Re: [RADIATOR] Radiator + LDAP tries to use "(?uid=)" as search filter...

Tue, 13 Sep 2011 12:43:47 -0700 

Yeah, I tried that too with no luck:

Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 fd=50 ACCEPT from
IP=127.0.0.1:48820 (IP=0.0.0.0:389)
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 BIND dn="" method=128
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 RESULT tag=97 err=0
text=
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SRCH
base="dc=<my-domain>" scope=2 deref=2 filter="(uid=testuser)"
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 BIND
dn="cn=testuser,ou=People,dc=<my-domain>" method=128
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 RESULT tag=97 err=49
text=

still the same err=49 (bad credentials).

--
Isaac Freeman - Systems Administrator
IBM Information Protection Services
[email protected]
919-254-0245



From:   Martin Burton <[email protected]>
To:     Isaac Freeman/Raleigh/Contr/IBM@IBMUS
Cc:     [email protected]
Date:   09/13/2011 03:27 PM
Subject:        Re: [RADIATOR] Radiator + LDAP tries to use "(?uid=)" as
            search      filter...



On 13/09/2011 17:13, Isaac Freeman wrote:
>
> The passwords are stored in the LDAP server as SSHA
> hashes, but I have "ServerChecksPassword" and the LDAP logs look like
it's
> doing the BIND operation correctly now, it just doesn't like the
> credentials for some reason.
>

Whenever I authenticate users against openLDAP using AuthBy LDAP2 and
ServerChecksPassword I don't specify the AuthDN and AuthPassword.  I
don't know that this would make any difference (I've never tried it with
an admin bind).

Like:

<AuthBy LDAP2>
        Version 3
        Host ldap.internal.sanger.ac.uk
        BaseDN ou=people,dc=sanger,dc=ac,dc=uk
        UsernameAttr uid
        PasswordAttr userPassword
        ServerChecksPassword
</AuthBy>






--
Martin Burton
Senior Systems Administrator               \\\|||///
Special Projects Team                     \\  ^ ^  //
Wellcome Trust Sanger Institute            (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
                                  http://www.sanger.ac.uk

[attachment "signature.asc" deleted by Isaac Freeman/Raleigh/Contr/IBM]

<<inline: graycol.gif>>

_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to