hi, I have problems, to get LDAP Auth running. Our OpenLDAP server allows anonymous connects, so do I need bind DN and password?
auth.xml: <ae:parameter name="openldap-ldap1"> <ae:parameter name="auth_module">AppKit</ae:parameter> <ae:parameter name="auth_provider">Auth.Provider.LDAP</ae:parameter> <ae:parameter name="auth_enable">true</ae:parameter> <ae:parameter name="auth_authoritative">false</ae:parameter> <ae:parameter name="auth_create">false</ae:parameter> <ae:parameter name="auth_update">true</ae:parameter> <ae:parameter name="auth_map"> <ae:parameter name="user_firstname">givenName</ae:parameter> <ae:parameter name="user_lastname">sn</ae:parameter> <ae:parameter name="user_email">mail</ae:parameter> </ae:parameter> <ae:parameter name="ldap_dsn">ldap://ldap</ae:parameter> <ae:parameter name="ldap_basedn">cn=__USERNAME__,cn=accounts,dc=domain,dc=foo</ae:parameter> <ae:parameter name="ldap_binddn"></ae:parameter> <ae:parameter name="ldap_bindpw"></ae:parameter> <ae:parameter name="ldap_userattr">uid</ae:parameter> <ae:parameter name="ldap_filter_user"><![CDATA[(&(objectClass=PosixAccount)(uid=__USERNAME__))]]></ae:parameter> </ae:parameter> My LDAP says: Invalid DN What I have done wrong? ======= Debug ========== [Tue Mar 8 12:40:55 2011] [debug] Auth.Dispatch: Starting authenticate (username=foobar) [Tue Mar 8 12:40:55 2011] [debug] Auth.Dispatch: Userdata found in db (uid=2) [Tue Mar 8 12:40:55 2011] [debug] Auth.Provider: Object (name=openldap-ldap1) initialized [Tue Mar 8 12:40:55 2011] [debug] Auth.Provider.LDAP Try LDAP connect (dsn=ldap://ldap,bind=true) [Tue Mar 8 12:40:55 2011] [debug] Auth.Provider.LDAP got resource Resource id #233 [Tue Mar 8 12:40:55 2011] [debug] Auth.Provider.LDAP Successfully bind (dn=) [Tue Mar 8 12:40:55 2011] [info] Auth.Provider.LDAP connection successfully (ldap://ldap) [Tue Mar 8 12:40:55 2011] [debug] Auth.Provider.LDAP Prepare LDAPsearch (base=foobar, filter=(objectClass=*)) [Tue Mar 8 12:40:55 2011] [fatal] Uncaught AppKitPHPError: PHP Error ldap_search(): Search: Invalid DN syntax (/usr/local/icinga-web/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php:87) (/usr/local/icinga-web/app/modules/AppKit/lib/logging/AppKitExceptionHandler.class.php:20) [Tue Mar 8 12:40:55 2011] [debug] Auth.Provider.LDAP Error: Invalid DN syntax (errno=34,resource=233) [Tue Mar 8 12:40:55 2011] [info] Auth.Dispatch: Delegate authentication (not_authoritative=openldap-ldap1,user=foobar) I can see, that this base is wrong. It should be cn=accounts,dc=domain,dc=foo and not the username ... cu denny
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ icinga-users mailing list icinga-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/icinga-users
