RE: Debugging a user authentication

["Adrian Marsh" <Adrian.Marsh@ubiquisys.com>]

Thanks Dieter.

After doing some wiresharking on a test server, I found that when the user entered his username/password, the server wasn't even doing an LDAP lookup.

On further analysis, we found he had a "£" in his password.
I set Apache to also use local-file authentication (ahead of LDAP-lookup), and even that fails when a "£" is in the password there, using local passwords.  I've tested other non-alphanumeric characters and all else are ok.  Even "#" is ok.  It just seems to be a problem when "£" is used in the password, Apache fails.  Very strange (Apache 2.2).

But thanks for your reply.

Adrian

-----Original Message-----
From: openldap-technical-bounces+adrian.marsh=ubiquisys.com@OpenLDAP.org [mailto:openldap-technical-bounces+adrian.marsh=ubiquisys.com@OpenLDAP.org] On Behalf Of Dieter Kluenter
Sent: 14 November 2008 16:19
To: openldap-technical@openldap.org
Subject: Re: Debugging a user authentication

"Adrian Marsh" <Adrian.Marsh@ubiquisys.com> writes:

> Hi All,
>
> Using Apache 2.2, how do I debug the LDAP lookups being made to a 2003
> Domain Controller. Ive one user whos failing to authenticate, but all
> my other users do and Im trying to see who. He authenticates ok, same
> password via other mechanisms to the DC, but just not via the Apache
> LDAP lookup.

Just dump the tranmitted packages by means of tcpdump or
wireshark. Get a hex to ascii table and transpose the hex values to
ascii.

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.180.1555.7770535
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6