Well, applying the mentioned module into an Apache 2.2, the log still provide the LDAP access into the first 2 ldap ou's (as far I can read from the log). Still weird
[Tue Jun 03 12:48:37 2014] [debug] mod_authnz_ldap.c(390): [client >> ip.add.re.ss] [8713] auth_ldap authenticate: using URL ldap://ldap-address1 >> ldap-address2/OU=NewYork,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*) > > ldap_simple_bind_s > > ldap_sasl_bind_s > > ldap_sasl_bind > > ldap_send_initial_request > > ldap_send_server_request > > ldap_result ld 0x2ab2eefc66f0 msgid 4 > > wait4msg ld 0x2ab2eefc66f0 msgid 4 (infinite timeout) > > wait4msg continue ld 0x2ab2eefc66f0 msgid 4 all 1 > > ** ld 0x2ab2eefc66f0 Connections: > > * host: ldap-address1 port: 389 (default) > > refcnt: 2 status: Connected > > last used: Tue Jun 3 12:48:37 2014 > > >> ** ld 0x2ab2eefc66f0 Outstanding Requests: > > * msgid 4, origid 4, status InProgress > > outstanding referrals 0, parent count 0 > > ** ld 0x2ab2eefc66f0 Response Queue: > > Empty > > ldap_chkResponseList ld 0x2ab2eefc66f0 msgid 4 all 1 > > ldap_chkResponseList returns ld 0x2ab2eefc66f0 NULL > > ldap_int_select > > read1msg: ld 0x2ab2eefc66f0 msgid 4 all 1 > > read1msg: ld 0x2ab2eefc66f0 msgid 4 message type bind > > new result: res_errno: 0, res_error: <>, res_matched: <> > > read1msg: ld 0x2ab2eefc66f0 0 new referrals > > read1msg: mark request completed, ld 0x2ab2eefc66f0 msgid 4 > > request done: ld 0x2ab2eefc66f0 msgid 4 > > res_errno: 0, res_error: <>, res_matched: <> > > ldap_free_request (origid 4, msgid 4) > > ldap_parse_result > > ldap_msgfree > > ldap_search_ext > > put_filter: "(&(objectClass=*)(sAMAccountName=User-Chi))" > > put_filter: AND > > put_filter_list "(objectClass=*)(sAMAccountName=User-Chi)" > > put_filter: "(objectClass=*)" > > put_filter: simple > > put_simple_filter: "objectClass=*" > > put_filter: "(sAMAccountName=User-Chi)" > > put_filter: simple > > put_simple_filter: "sAMAccountName=User-Chi" > > ldap_build_search_req ATTRS: > > sAMAccountName > > ldap_send_initial_request > > ldap_send_server_request > > ldap_result ld 0x2ab2eefc66f0 msgid 5 > > wait4msg ld 0x2ab2eefc66f0 msgid 5 (infinite timeout) > > wait4msg continue ld 0x2ab2eefc66f0 msgid 5 all 1 > > ** ld 0x2ab2eefc66f0 Connections: > > * host: ldap-address1 port: 389 (default) > > refcnt: 2 status: Connected > > last used: Tue Jun 3 12:48:37 2014 > > >> ** ld 0x2ab2eefc66f0 Outstanding Requests: > > * msgid 5, origid 5, status InProgress > > outstanding referrals 0, parent count 0 > > ** ld 0x2ab2eefc66f0 Response Queue: > > Empty > > ldap_chkResponseList ld 0x2ab2eefc66f0 msgid 5 all 1 > > ldap_chkResponseList returns ld 0x2ab2eefc66f0 NULL > > ldap_int_select > > read1msg: ld 0x2ab2eefc66f0 msgid 5 all 1 > > read1msg: ld 0x2ab2eefc66f0 msgid 5 message type search-result > > new result: res_errno: 0, res_error: <>, res_matched: <> > > read1msg: ld 0x2ab2eefc66f0 0 new referrals > > read1msg: mark request completed, ld 0x2ab2eefc66f0 msgid 5 > > request done: ld 0x2ab2eefc66f0 msgid 5 > > res_errno: 0, res_error: <>, res_matched: <> > > ldap_free_request (origid 5, msgid 5) > > ldap_parse_result > > ldap_msgfree > > ldap_err2string > > [Tue Jun 03 12:48:37 2014] [warn] [client ip.add.re.ss] [8713] auth_ldap >> authenticate: user User-Chi authentication failed; URI /svn/ [User not >> found][No such object] > > [Tue Jun 03 12:48:37 2014] [debug] mod_authnz_ldap.c(390): [client >> ip.add.re.ss] [8713] auth_ldap authenticate: using URL ldap://ldap-address1 >> ldap-address2/OU=Miami,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*) > > ldap_search_ext > > put_filter: "(&(objectClass=*)(sAMAccountName=User-Chi))" > > put_filter: AND > > put_filter_list "(objectClass=*)(sAMAccountName=User-Chi)" > > put_filter: "(objectClass=*)" > > put_filter: simple > > put_simple_filter: "objectClass=*" > > put_filter: "(sAMAccountName=User-Chi)" > > put_filter: simple > > put_simple_filter: "sAMAccountName=User-Chi" > > ldap_build_search_req ATTRS: > > sAMAccountName > > ldap_send_initial_request > > ldap_send_server_request > > ldap_result ld 0x2ab2eefc66f0 msgid 6 > > wait4msg ld 0x2ab2eefc66f0 msgid 6 (infinite timeout) > > wait4msg continue ld 0x2ab2eefc66f0 msgid 6 all 1 > > ** ld 0x2ab2eefc66f0 Connections: > > * host: ldap-address1 port: 389 (default) > > refcnt: 2 status: Connected > > last used: Tue Jun 3 12:48:37 2014 > > >> ** ld 0x2ab2eefc66f0 Outstanding Requests: > > * msgid 6, origid 6, status InProgress > > outstanding referrals 0, parent count 0 > > ** ld 0x2ab2eefc66f0 Response Queue: > > Empty > > ldap_chkResponseList ld 0x2ab2eefc66f0 msgid 6 all 1 > > ldap_chkResponseList returns ld 0x2ab2eefc66f0 NULL > > ldap_int_select > > read1msg: ld 0x2ab2eefc66f0 msgid 6 all 1 > > read1msg: ld 0x2ab2eefc66f0 msgid 6 message type search-result > > new result: res_errno: 0, res_error: <>, res_matched: <> > > read1msg: ld 0x2ab2eefc66f0 0 new referrals > > read1msg: mark request completed, ld 0x2ab2eefc66f0 msgid 6 > > request done: ld 0x2ab2eefc66f0 msgid 6 > > res_errno: 0, res_error: <>, res_matched: <> > > ldap_free_request (origid 6, msgid 6) > > ldap_parse_result > > ldap_msgfree > > ldap_err2string > > [Tue Jun 03 12:48:37 2014] [warn] [client ip.add.re.ss] [8713] auth_ldap >> authenticate: user User-Chi authentication failed; URI /svn/ [User not >> found][No such object] > > [Tue Jun 03 12:48:37 2014] [warn] [client ip.add.re.ss] [8713] auth_ldap >> authenticate: user User-Chi authentication failed; URI /svn/ [LDAP: >> ldap_simple_bind_s() failed][Invalid credentials] > > [Tue Jun 03 12:48:37 2014] [error] [client ip.add.re.ss] user User-Chi: >> authentication failure for "/svn/": Password Mismatch > > > On Mon, Jun 2, 2014 at 6:05 PM, Eric Covener <[email protected]> wrote: > On Mon, Jun 2, 2014 at 10:06 AM, Darly Senecal Baptiste > <[email protected]> wrote: > > [Fri May 30 13:24:13 2014] [debug] mod_authnz_ldap.c(390): [client > > ip.add.re.ss] [10449] auth_ldap authenticate: using URL > > ldap://ldap-ldap-address1 > > > ldap-ldap-address2/OU=Miamin,DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*) > > [Fri May 30 13:24:13 2014] [warn] [client ip.add.re.ss] [10449] auth_ldap > > authenticate: user Chi-User authentication failed; URI /svn/ [User not > > found][No such object] > > [Fri May 30 13:24:13 2014] [warn] [client ip.add.re.ss] [10449] auth_ldap > > authenticate: user Chi-User authentication failed; URI /svn/ [LDAP: > > ldap_simple_bind_s() failed][Invalid credentials] > > Unfortunately still a mystery What exact version are you on? . It is > odd that you don't see the debug message between each warn message. > The latest 2.2.x, AFAICT, would not be able to issue the errors that > way. > > The debug mod_ldap_debug mod here might help w/o needing to change > mod_ldap/mod_authnz_ldap: > > https://github.com/covener/apache-modules > > It provides some details of interaction with your LDAP sdk to give a > hint about what's going on at that layer. It may be difficult to > scrub effectively. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
