[OGo-Users] LDAPInitialBindSpecific not working

Juuso Alasuutari users@opengroupware.org
Mon, 5 Mar 2007 11:14:52 +0200 

On Saturday 03 March 2007 12:27, Torsten Becker wrote:
> Adam Tauno Williams schrieb:
> >> I'm configuring OGo 1.0 to authenticate against LDAPv3 (OpenLDAP) by
> >> using the LDAPInitialBind settings as instructed in this manual:
> >> http://docs.opengroupware.org/Members/whitemice/wmogag/download. Here's
> >> what I have in NSGlobalDomain.plist (don't worry, I'm only using the
> >> root account temporarily for testing):
> >>     LSAuthLDAPServer = "ldap.foo.bar";
> >>     LSAuthLDAPServerRoot = "dc=foo,dc=bar";
> >>     LSAuthLDAPServerPort = 389;
> >>     LDAPLoginAttributeName = "uid";
> >>     DisablePasswordModification = YES;
> >>     LDAPInitialBindSpecific = YES;
> >>     LDAPInitialBindDN = "uid=root,ou=people,dc=foo,dc=bar";
> >>     LDAPInitialBindPW = "xxx";
> >> When I enable 'allow bind_v2' in slapd.conf I am able to log in via
> >> http://ldap.foo.bar/OpenGroupware, but without it and using the above
> >> settings login attempts fail and nothing even appears in the LDAP
> >> server's syslog.
> >
> > That seems very odd: "nothing even appears in the LDAP server's syslog"
> >
> > What is value of the DSA's loglevel directive?  I'm on the road today,
> > but off the top of my head I think you want 128+32+8 as a minimum in
> > order to figure out what is going on.  Since it looks like you are on
> > the same machine, and thus using ethereal/wireshark is probably out, you
> > can throw in +2 if you want to see the packets.
> >
> > And if you are logging to syslog make sure syslog isn't ditching traffic
> > below a certain level.
> >
> > A rule like:
> > local4.*                        -/var/log/ldap
> >  - is a good idea.
> >
> >> Any clues?
>
> I try to do the same Setup just for autheticatting against kerberos with
> users in ldap.
> I figured out that the Syntax
>
> LDAPInitialBindSpecific = YES;
>
> sounds right for "Defaults read" but the InitialBind will not work.
>
> If you remove the '=' then it should work, it does it in my setup.
>
> LDAPInitialBindSpecific YES;

Unfortunately this doesn't work for me, the connection to the Skyrix server 
breaks when I do this (I see an error in http://<server>/OpenGroupware). I 
think the syntax is simply wrong and the server won't start up because of 
that.

-- 
Juuso Alasuutari
      seclan.com