[OGo-Users] LDAPInitialBindSpecific not working

Adam Tauno Williams users@opengroupware.org
Mon, 05 Mar 2007 06:05:59 -0500 

> > > I'm configuring OGo 1.0 to authenticate against LDAPv3 (OpenLDAP) by
> > > using the LDAPInitialBind settings as instructed in this manual:
> > > http://docs.opengroupware.org/Members/whitemice/wmogag/download. Here's
> > > what I have in NSGlobalDomain.plist (don't worry, I'm only using the root
> > > account temporarily for testing):
> > >     LSAuthLDAPServer = "ldap.foo.bar";
> > >     LSAuthLDAPServerRoot = "dc=foo,dc=bar";
> > >     LSAuthLDAPServerPort = 389;
> > >     LDAPLoginAttributeName = "uid";
> > >     DisablePasswordModification = YES;
> > >     LDAPInitialBindSpecific = YES;
> > >     LDAPInitialBindDN = "uid=root,ou=people,dc=foo,dc=bar";
> > >     LDAPInitialBindPW = "xxx";
> > > When I enable 'allow bind_v2' in slapd.conf I am able to log in via
> > > http://ldap.foo.bar/OpenGroupware, but without it and using the above
> > > settings login attempts fail and nothing even appears in the LDAP
> > > server's syslog
> > That seems very odd: "nothing even appears in the LDAP server's syslog"
> > What is value of the DSA's loglevel directive?  I'm on the road today,
> > but off the top of my head I think you want 128+32+8 as a minimum in
> > order to figure out what is going on.  Since it looks like you are on
> > the same machine, and thus using ethereal/wireshark is probably out, you
> > can throw in +2 if you want to see the packets.
> I tried changing the loglevel, but I'm still not getting anything in the logs 
> that looks like a response to my actions.

If you make no corresponding change to your systems syslog of course you
won't see anything additional.
ftp://kalamazoolinux.org/pub/pdf/Timber.pdf


>  When I type my name and passwd in 
> the OGo login page, it almost instantly reloads the page with the login 
> failure message "Wrong Password or User". Seems like the auth query fails 
> very quickly.
> I have the bind user set to root, I've the slapd loglevel set to 512+128+32+8, 

I assume that means "loglevel 680" exists in slapd.conf?

> and I watch the syslog with this command:
>   watch -n0.1 "grep slapd.*root /var/log/syslog | tail -15"
> But no events appear when I try to log in. Again, allowing bind_v2 in 
> slapd.conf fixes OGo login, so there's supposedly nothing wrong with the 
> connections or the account settings (I can login as root).