[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
user authentication on attributes
- To: openldap-technical@openldap.org
- Subject: user authentication on attributes
- From: sim123 <Sim3159@gmail.com>
- Date: Tue, 29 Mar 2011 14:47:53 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:date:x-google-sender-auth :message-id:subject:from:to:content-type; bh=q2MpX6ZAZKKoPxTyp50YCoIDP2/QVZ3VM59c5F3BtD8=; b=dobMVilu9iwsHntc5vWG1PJm6M/mdzmGDtWEkc9KXVTwc0T8JTbexg8XBp4iaONA+5 iMw0Z9oIoh53iY8sN8M6Uq+FHbGlWH3vupk8oVxrsEALn00XZlVqdO4qinuw7YwnB2Az dUiSGs2zgzBXwI4CQqfAzXT3gYoar07OePoWc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=dODJBuqvuQbxWKg9gAwlqzFr8j4lYPxkDR4SiYoRVt7RR//4c0oW3VRolC9LWjbKk6 EI6mDwsfRLgMSgpymSX4uy8UYkh/i7EZSqDlt4uNEJ1Z0RWj0CDi5r5ErauA7MubwuJE Zl+3Wn1JeASTX2+5XGWSPV45UKKLonfdAM6Us=
I have openLDAP server up and running and trying to integrate it with Confluence. My LDAP structure looks like
DN :: uid=123, ou=users, dc=example, dc=com
uid :: 123
cn :: barbara
sn :: jason
userPassword :: test (plain test for now)
I have another similar entry in another branch (su) for "confluence admin", I did LDAP configuration in confluence and tested the bind with confluence user. Now for every user authentication I am assuming LDAP should be able to bind on any attribute other than DN. however I can not do that. when I try to login from confluence using mail & password, this is what I see in my slapd.d logs :
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
op tag 0x60, time 1301434489
ber_get_next
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <uid=234,ou=su,dc=example,dc=com>
<<< dnPrettyNormal: <uid=234,ou=su,dc=example,dc=com>, <uid=234,ou=su,dc=example,dc=com>
do_bind: version=3 dn="uid=234,ou=su,dc=example,dc=com" method=128
bdb_dn2entry("uid=234,ou=su,dc=example,dc=com")
=> bdb_dn2id("dc=example,dc=com")
<= bdb_dn2id: got id=0x1
=> bdb_dn2id("ou=su,dc=example,dc=com")
<= bdb_dn2id: got id=0x4
=> bdb_dn2id("uid=234,ou=su,dc=example,dc=com")
<= bdb_dn2id: got id=0x7
entry_decode: "uid=234,ou=su,dc=example,dc=com"
<= entry_decode(uid=234,ou=su,dc=example,dc=com)
do_bind: v3 bind: "uid=234,ou=su,dc=example,dc=com" to "uid=234,ou=su,dc=example,dc=com"
send_ldap_result: conn=1000 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 12
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 144 contents:
op tag 0x63, time 1301434489
ber_get_next
conn=1000 op=1 do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=user,dc=example,dc=com>
<<< dnPrettyNormal: <ou=user,dc=example,dc=com>, <ou=user,dc=example,dc=com>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
==> limits_get: conn=1000 op=1 self="uid=234,ou=su,dc=example,dc=com" this="ou=user,dc=example,dc=com"
=> bdb_search
bdb_dn2entry("ou=user,dc=example,dc=com")
=> bdb_dn2id("ou=user,dc=example,dc=com")
<= bdb_dn2id: got id=0x3
entry_decode: "ou=user,dc=example,dc=com"
<= entry_decode(ou=user,dc=example,dc=com)
search_candidates: base="ou=user,dc=example,dc=com" (0x00000003) scope=2
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30988)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_dn2idl("ou=user,dc=example,dc=com")
<= bdb_dn2idl: id=2 first=3 last=6
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read 2 candidates
<= bdb_equality_candidates: id=2, first=6, last=7
=> bdb_equality_candidates (cn)
=> key_read
<= bdb_index_read: failed (-30988)
<= bdb_equality_candidates: id=0, first=0, last=0
bdb_search_candidates: id=0 first=3 last=0
bdb_search: no candidates
send_ldap_result: conn=1000 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush2: 14 bytes to sd 12
I guess I should be able to do LDAP_BIND with any attribute and LDAP should be able to search user's DN based on the attribute and authenticate him as I have laready provided valid DN and password (for confluence user), am I right here? Please let me know if its doable (should be) and what am I missing here ? I tried searching for this but couldn't find it on the web. Thanks for the help and support.
-simon