Tags:
create new tag
view all tags

Question

After installing LdapContrib, the login page tells me Unrecognized user and/or password for my LDAP username and password. I think that this is because:

the LDAP server only binds with the password and:

  1. the full DN (Distinguished Name), like "cn=Jones,\ Tom,ou=users,dc=company,dc=org"
  2. the RDN (Relative Distinguished Name), which is usually the CN, like "Jones, Tom", or
  3. userprincipalname, if assigned, which is our email address

It would be nice if the LDAP server allowed binding with the password and the samaccountname, or whatever LDAP attribute happens to hold the "username". This is not the fault of the LdapContrib but of the LDAP server.

The error log, with debugging turned on in LdapContrib.pm, gives me an error 49, which holds an error from Active Directory: 525, which means user not found. 

[Tue Sep 05 15:38:30 2006] [error] [client 10.20.54.16] LdapContrib - called LdapContrib constuctor, referer: http://server/twiki/bin/login/Main/WebHome
[Tue Sep 05 15:38:30 2006] [error] [client 10.20.54.16] LdapContrib - called connect, referer: http://server/twiki/bin/login/Main/WebHome
[Tue Sep 05 15:38:30 2006] [error] [client 10.20.54.16] LdapContrib - bind for abanks, referer: http://server/twiki/bin/login/Main/WebHome
[Tue Sep 05 15:38:30 2006] [error] [client 10.20.54.16] LdapContrib - LdapContrib - 49: 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece, referer: http://server/twiki/bin/login/Main/WebHome
[Tue Sep 05 15:38:30 2006] [error] [client 10.20.54.16] LdapContrib - called disconnect(), referer: http://server/twiki/bin/login/Main/WebHome

My LocalSite.cfg: 

$TWiki::cfg{DataDir} = '/srv/www/htdocs/twiki/data';
$TWiki::cfg{Password} = '80zKY/Ysx1PxA';
$TWiki::cfg{Site}{Lang} = 'en';
$TWiki::cfg{LocalesDir} = '/srv/www/htdocs/twiki/locale';
$TWiki::cfg{DefaultUrlHost} = 'http://server';
$TWiki::cfg{Site}{FullLang} = 'en-us';
$TWiki::cfg{PubDir} = '/srv/www/htdocs/twiki/pub';
$TWiki::cfg{TemplateDir} = '/srv/www/htdocs/twiki/templates';
$TWiki::cfg{Site}{CharSet} = 'iso-8859-15';
$TWiki::cfg{ScriptUrlPath} = '/twiki/bin';
$TWiki::cfg{PubUrlPath} = '/twiki/pub';
$TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;
$TWiki::cfg{LoginManager} = 'TWiki::Client::TemplateLogin';
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{MapUserToWikiName} = 1;

# LDAP configuration file

# ip address (or hostname) of the LDAP server
$TWiki::cfg{Ldap}{Host} = 'ldap.domain.org';

# port used when binding to the LDAP server
$TWiki::cfg{Ldap}{Port} = 389;

# ldap protocol version to use when querying the server; possible values: 2, 3
$TWiki::cfg{Ldap}{Version} = '3';

# the base DN to use in searches
$TWiki::cfg{Ldap}{Base} = 'ou=User Accounts,dc=domain,dc=org';

# define the DN of the users tree
#$TWiki::cfg{Ldap}{BasePasswd} = 'ou=Users,ou=User Accounts,dc=domain,dc=org';

# define the DN of the groups tree
# $TWiki::cfg{Ldap}{BaseGroup} = 'ou=Groups,ou=User Accounts,dc=domain,dc=org';

# define the user login name attribute
$TWiki::cfg{Ldap}{LoginAttribute} = 'samaccountname';

# define the user's wiki name attribute
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'cn';

# Authentication by LDAP
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';

# Control access by LDAP groups
#$TWiki::cfg{UserMappingManager} = 'TWiki::Users::TWikiUserMapping';

# flag to remove whitespaces in wiki names that come from ldap
$TWiki::cfg{Ldap}{WikiNameRemoveWhiteSpace} = 1;

# filter to be used to find login accounts
# $TWiki::cfg{Ldap}{LoginFilter} = 'objectclass=user';

# define the group name
#$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';

# filter to be used to find groups 
$TWiki::cfg{Ldap}{GroupFilter} = 'objectclass=group';

# flag indicating wether we fallback to TWikiGroups
#$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;

# define the attribute that should be used to collect group members
$TWiki::cfg{Ldap}{MemberAttribute} = 'member';

# flag indicating wether the member attribute of a group stores a DN
#$TWiki::cfg{Ldap}{MemberIndirection} = 0;

# the dn to use when binding to the LDAP server; if undefined anonymous binding
# will be used
$TWiki::cfg{Ldap}{BindDN} = 'cn=(xxxxxx),ou=(xxxxxxx),ou=(xxxxxxx),dc=domain,dc=org';

# the password used when binding to the LDAP server
$TWiki::cfg{Ldap}{BindPassword} = 'password';

# negotiate ssl when binding to the server; possible values: 0, 1
# TODO: not implemented yet
#$TWiki::cfg{Ldap}{SSL} = 0;

# refresh rate when the ldap cache is fetched from the LDAP server; 
# a value of -1 means unlimitted caching; 
# a value of 0 disables the cache; 
# default is -1
#$TWiki::cfg{Ldap}{MaxCacheHits} = -1;

1; # Required for successful module loading

Environment

TWiki version: TWikiRelease04x00x04
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: SuSE Linux 9
Web server: Apache 2.0
Perl version: 5.8.6
Client OS: Linux
Web Browser: Firefox
Categories: Authentication

-- AndrewBanks - 04 Sep 2006

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Closing this question after 30 days. Try asking in the LdapContribDev topic.

-- PeterThoeny - 14 Oct 2006

Change status to:
WebForm
SupportStatus ClosedUnanswered
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2006-10-14 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.