[OGo-Users] LDAPInitialBindSpecific not working

Juuso Alasuutari users@opengroupware.org
Mon, 5 Mar 2007 11:12:54 +0200 

On Friday 02 March 2007 17:34, Adam Tauno Williams wrote:
> > I'm configuring OGo 1.0 to authenticate against LDAPv3 (OpenLDAP) by
> > using the LDAPInitialBind settings as instructed in this manual:
> > http://docs.opengroupware.org/Members/whitemice/wmogag/download. Here's
> > what I have in NSGlobalDomain.plist (don't worry, I'm only using the root
> > account temporarily for testing):
> >     LSAuthLDAPServer = "ldap.foo.bar";
> >     LSAuthLDAPServerRoot = "dc=foo,dc=bar";
> >     LSAuthLDAPServerPort = 389;
> >     LDAPLoginAttributeName = "uid";
> >     DisablePasswordModification = YES;
> >     LDAPInitialBindSpecific = YES;
> >     LDAPInitialBindDN = "uid=root,ou=people,dc=foo,dc=bar";
> >     LDAPInitialBindPW = "xxx";
> > When I enable 'allow bind_v2' in slapd.conf I am able to log in via
> > http://ldap.foo.bar/OpenGroupware, but without it and using the above
> > settings login attempts fail and nothing even appears in the LDAP
> > server's syslog.
>
> That seems very odd: "nothing even appears in the LDAP server's syslog"
>
> What is value of the DSA's loglevel directive?  I'm on the road today,
> but off the top of my head I think you want 128+32+8 as a minimum in
> order to figure out what is going on.  Since it looks like you are on
> the same machine, and thus using ethereal/wireshark is probably out, you
> can throw in +2 if you want to see the packets.

I tried changing the loglevel, but I'm still not getting anything in the logs 
that looks like a response to my actions. When I type my name and passwd in 
the OGo login page, it almost instantly reloads the page with the login 
failure message "Wrong Password or User". Seems like the auth query fails 
very quickly.

I have the bind user set to root, I've the slapd loglevel set to 512+128+32+8, 
and I watch the syslog with this command:
  watch -n0.1 "grep slapd.*root /var/log/syslog | tail -15"
But no events appear when I try to log in. Again, allowing bind_v2 in 
slapd.conf fixes OGo login, so there's supposedly nothing wrong with the 
connections or the account settings (I can login as root).

> And if you are logging to syslog make sure syslog isn't ditching traffic
> below a certain level.
>
> A rule like:
> local4.*                        -/var/log/ldap
>  - is a good idea.

I didn't try this yet, it seems that syslog gets a lot of traffic as it is.

-- 
Juuso Alasuutari
      seclan.com