[OGo-Users-DE] Auth gegen Novell eDirectory

Alexander C.H. Lorenz users-de@opengroupware.org
Fri, 18 Aug 2006 11:25:42 +0200 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hier das Debug - was mich bisher auch nicht schlauer machte:

Aug 18 09:17:34 ogo-webui-1.1 [16769]: LDAP: check pwd of login 'FOO' on
ldap.xxx.xx,389,ou=zznewuser,o=FOOBAR ...
Aug 18 09:17:34 ogo-webui-1.1 [16769]: LDAP:   use connection:
<0x0x84a3d44[NGLdapConnection]:>
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
check pwd of login 'FOO' on ou=zznewuser,o=FOOBAR
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
dn for login 'FOO' on ou=zznewuser,o=FOOBAR
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
 attempt to do a simple, authenticated bind
(dn=cn=BLAH,ou=admin,o=xxx,pwd=yes) ..
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
 bound.
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
 search: uid='FOO': '(uid=FOO)'
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
  return DN cn=FOO,ou=zzNewUser,o=FOOBAR
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
 attempting to bind login FOO DN: cn=FOO,ou=zzNewUser,o=FOOBAR (with
password) !
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84a3d44[NGLdapConnection]>
 bound successfully !
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x40431fc0[LSCommandContext]>
+[LSCommandContext(LDAPSupport) isLDAPLoginAuthorized:password:]: LDAP
server 'ldap.xxx.xx:389' did authenticate user 'FOO'
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84ac6ac[OGoHelpManager]>
Note: no OGo documentation installed!
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84ac6ac[OGoHelpManager]> SP:
Aug 18 09:17:34 ogo-webui-1.1 [16769]: |ogo-webui-1.1|
<OpenGroupware[0x0x80ffcbc]: name=ogo-webui-1.1>: created session:
<OGoSession[0x0x84ab70c]: id=418141810144E585AE>
Aug 18 09:17:34 ogo-webui-1.1 [16769]: ccaps:
<WEClientCapabilities[0x0x84b8594]: type=Mozilla v5.0> os=Linux cpu=ix86
fast-tbl css2 xul js>
Aug 18 09:17:34 ogo-webui-1.1 [16769]: LDAP: check pwd of login 'FOO' on
ldap.xxx.xx,389,ou=zznewuser,o=FOOBAR ...
Aug 18 09:17:34 ogo-webui-1.1 [16769]: LDAP:   use connection:
<0x0x84ba9ec[NGLdapConnection]:>
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84ba9ec[NGLdapConnection]>
check pwd of login 'FOO' on ou=zznewuser,o=FOOBAR
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84ba9ec[NGLdapConnection]>
dn for login 'FOO' on ou=zznewuser,o=FOOBAR
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84ba9ec[NGLdapConnection]>
 attempt to do a simple, authenticated bind
(dn=cn=BLAH,ou=admin,o=FOOBAR,pwd=yes) ..
Aug 18 09:17:34 ogo-webui-1.1 [16769]: <0x0x84ba9ec[NGLdapConnection]>
 bound.
Aug 18 09:17:35 ogo-webui-1.1 [16769]: -[LSLoginAccountCommand
_executeInContext:]: login failed: 'FOOBAR'.
Aug 18 09:17:35 ogo-webui-1.1 [16769]:
<0x0x868cbf4[WOComponentDefinition]> Note: did not find component class
with name 'WelcomeNewLDAPAccount'
Aug 18 09:17:35 ogo-webui-1.1 [16769]:
<0x0x868cbf4[WOComponentDefinition]> Note: missing class for component:
'WelcomeNewLDAPAccount'
Aug 18 09:17:35 ogo-webui-1.1 [16769]: >DirectAction> Note: missing LDAP
account welcome page!
Aug 18 09:17:35 ogo-webui-1.1 [16769]: (418141810144E585AE) WARNING:
missing defaults object in session!
Aug 18 09:17:35 ogo-webui-1.1 [16769]: (418141810144E585AE) WARNING:
missing defaults object in session!
129.0.17.231 - - [18/Aug/2006:09:17:35 GMT] "POST
/OpenGroupware.woa/x/login?da=&o=1155892563 HTTP/1.1" 200 1496/139 0.277
5089 70% 2M

Defaults:
LDAPInitialBindDN = "cn=BLAH,ou=admin,o=FOOBAR";
        LDAPInitialBindPW = xxxxx;
        LDAPInitialBindSpecific = YES;
        LDAPLoginAttributeName = uid;
        LSAuthLDAPServer = "ldap.xxx.xx";
        LSAuthLDAPServerPort = 389;
        LSAuthLDAPServerRoot = "ou=zznewuser,o=FOOBAR";

Passt laut Helge auch alles. Was fehlt ist die WelcomePage ...
Hmm

Danke, Alex



Sebastian Reitenbach schrieb:
> Hi,
> 
> habe den thread nicht von anfang an verfolgt, versuch mal ogo mit 
> eingeschaltetem LDAP debugging zu starten, als ogo user:
> ogo-webui -LDAPDebugEnabled YES
> 
> wie sehen deine ldap Defaults aus? als ogo user:
> Defaults read | grep -i ldap
> 
> Sebastian
> 
> 
> users-de@opengroupware.org wrote: 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>> wie sehen die access Einträge in der slapd.conf aus? Insbesondere auf 
> attr=userPassword?
>> access to dn.base=""
>>         by * read
>>
>> access to dn.base="cn=Subschema"
>>         by * read
>>
>> access to attr=userPassword,userPKCS12
>>         by self write
>>         by * auth
>>
>> access to attr=shadowLastChange
>>         by self write
>>         by * read
>>
>> access to *
>>         by * read
>>
>> Wie geschrieben eine ldapseach-Abfrage mit Password funktioniert ja -
>> das macht mich etwas sehr ratlos :-)
>>
>> Danke, Alex
> 

- --
mit freundlichen Grüßen

Alexander C.H. Lorenz

Sixt GmbH & Co. Autovermietung KG
Tel:	+49 - (0) 89 74444 - 4235
Fax:	+49 - (0) 89 74444 - 84235
e-Mail: alexander.lorenz@sixt.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE5YeWjbk5gpCi3jkRAlMKAKCsbvIVn+5oL0o7eeCkUodtVa4O2QCfQADw
TYmtd4ryPgLUzb4zNslfRss=
=QG3/
-----END PGP SIGNATURE-----