Menu
▾
▴
Authentication from OpenLDAP was :Re: [Pgina-general] Greetings
|
From: Jim C <jcl...@ts...> - 2002-07-31 00:05:28
|
Wow, you guys are Johnny on the spot. :-) Well I've tried ldp. I first started out from an Administrator's account and couldn't figure out why I couldn't get it to load. So then I tried THE Administrator's account and then it worked. Since there apparently aren't that many folks on this list, I'll go ahead and post the Unix client configuration file (ldap.conf). That may provide some clues. One of my concerns is that perhaps the migration scripts in the Mandrake release of OpenLDAP are using one of the custom schemas talked about in the ldapauth readme. With that in mind, here is an ldif constructed by those scripts for one user: dn: uid=anonymoose,ou=People,dc=microverse,dc=net uid: anonymoose cn: anonymoose sn: anonymoose mail: ano...@mi... mailRoutingAddress: ano...@ma... mailHost: mail.padl.com objectClass: mailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: account objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject objectClass: shadowAccount userPassword: {crypt}$1$/3TIjAJU$py4q8keMYcmohvaQNXOxH. shadowLastChange: 11889 shadowMax: 99999 shadowWarning: 7 krbname: ano...@MI... loginShell: /bin/bash uidNumber: 502 gidNumber: 502 homeDirectory: /home/anonymoose gecos: anonymoose ...and here is the ldif of the proxyuser that is used to get passw0rds. Note that right now, for debugging, I have it so that anyone can get passwords. Tested this from Linux. Since, in the end, this is encrypted anyway, I am not sure why the author of the article asked wanted us to use a proxy user. dn: cn=proxyuser,dc=microverse,dc=net cn: proxyuser sn: proxyuser objectClass: person objectClass: top objectClass: kerberosSecurityObject userPassword: {MD5}p+huIwLQjqbT/2NfhWRo9A== krbname: pro...@MI... Current registry entries are: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\pGina] "allowLocking"=dword:00000001 "buttonAction"=dword:00000001 "debugOutput"=dword:00000001 "defaultDomain"="" "forceLogin"=dword:00000001 "keepProfiles"=dword:00000000 "mapAdmin"=dword:00000000 "mapPaths"="" "passThru"=dword:00000000 "pathMSGina"="msgina.dll" "pathPlugin"="C:\\pGina\\plugins\\ldapauth.dll" "pathProfile"="" "title"="pGina Login" [HKEY_LOCAL_MACHINE\SOFTWARE\pGina\ldapauth] "ldapServer"="enigma.microverse.net" "ldapPrePend"="uid=" "ldapMethod"="2" "ldapContext0"="ou=People,dc=microverse,dc=net" @="" "ldapAdminUsername"="cn=proxyuser,dc=microverse,dc=net" "ldapAdminPassword"="" "ldapContext1"="dc=microverse,dc=net" "ldapAppend"="dc=microverse,dc=net" "ldapFilter"="objectClass=posixAccount" Micah Cooper wrote: >Yeah, I'm here. ;) > >As Nate said, use ldp.exe. It's a tool from Microsoft that is a loose >wrapper on the APIs in the OS, which is great b/c so is my plugin! :D If >it fails to work, there's something b/t the workstation and the server. >If it works, but the plugin doesn't, let me know and I'll send you a >debug compile (unless you want to compile from source) that logs more >junk to a file. > >Let me know your results with ldp, and if it works, I can also give you >other things to try. > >-Micah > >yocomnw wrote: > >>Okay, :-) Sounds cool. >> >>First things first - have you followed Micah's directions on the website for >>testing ldap? http://pgina.cs.plu.edu/12.html - if you follow those directions >>(but ignore the SSL step), then you should be able to test an ldap connection >> >>from the windows client to the Linux server. If that works - the ldapauth > >>plugin should work without issue. >> >>I am not sure if Micah is on this list, so you may also want to drop a quick >>note to him letting him know your trying to get it working (after trying the >>above) and see if he has any suggestions :) >> >>Good luck! Let me know what else you come across and we will try and track it >>down for ya. >> >>Nate >> >> >> >>>===== Original Message From Jim C <jcl...@ts...> ===== >>>I am trying to get pGINA / LDAPauth to work. >>> >>>On some occasions the server seems to authneticate but for some reason >>>pGINA does not. >>>For debug purposes I currently have the server set to operate in the clear. >>> >>>My server is OpenLDAP on Mandrake 8.2 and the setup is in accordance >>>with the article: >>> >>>http://new.mandrakesecure.net/en/docs/ldap-auth.php >>> >>>Which is quite a good article BTW. >>> >>>I can also send my Unix client configuration, which, by the way, works. >>>I've treid using ldp from the client console bit I've been unable to >>>pick out anything that might be troublesome. >>> >>>Anyway, I sure could use the help. I am a graduate student at EWU and >>>this is my thesis. >>> >>> >>> >>> >>>------------------------------------------------------- >>>This sf.net email is sponsored by: Dice - The leading online job board >>>for high-tech professionals. Search and apply for tech jobs today! >>>http://seeker.dice.com/seeker.epl?rel_code=31 >>>_______________________________________________ >>>Pgina-general mailing list >>>Pgi...@li... >>>https://lists.sourceforge.net/lists/listinfo/pgina-general >>> >>> >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by: Dice - The leading online job board >>for high-tech professionals. Search and apply for tech jobs today! >>http://seeker.dice.com/seeker.epl?rel_code=31 >>_______________________________________________ >>Pgina-general mailing list >>Pgi...@li... >>https://lists.sourceforge.net/lists/listinfo/pgina-general >> >> > > > > > >------------------------------------------------------- >This sf.net email is sponsored by: Dice - The leading online job board >for high-tech professionals. Search and apply for tech jobs today! >http://seeker.dice.com/seeker.epl?rel_code=31 >_______________________________________________ >Pgina-general mailing list >Pgi...@li... >https://lists.sourceforge.net/lists/listinfo/pgina-general > > |