|
Home > Archive > Netware Webserver > January 2006 > LDAP not working for all users
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
LDAP not working for all users
|
|
| mweston@uca.edu 2006-01-05, 5:47 pm |
| I have added the following directive to my http.conf file.
Options FollowSymLinks
AuthName "Sample LDAP Auth directory"
AuthType Basic
AuthLDAPUrl ldap://161.31.24.18:389/o=uca
require valid-user
With this configuration, we have about three users that cannot
authenticate
through LDAP while we have several users that can. However, these users
are able to log into the network just fine.
Anyone have any suggestions?
| |
| Andy Thompson (SysOp) 2006-01-06, 7:47 am |
| mweston@uca.edu wrote:
> I have added the following directive to my http.conf file.
>
>
> Options FollowSymLinks
> AuthName "Sample LDAP Auth directory"
> AuthType Basic
> AuthLDAPUrl ldap://161.31.24.18:389/o=uca
> require valid-user
>
>
> With this configuration, we have about three users that cannot
> authenticate
> through LDAP while we have several users that can. However, these users
> are able to log into the network just fine.
Turn on dstrace ldap tracing and try to auth and see what is reported.
load dstrace
dstrace screen on
dstrace -all
dstrace +ldap
Attempt to login as one of the users that cannot login and see what is
reported on the dstrace screen.
--
-andy
| |
| Tommy Mikkelsen 2006-01-13, 9:13 pm |
| User hasn't got any uid field populated in eDir ???
Check with ConsoleOne a working user, and compare with a non-working
user.
Look in the "other" tab
--
Best Regards
Tommy Mikkelsen
IT Quality A/S
Denmark
Novell Support Forums SYSOP
Please Report back any success or failure, That way we all learn
Sorry, but no support through email
"I hate bugs".......Tommy Lee Jones, MIB
Be a GroupWiseR, go http://www.groupwiser.net
| |
| mweston@uca.edu 2006-01-27, 8:51 pm |
| We changed this to:
<Directory "DATA:/htdocs/securesite/students">
Options FollowSymLinks
AuthName "Student Secure Access"
AuthType Basic
AuthLDAPUrl ldap://161.31.24.18:389/ou=student,o=uca?uid
require valid-user
</Directory>
and all the users that try to log in and fail to log in have a unique ID.
All the accounts look to be the same. Does this look like an eDirectory
problem or an apache problem?
>
User hasn't got any uid field populated in eDir ???
>
> Check with ConsoleOne a working user, and compare with a non-working
> user.
>
> Look in the "other" tab
>
>
> --
> Best Regards
>
> Tommy Mikkelsen
>
> IT Quality A/S
> Denmark
>
> Novell Support Forums SYSOP
>
> Please Report back any success or failure, That way we all learn
>
> Sorry, but no support through email
>
> "I hate bugs".......Tommy Lee Jones, MIB
>
> Be a GroupWiseR, go http://www.groupwiser.net
| |
| Tommy Mikkelsen 2006-01-27, 8:51 pm |
| Apache-LDAP-eDir ????
Start by trying with Softerra LDAP Browser and check if you can spot
anything special.
Also verify, that their password only contains a-z, A-Z or 0-9 in the
used caracters.
And......What did the LDAP trace that Ansy suggested showed ???
--
Best Regards
Tommy Mikkelsen
IT Quality A/S
Denmark
Novell Support Forums SYSOP
Please Report back any success or failure, That way we all learn
Sorry, but no support through email
"I hate bugs".......Tommy Lee Jones, MIB
Be a GroupWiseR, go http://www.groupwiser.net
| |
| mweston@uca.edu 2006-01-30, 5:46 pm |
| I think we have it figured out now, but we need to know how to limit an
LDAP search to just one folder and not search in the subfolders.
We have a folder of Student with subfolders for each month of the year.
What it is doing is there are aliases that it is finding in the
subfolders.
We would like to search the Student folder without searching the
subfolders of Jan, Feb, Mar, etc.
How can we do this?
> Apache-LDAP-eDir ????
>
> Start by trying with Softerra LDAP Browser and check if you can spot
> anything special.
>
> Also verify, that their password only contains a-z, A-Z or 0-9 in the
> used caracters.
>
> And......What did the LDAP trace that Ansy suggested showed ???
>
>
> --
> Best Regards
>
> Tommy Mikkelsen
>
> IT Quality A/S
> Denmark
>
> Novell Support Forums SYSOP
>
> Please Report back any success or failure, That way we all learn
>
> Sorry, but no support through email
>
> "I hate bugs".......Tommy Lee Jones, MIB
>
> Be a GroupWiseR, go http://www.groupwiser.net
| |
| Tommy Mikkelsen 2006-01-30, 5:46 pm |
| Maybe using "require ldap-attribute" ????
Take a peel here:
http://httpd.apache.org/docs/2.0/mo...ml#reqattribute
--
Best Regards
Tommy Mikkelsen
IT Quality A/S
Denmark
Novell Support Forums SYSOP
Please Report back any success or failure, That way we all learn
Sorry, but no support through email
"I hate bugs".......Tommy Lee Jones, MIB
Be a GroupWiseR, go http://www.groupwiser.net
| |
| Andy Thompson (SysOp) 2006-01-31, 7:46 am |
| mweston@uca.edu wrote:
> I think we have it figured out now, but we need to know how to limit an
> LDAP search to just one folder and not search in the subfolders.
>
> We have a folder of Student with subfolders for each month of the year.
> What it is doing is there are aliases that it is finding in the
> subfolders.
>
> We would like to search the Student folder without searching the
> subfolders of Jan, Feb, Mar, etc.
>
> How can we do this?
Try the AuthLDAPDereferenceAliases never directive in your directory
config.
--
-andy
| |
| mweston@uca.edu 2006-01-31, 6:04 pm |
|
Could you give me an example of how that directive would fit into my
config?
I tried adding
<Directory "DATA:/htdocs/securesite/students">
Options FollowSymLinks
AuthName "Student Secure Access"
AuthType Basic
AuthLDAPUrl "ldap://161.31.24.18:389/ou=student,o=uca?uid?sub?
(objectClass=*)"
AuthLDAPDereferenceAliases Never
require valid-user
</Directory>
> mweston@uca.edu wrote:
>
an[vbcol=seagreen]
year.[vbcol=seagreen]
>
> Try the AuthLDAPDereferenceAliases never directive in your directory
> config.
>
> --
> -andy
| |
| mweston@uca.edu 2006-01-31, 6:04 pm |
|
Forgot to add that apache failed to restart after I added that line.
> Could you give me an example of how that directive would fit into my
> config?
> I tried adding
>
> <Directory "DATA:/htdocs/securesite/students">
> Options FollowSymLinks
> AuthName "Student Secure Access"
> AuthType Basic
> AuthLDAPUrl "ldap://161.31.24.18:389/ou=student,o=uca?uid?sub?
> (objectClass=*)"
> AuthLDAPDereferenceAliases Never
> require valid-user
> </Directory>
>
>
>
>
limit[vbcol=seagreen]
> an
> year.
>
| |
| Andy Thompson 2006-01-31, 6:04 pm |
| mweston@uca.edu wrote:
> Forgot to add that apache failed to restart after I added that line.
>
What version of Netware, service packs and apache?
-andy
| |
| mweston@uca.edu 2006-01-31, 6:04 pm |
| > mweston@uca.edu wrote:
>
> What version of Netware, service packs and apache?
>
> -andy
NetWare 6.5 Service pack 4a
Apache 2.0.54
|
|
|
|
|