > <filter-class>fedora.server.security.servletfilters.ldap.FilterLdap</filter-class> > > <init-param> > > > <param-name>version</param-name> > > <param-value>3</param-value> > > </init-param> > > <init-param> > > > <param-name>authenticate</param-name> > > > <param-value>true</param-value> > > </init-param> > > <init-param> > > > <param-name>security-authentication</param-name> > > > <param-value>simple</param-value> > > </init-param> > > <init-param> > > > <param-name>id-attribute</param-name> > > <param-value>abc</param-value> > > </init-param> > > <init-param> > > > <param-name>bind-filter</param-name> > > <param-value> > OU=Tree,DC=local,DC=organization </param-value> > > </init-param> > > <init-param> > > <param-name>url</param-name> > > > <param-value>ldap://localhost:389/</param-value> > > </init-param> > > <init-param> > > > <param-name>search-base</param-name> > > <param-value> > OU=Tree,DC=local,DC=organization </param-value> > > </init-param> > > <init-param> > > > <param-name>search-filter</param-name> > > > <param-value>(xyz={0})</param-value> > > </init-param> > > </filter> > > > > <filter-mapping> > > > <filter-name>LdapFilterForAttributes</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > > > LDAP: > > > > map_const_attr []: <none> > > map_const_val []: <none> > > ldap_host : localhost > > port_number : 389 > > person_obj_class : User > > group_obj_class : group > > per_search_base : OU=Tree,DC=local,DC=organization > > grp_search_base : OU=Tree,DC=local,DC=organization > > per_search_filter : (xyz= *) > > grp_search_filter : !(objectclass= Computer) > > bind_dn : organization\admin-user > > bind_pwd : > > user_subtype : domain_user > > rename_user_option : T > > deactivate_user_option : T > > rename_group_option : T > > import_mode : both > > bind_type : bind_by_dn > > use_ext_auth_prog : F > > ssl_mode : 0 > > ssl_port : 0 > > certdb_location : > > first_time_sync : F > > map_rejection [0]: 2 > > [1]: 2 > > [2]: 2 > > [3]: 2 > > [4]: 2 > > [5]: 2 > > retry_count : 3 > > retry_interval : 3 > > failover_ldap_config_ids []: <none> > > failover_use_interval : 5 > > > > acl_domain : domain_admin > > acl_name : domain1234567890 > > language_code : > > map_attr [0]: user_name > > [1]: user_login_name > > [2]: user_address > > [3]: group_name > > > > map_val [0]: XYZ > > [1]: abc > > [2]: mail > > [3]: abc > > > > > > Best regards, > > Khaled > > > > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ Fedora-commons-users mailing > list [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
