[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentification from pam_ldap against Lotus Notes/Customer



It certainly sounds as though this is working ok, and you've done everything
that I can think of. One thing I'd try first is to perform the bind with
an ldapsearch. Can you try

  ldapsearch -x -LLL -h dominoserver -b '' -D 'cn=Christoph Seider o=haj' -W uid=cseider

(note that I've given an empty search base. you could also use `-b o=haj', but
 there were Domino versions that would crap out on that...)

If that works, then ... I don't know what is wrong. Try it.

	-JP


On Tue, 30 Jul 2002, christoph.seider@cegelec.com wrote:

> Hi All,
> i have a problem to authenticate my squid users with pam_ldap to an lotus
> notes/domino 5.0 Server. I always get an error message that user/passsword
> is not allowed to bind. I have used an network analyzer to get more details
> of this problem and have the following results.
> 1.) The Squid Proxy sends a bind request to the Notes Server (Bindrequest)
> 2.) The Notes Server answers that he will accept requests (BindResponse =
> Success)
> 3.) The Squid Proxy sends a Search Request (Base Object configured in
> /etc/ldap.conf) and the Attribute Type = uid and (in my case) Attribute
> Value = cseider (which i have entered in the uppopping dialog box)
> 4.) The Notes Server sends the SearchResponse which includes the data of
> the ldap entry (i.e. cn= Christoph Seider, shortname=CSeider, uid=CSeider
> mail=Christoph.Seider=company.com etc.)
> 5.) The Proxy sends the Bindrequest which includes cn=Christoph Seider
> o=haj, Authentication=simple and Password = test12345
> 6.) The Notes Server answers with Bind failed: Username / password is not
> allowed
>
> The password I used is the internet password. I be able to login with this
> user/pass in to the mailbox via Webbrowser (without proxy configured). I
> don't know if the cn or the password is transmitted in the correct format
> or if i have to set other options in my ldap.conf.
>
> regards, Christoph
>
>