[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Binding Problems with authentication
At 02:43 PM 7/21/99 -0400, Joe Novielli wrote:
>Thanks Julio and Darryl for a quick response.
>
>Darryl, my slapd.conf file already indexes the mail attribute.
>
>Julio: what username should I use then? I've tried several cases.
for Netscape, "jnoviell@matrox.com"... but note that your
ACL doesn't allow anonymous searches (and reading) of this
attribute (entry).
>
>I changed a few things. But it still does not respond will any results (I
>know they exist as it works without authentication) (I wish there was a
>standard for all email clients to search/filter/authenticate upon).
>
>Changes made:
>1) Removed givename attribute
>2) Entries no look like (ie: replaced cn with uid in DN):
>
>dn: uid=jnoviell,location=Dorval,o=Matrox,c=CA
>objectclass: Person
>username: jnoviell
>cn: Joe Novielli
>uid: jnoviell
>mail: jnoviell@matrox.com
>location: Dorval
>sn: Novielli
>userPassword: {crypt}DferPKChVn9Y
>telephoneNumber:xxx-xxxx ext:yyy
>status: Active User
>
>
>Any other suggestions? Much appreciated and thanks
>FYI: My original message can be found at:
>http://www.openldap.com/lists/openldap-software/9907/msg00127.html
>
>
>
>
>Julio Wrote
>
>> > The server doesn't seem to bind DN's for authentication (I tried Netscape,
>> > Eudora email clients).
>>
>>The server does, it is that you are being outsmarted by your clients.
>>So
>>that you do not have to remember/type dn's, they make a search, get the
>>dn of the retrieved entry and bind with that dn and the password you
>>give.
>>
>> > Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=1 SRCH
>> > base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="( |
>> > (cn=*MARK*)(SN=*MARK*)(GN=*MARK*)(GIVENNAME=*MARK*))"
>>
>>See? They are looking for a user with a name containing "MARK". BTW,
>>I never heard of "GN" as a valid alias for "givenName".
>>
>> > Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=1 RESULT err=0
>> > tag=101 nentries=0
>>
>>Unfortunately, the search fails (see nentries=0).
>>
>> > Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=1 SRCH
>> > base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="(mail=JNOVIELL,
>> > LOCATION=DORVAL, O=MATROX,C=CA)"
>>
>>In this case, you are trying to write a DN in the login dialog. Notice
>>that the text in the dialog tells you to use the email address. It
>>means it.
>>
>> > -------------------------------------------------------------
>> > The user name I am using is: jnoviell, location=Dorval, o=Matrox,c=CA
>>
>>That would not be a valid dn, the attribute type on the first RDN is
>>missing, you mean "uid=" or maybe "cn=" prepended to that, but don't
>>do it because your clients are expecting something else.
>>
>>Julio
>
>###################################################
>Darryl Wrote
>
>If I'm not mistaken you're using a client that sends the mail attribute to
>the server which in turn retrieves the DN and sends that back to the
>server (with the user supplied password) in a bind request. This
>could be failing because you have either supplied a value such that the
>filter mail=%v yields a result set with no entries. If your entry has a
>mail attribute, use that value to authenticate (you'll probably want to
>index the mail attribute).
>
>
>
>