| Kenneth Svee 2006-11-22, 7:29 am |
| [ nobody ]
> Kenneth Svee wrote:
>
>
> Thanks for the tip Kenneth - I increased the error log verbosity,
> but unfortunately there is only 1 (nonuseful) debug message from
> mod_authnz_ldap, aside from the warn and error messages already
> produced:
>
> [Mon Nov 20 11:39:24 2006] [debug] mod_authnz_ldap.c(373): [client
> 127.0.0.1] [6067] auth_ldap authenticate: using URL
> ldap://10.0.5.5/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
> [Mon Nov 20 11:39:24 2006] [warn] [client 127.0.0.1] [6067] auth_ldap
> authenticate: user jward authentication failed; URI /ldap_auth_tst/
> [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Mon Nov 20 11:39:24 2006] [error] [client 127.0.0.1] user jward:
> authentication failure for "/ldap_auth_tst/": Password Mismatch
These are important:
[LDAP: ldap_simple_bind_s() failed][Invalid credentials]
and
user jward: authentication failure for "/ldap_auth_tst/": Password Mismatch
The LDAP-bind fails, seemingly because of the wrong password.
> I assume this is meaning my linux_bind user is not binding, because
> I can purposely invalidate his password, and I get the same error
> messages... Should the password not contain special characters (like
> a period)?
The LDAP-modules uses the functions from the LDAP-libraries they are
compiled against. If you've installed OpenLDAP, you should have the
'ldapsearch' (default on my RHEL-box is /usr/bin/ldapsearch)
available. Try doing the bind with the same user using ldapsearch.
Also: make sure you are allowed to do binds to your LDAP-server over a
non-encrypted interface. If only TLS/SSL is required on the
LDAP-server, make sure you update your mod_ldap/mod_authnz_ldap-config
accordingly.
Rgds,
Kenneth Svee
|