[RADIATOR] Radiator + LDAP tries to use "(?uid=)" as search filter...

Isaac Freeman isaac at us.ibm.com
Tue Sep 13 14:43:27 CDT 2011 

Yeah, I tried that too with no luck:

Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 fd=50 ACCEPT from
IP=127.0.0.1:48820 (IP=0.0.0.0:389)
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 BIND dn="" method=128
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 RESULT tag=97 err=0
text=
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SRCH
base="dc=<my-domain>" scope=2 deref=2 filter="(uid=testuser)"
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 BIND
dn="cn=testuser,ou=People,dc=<my-domain>" method=128
Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 RESULT tag=97 err=49
text=

still the same err=49 (bad credentials).

--
Isaac Freeman - Systems Administrator
IBM Information Protection Services
isaac at us.ibm.com
919-254-0245



From:	Martin Burton <mvb at sanger.ac.uk>
To:	Isaac Freeman/Raleigh/Contr/IBM at IBMUS
Cc:	radiator at open.com.au
Date:	09/13/2011 03:27 PM
Subject:	Re: [RADIATOR] Radiator + LDAP tries to use "(?uid=)" as
            search	filter...



On 13/09/2011 17:13, Isaac Freeman wrote:
>
> The passwords are stored in the LDAP server as SSHA
> hashes, but I have "ServerChecksPassword" and the LDAP logs look like
it's
> doing the BIND operation correctly now, it just doesn't like the
> credentials for some reason.
>

Whenever I authenticate users against openLDAP using AuthBy LDAP2 and
ServerChecksPassword I don't specify the AuthDN and AuthPassword.  I
don't know that this would make any difference (I've never tried it with
an admin bind).

Like:

<AuthBy LDAP2>
        Version 3
        Host ldap.internal.sanger.ac.uk
        BaseDN ou=people,dc=sanger,dc=ac,dc=uk
        UsernameAttr uid
        PasswordAttr userPassword
        ServerChecksPassword
</AuthBy>






--
Martin Burton
Senior Systems Administrator               \\\|||///
Special Projects Team                     \\  ^ ^  //
Wellcome Trust Sanger Institute            (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
                                  http://www.sanger.ac.uk

[attachment "signature.asc" deleted by Isaac Freeman/Raleigh/Contr/IBM]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110913/0d813716/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20110913/0d813716/attachment.gif

More information about the radiator mailing list