Thanks Andy.
Neil Fay

-----Original Message-----
From: Andy Kurth [mailto:andy_ku...@ncsu.edu] 
Sent: Wednesday, August 10, 2011 12:08 PM
To: vcl-user@incubator.apache.org
Subject: Re: VCL to MS Active Directory (LDAP) Authentication

Error 49 is often a problem with the format of the user DN.  Try changing the 
line:
"userid" => "sAMAccountName=%s,cn=Users,dc=hood,dc=edu",
to
"userid" => "cn=%s,cn=Users,dc=hood,dc=edu",

-Andy

On Tue, Aug 9, 2011 at 5:51 PM, Fay, Cornelius R. <f...@hood.edu> wrote:
> Help Needed.
>
>
>
> We have a pilot VCL running using local user accounts, and are now 
> attempting authentication through our Active Directory (Windows Server 
> 2003 /LDAP v.3) infrastructure.  We can successfully authenticate with 
> 'service accounts' (such as <vclservice>), but not with normal user 
> accounts.  We consistently get 'Error 49 invalid credentials'.  We run 
> Exchange here as well.
>
>
>
> We would appreciate any hints as to where our failure lies.   I have 
> included a segment of our 'conf.php' file for your perusal.
>
>
>
> Thanks in advance for any advice on where to look.
>
>
>
> Neil Fay
>
> CTO, Hood College
>
>
>
> /*
>
>  Snippet from VCL conf.php, trying to authenticate to Microsoft Active 
> Directory (MSAD) via LDAP
>
>  - removed all the other examples etc
>
>  - Service domain works, but Hood domain does not
>
> */
>
> $authMechs = array(
>
>         "Hood" => array("type" => "ldap",
>
>                                    "server" => "x.x.x.x:389",
>
>                                    "binddn" => "dc=hood,dc=edu",
>
>                                    "userid" => 
> "sAMAccountName=%s,cn=Users,dc=hood,dc=edu",
>
>                                    "unityid" => "samAccountName",
>
>                                    "firstname" => "givenname",
>
>                                    "lastname" => "sn",
>
>                                    "email" => "userPrincpalName",
>
>                                    "defaultemail" => "@example.com",
>
>                                    "masterlogin" => 
> "cn=vclservice,ou=serviceaccounts,dc=hood,dc=edu",
>
>                                    "masterpwd" => "xxxxxxx",
>
>                                    "affiliationid" => 3,
>
>                                    "help" => "Use Hood for testing 
> Hood Domain"),
>
>         "Service" => array("type" => "ldap",
>
>                                    "server" => "x.x.x.x:389",
>
>                                    "binddn" => "dc=hood,dc=edu",
>
>                                    "userid" => 
> "cn=%s,ou=serviceaccounts,dc=hood,dc=edu",
>
>                                    "unityid" => "samAccountName",
>
>                                    "firstname" => "givenname",
>
>                                    "lastname" => "sn",
>
>                                    "email" => "userPrincipalName",
>
>                                    "defaultemail" => "@hood.edu",
>
>                                    "masterlogin" => 
> "cn=vclservice,ou=serviceaccounts,dc=hood,dc=edu",
>
>                                    "masterpwd" => "xxxxxxx",
>
>                                    "affiliationid" => 5,
>
>                                    "help" => "Use Service to test 
> login using service account"),
>
>         "Local Account"    => array("type" => "local",
>
>                                     "affiliationid" => 1,
>
>                                     "help" => "Only use Local Account 
> if there are no other options"),
>
>
>
>

Reply via email to