Hi Wolfgang
I downloaded the browser and found that the connection with LDAP server was stable and it was able to authenticate the user. Thanks.
After drilling down in to the problem further, we came to the conclusion that the ldap.properties file was incomplete. Thus, we were able to resolve the issue.
Although there is a sample referral file(ldap.properties.sample) for configuring a publication to LDAP authentication, I would like to share with the user list that the following parameters are mandatory to exist in the ldap.properties:
provider-url (LDAP server ip and port no.) along with root directory : non-empty
base-dn (Base Domain Name) : non-empty
mgr-dn (Directory manager name along with domain name) : can be empty for anonymous binding
mgr-pw (Password for above field): can be empty for anonymous binding
usr-branch (Subtree entry if want to search in particular subtree): Can be empty if want to search all the subtrees but note that base-dn entry should exist.
security-protocol (Entry for protocol type for secure authentication): Can be empty if secure authentication is not enabled
security-authentication (Entry for type of LDAP authentication; can be ' anonymous' if password need not be checked i.e. anonymous binding else the default is 'simple'): Non-empty
Hence, the property file(ldap.properties) for unitemplate publication looks like:
provider-url="">
base-dn=o=ORG
mgr-dn=cn=Manager,o=ORG
mgr-pw=test
usr-branch=
security-protocol=
security-authentication=simple
Thanks again for all you help Wolfgang.
Regards
Shishir
[EMAIL PROTECTED] schrieb:
>
> (...)
> authenticate failed for principal uid=vipul,ou=LP,o=ORG, exception
> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
> Credentials]
This is an error from the LDAP server.
Either you provided the bad password (or the password is encoded in a
different format than expected), or the software performing the
authentication does not have enough rights to perform the authentication.
> (...)
> # Password of Manager
> mgr-pw=test
Is the password accurate ? Note that you do not necessarily need to set
this for OpenLDAP, you can use anonymous bindings (if this is configured
in your server)
> (...)
> Are we missing any parameters either in properties file or, if you can
> suggest, in the schema(we are new to LDAP)?
Not that I can see. Obviously, you need to make sure that your OpenLDAP
is configured correctly to allow users to authenticate with their password.
I recommend you get LDAP authentication to work independently of Lenya
first. Try an LDAP browser, for example
http://www-unix.mcs.anl.gov/~gawor/ldap/
Once a user can authenticate in such a GUI, you should get it to work in
Lenya as well.
--
Wolfgang
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
ForwardSourceID:NT00003C1E
| Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you |
