Hello,
I don't know why, but the error appears when LTB SSP checks the password
submitted by the user. It should receive a 49 error code if the password
is bad, not 50. As I don't really know how Apple OpenDirectory works, I
can't help you a lot. You can indeed try to use the uid=root account.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
Le 24/11/2015 00:08, Jared Schwartz a écrit :
Just a quick update - I dug into the slapd.conf and linked files and
found they use The basedn starting with uid=root (not diradmin) but I
have no idea how to find the secret / password
-Jared
On Mon, Nov 23, 2015 at 3:33 PM, Jared Schwartz
<jared.schwa...@gmail.com <mailto:jared.schwa...@gmail.com>> wrote:
Hello All,
We are attempting to setup self service that connects to an
OpenDirectory server (that is a Apple fork of OpenLDAP)
I am close to getting it to work, but I think I am overlooking
something obvious..
I have configured my settings as:
(diradmin in the directory admin)
(snipped server names below)
# LDAP
$ldap_url = "ldap://servername.network.lan:389";;
$ldap_starttls = false;
$ldap_binddn =
"uid=diradmin,cn=users,dc=servername,dc=network,dc=lan";
$ldap_bindpw = "password";
$ldap_base = "cn=users,dc=servername,dc=network,dc=lan";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter =
"(&(objectClass=person)($ldap_login_attribute={login}))";
I am not quite sure I understand the below option as it is not
explained in detail on the website, or what to set it to:
# Who changes the password?
# Also applicable for question/answer save
# user: the user itself
# manager: the above binddn
$who_change_password = "user";
Another issue is I don't fully understand how to build the
ldap_filter
for open directory. $ldap_filter =
"(&(objectClass=person)(uid={login}))"; I verified that the
objectClass person exists but I am not sure where to find uid=login
The error I get on the webpage is "Login or password incorrect"
In the PHP error logs i see:
[23-Nov-2015 21:25:47 Europe/Berlin] PHP Warning: ldap_bind(): Unable
to bind to server: Insufficient access in
/Applications/MAMP/htdocs/pages/change.php on line 141
[23-Nov-2015 21:25:47 Europe/Berlin] LDAP - Bind user error 50
(Insufficient access)
I have verified that the username and password are valid for the
highest level open directory user - so I am confused on how to fix
this issue.
Any help is greatly appreciated.
-Jared
_______________________________________________
ltb-users mailing list
ltb-users@lists.ltb-project.org
http://lists.ltb-project.org/listinfo/ltb-users
_______________________________________________
ltb-users mailing list
ltb-users@lists.ltb-project.org
http://lists.ltb-project.org/listinfo/ltb-users
