hey guys,
i'm trying to get the ldap_auth plugin to work with an openLDAP server.
here are my slapd.conf:
and here is my ldap.properties
and finally my ldapauth.properties
When I try to logon to OX i get an error message concering my login credentials and i can see the following in the slapd logs:
What is happening here and what does input error=-2 mean?
When logging on to LDAP manually (for example by using phpldapadmin) with these credentials:
cn=testuser,cn=users,dc=example,dc=com
PW: xxxx
It is working pretty fine. I also tried to use different PW Hashes, actually i tested SHA,MD5,Crypt always with the same behaviour.
I used oxldapsync for getting the ldapusers to OX.
But there is only poor logging, also when i use the -v switch. It only logged once, this is a few days ago. Since this logging i have added new users to LDAP and executed oxldapsync a few times again but there are no new log entries.
Is there anyone who can make head or tail of it? I'm stuck and don't know how to get further.
Thanks in advance for your effort, i'm thankful for any hints.
Regards,
Chris
i'm trying to get the ldap_auth plugin to work with an openLDAP server.
here are my slapd.conf:
Code:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 296 modulepath /usr/lib/ldap moduleload back_hdb sizelimit 500 tool-threads 1 backend hdb database hdb suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw {SSHA}XXXXXXXX directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=exampel,dc=com" write by dn="cn=ldapmanager,cn=admins,ou=company-de,dc=example,dc=com" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by * read by dn="cn=ldapmanager,cn=admins,ou=company-de,dc=example,dc=com" write by dn="cn=admin,dc=nodomain" write
Code:
inetOrgPersonAttributebusinessCategoryName=businessCategory inetOrgPersonAttributecnName=cn inetOrgPersonAttributeemployeeNumberName=employeeNumber inetOrgPersonAttributeemployeeTypeName=employeeType OXUserObjectAttributecoName=co inetOrgPersonAttributehomePhoneName=homePhone inetOrgPersonAttributehomePostalAddressName=homePostalAddress OXUserObjectAttributeInfoName=info inetOrgPersonAttributeinitialsName=initials inetOrgPersonAttributeinternationaliSDNNumberName=internationaliSDNNumber OXUserObjectAttributeIPPhoneName=IPPhone OXUserObjectAttributeotherfacsimiletelephonenumberName=otherfacsimiletelephonenumber inetOrgPersonAttributeroomNumberName=roomNumber inetOrgPersonAttributetelexNumberName=telexNumber inetOrgPersonClassName=inetOrgPerson OXUserObjectAttributebirthDayName=birthDay OXUserObjectAttributeDistributionListName=OXUserDistributionList OXUserObjectAttributeAnniversaryName=OXUserAnniversary OXUserObjectAttributeBranchesName=OXUserBranches OXUserObjectAttributeCategoriesName=OXUserCategories OXUserObjectAttributeChildrenName=OXUserChildren OXUserObjectAttributeCityName=OXUserCity OXUserObjectAttributeCommentName=OXUserComment OXUserObjectAttributeComRegName=OXUserComReg OXUserObjectAttributeEmail2Name=OXUserEmail2 OXUserObjectAttributeEmail3Name=OXUserEmail3 OXUserObjectAttributeInstantMessenger2Name=OXUserInstantMessenger2 OXUserObjectAttributeInstantMessengerName=OXUserInstantMessenger OXUserObjectAttributeMaritalStatusName=OXUserMaritalStatus OXUserObjectAttributeNickNameName=OXUserNickName OXUserObjectAttributeOtherCityName=OXUserOtherCity OXUserObjectAttributeOtherCountryName=OXUserOtherCountry OXUserObjectAttributeOtherPostalCodeName=OXUserOtherPostalCode OXUserObjectAttributeOtherStateName=OXUserOtherState OXUserObjectAttributeOtherStreetName=OXUserOtherStreet OXUserObjectAttributePositionName=OXUserPosition OXUserObjectAttributePostalCodeName=OXUserPostalCode OXUserObjectAttributeProfessionName=OXUserProfession OXUserObjectAttributeSalesVolumeName=OXUserSalesVolume OXUserObjectAttributeSpouseNameName=OXUserSpouseName OXUserObjectAttributeStateName=OXUserState OXUserObjectAttributesuffixName=OXUserSuffix OXUserObjectAttributeTaxIDName=OXUserTaxID OXUserObjectAttributeTeleAssistantName=OXUserTeleAssistant OXUserObjectAttributeTeleBusiness2Name=OXUserTeleBusiness2 OXUserObjectAttributeTeleCallbackName=OXUserTeleCallback OXUserObjectAttributeTeleCarName=OXUserTeleCar OXUserObjectAttributeTeleCompanyName=OXUserTeleCompany OXUserObjectAttributeTeleFax2Name=OXUserTeleFax2 OXUserObjectAttributeTeleHome2Name=OXUserTeleHome2 OXUserObjectAttributeTeleMobile2Name=OXUserTeleMobile2 OXUserObjectAttributeTeleOtherName=OXUserTeleOther OXUserObjectAttributeTelePrimaryName=OXUserTelePrimary OXUserObjectAttributeTeleRadioName=OXUserTeleRadio OXUserObjectAttributeTeleTTYName=OXUserTeleTTY OXUserObjectAttributeurlName=url OXUserObjectAttributeUserUndef01Name=OXUserUserUndef01 OXUserObjectAttributeUserUndef02Name=OXUserUserUndef02 OXUserObjectAttributeUserUndef03Name=OXUserUserUndef03 OXUserObjectAttributeUserUndef04Name=OXUserUserUndef04 OXUserObjectAttributeUserUndef05Name=OXUserUserUndef05 OXUserObjectAttributeUserUndef06Name=OXUserUserUndef06 OXUserObjectAttributeUserUndef07Name=OXUserUserUndef07 OXUserObjectAttributeUserUndef08Name=OXUserUserUndef08 OXUserObjectAttributeUserUndef09Name=OXUserUserUndef09 OXUserObjectAttributeUserUndef10Name=OXUserUserUndef10 OXUserObjectAttributeUserUndef11Name=OXUserUserUndef11 OXUserObjectAttributeUserUndef12Name=OXUserUserUndef12 OXUserObjectAttributeUserUndef13Name=OXUserUserUndef13 OXUserObjectAttributeUserUndef14Name=OXUserUserUndef14 OXUserObjectAttributeUserUndef15Name=OXUserUserUndef15 OXUserObjectAttributeUserUndef16Name=OXUserUserUndef16 OXUserObjectAttributeUserUndef17Name=OXUserUserUndef17 OXUserObjectAttributeUserUndef18Name=OXUserUserUndef18 OXUserObjectAttributeUserUndef19Name=OXUserUserUndef19 OXUserObjectAttributeUserUndef20Name=OXUserUserUndef20 OXUserObjectClassName=OXUserObject AllContactUIDSearch=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)) !AllContactUIDSearchScope=1 AddressAdminsDN=cn=AddressAdmins,[globalAddressBookBaseDN] globalAddressBookBaseDN=o=AddressBook,ou=OxObjects GlobalAddressBookEntryDN=uid=[contactid],[globalAddressBookBaseDN] InternalUsersForeSureNameUIDPatternSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(|(sn=[pattern])(givenname=[pattern])(uid=[pattern]))(mailEnabled=ok)) InternalUsersForDlistSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(cn=[pattern1])(|(mail=[pattern2])(OXUserEmail2=[pattern2])(OXUserEmail3=[pattern2]))(mailEnabled=ok)) InternalUsersStartingLetterSearchFilter=(&(objectClass=inetOrgPerson)(objectClass=OXUserObject)(sn=[letter]*)(mailEnabled=ok)) UserAddressBookEntryDN=uid=[contactid],[UserAddressBookDN] OXResourceGroupAttributeresourceGroupAvailableName=resourceGroupAvailable OXResourceGroupAttributeresourceGroupMemberName=resourceGroupMember OXResourceGroupAttributeresourceGroupNameName=resourceGroupName ResourceGroupDN=resourceGroupName=[group],[resourceGroupBaseDN] ResourceGroupPatternSearchFilter=(&(objectclass=OXResourceGroupObject)(resourceGroupName=[pattern])) ResourceGroupSearchFilter=(objectclass=OXResourceGroupObject) !ResourceGroupSearchScope=1 OXResourceAttributeresourceNameName=resourceName #Where are the resources? resourceBaseDN=ou=Resources,ou=ResourceObjects,ou=OxObjects ResourceDN=resourceName=[resource],[resourceBaseDN] #Where are the resource groups? resourceGroupBaseDN=ou=ResourceGroups,ou=ResourceObjects,ou=OxObjects #Searches resources with the a pattern. ResourcePatternSearchFilter=(&(objectclass=OXResourceObject)(resourceName=[pattern])) !ResourceSearchScope=1 #Where to search for groups? groupBaseDN=ou=Groups,ou=OxObjects #Complete dn of a group. GroupDN=cn=[gid],[groupBaseDN] GroupSearchFilter=(objectclass=posixGroup) posixAccountAttributecnName=cn UserAddressBookDN=ou=addr,uid=[uid],[userBaseDN] userBaseDN=ou=Users,ou=OxObjects #DN to the user object UserDN=uid=[uid],[userBaseDN] UserSearchFilter=(&(uid=[uid])(objectClass=OXUserObject)) #The scope with that users will be searched in ldap. USER_SEARCH_SCOPE !UserSearchScope=1 UsersPatternSearchFilter=(&(objectclass=posixAccount)(uid=[pattern])) #Define the objectClasses an user object should belong to if you are performing pattern searches. UsersPatternSearchObjectClasses=posixAccount,inetOrgPerson,OXUserObject GlobalAddressBookSearchScope=1 inetOrgPersonAttributejpegPhotoName=jpegPhoto OXUserObjectAttributeDayViewEndTimeName=OXDayViewEndTime OXUserObjectAttributeDayViewStartTimeName=OXDayViewStartTime OXUserObjectAttributeDayViewIntervalName=OXDayViewInterval Factory.GeneralSupport=DefaultGeneralSupport #Aliases of the user UserAttributeAlias=alias #Appointment days of the user. UserAttributeAppointmentDays=appointmentDays #Country of the user. UserAttributeCountry=field27 #Second country of the user. UserAttributeCountry2=field41 #Display name of the user. UserAttributeDisplayName=field01 #Description of the user. UserAttributeDescription=field34 #Facsimile of the user. UserAttributeFacsimile=field45 #Given name of the user. UserAttributeGivenName=field03 #Unique database identifier of the user. UserAttributeIdentifier=id #Name of the attribute containing the imap server host name. UserAttributeImapServer=imapServer #JDBC URL to the database for user specific databases instead of one global database. UserAttributeJDBCDatabaseURL=oxJDBCDatabaseURL #JDBC driver class name for user specific databases instead of one global database. UserAttributeJDBCDriverClassName=oxJDBCDriverClassName #JDBC database login for user specific databases instead of one global database. UserAttributeJDBCLogin=oxJDBCLogin #JDBC password for user specific databases instead of one global database. UserAttributeJDBCPassword=oxJDBCPassword #Labeled URI of the user. UserAttributeLabeledURI=field68 #Locality of the user. UserAttributeLocality=field25 #Mail address of the user. UserAttributeMail=mail #Mail domain of the user. UserAttributeMailDomain=mailDomain #Name of the attribute saying if the user is enabled or disabled. "OK" means user is enabled. UserAttributeEnabled=mailEnabled #Mobile telephone number of the user. UserAttributeMobile=field53 #Last modification of the user. UserAttributeModifyTimestamp=changing_date #Organization of the user. UserAttributeOrganization=field18 #Organizational unit of the user. UserAttributeOrganizationalUnit=field19 #Pager number of the user. UserAttributePager=field57 #Login password of the user. UserAttributePassword=userPassword #Postal code of the user. UserAttributePostalCode=field24 #Preferred language of the user. UserAttributePreferredLanguage=preferredLanguage #Days since Jan 1, 1970 that password was last changed UserAttributeShadowLastChange=shadowLastChange #Name of the attribute containing the smtp server host name. UserAttributeSmtpServer=smtpServer #State of the user. UserAttributeState=field26 #Street of the user. UserAttributeStreet=field23 #Sure name of the user. UserAttributeSureName=field02 #Task days of the user. UserAttributeTaskDays=taskDays #Telephone number of the user. UserAttributeTelephoneNumber=field43 #Timezone of the user. UserAttributeTimeZone=timeZone #Title of the user. UserAttributeTitle=field06 #Identifier of the user. UserAttributeUid=uid #Points to the user that stores the default mail configuration. Normally this is mailadmin. DNForDefaultMail=mailadmin #Filter for searching groups with a pattern. GroupsPatternSearchFilter=identifier #Filter for searching users. UsersDisplayNamePatternSearchFilter=field01,uid #Filter for searching users. UsersForeSureNameUIDPatternSearchFilter=field03,field02,uid #Set this parameter to true to disable writing of contacts into the directory service. ContactsDisabled=false #The mailEnabled attribute contains this value to enable a user. MailEnabledOK=OK #Set this parameter to true to enable full dynamic path names for users. This can be used for integration purposes. !UserFullDynamic=false #This parameter defines if caching is used or not. Caching=true #Name of the class implementing the new resource storage interface ResourceStorageImpl=com.openexchange.groupware.ldap.RdbResourceStorage #Name of the class implementing the new user storage interface UserStorageImpl=com.openexchange.groupware.ldap.RdbUserStorage
Code:
# This file contains the configuration for the ldap authentication. # URL of the LDAP server to connect to for authenticating users. # ldaps is supported. java.naming.provider.url=ldap://xxx.xxx.xxx.xxx:389/dc=example,dc=com # Defines the authentication security that should be used. java.naming.security.authentication=simple # Timeouts are useful to get quick responses for login requests. This timeout is # used if a new connection is established. com.sun.jndi.ldap.connect.timeout=10000 # This timeout only works since Java 6 SE to time out waiting for a response. com.sun.jndi.ldap.read.timeout=10000 # This attribute is used login. E.g. uid=<login>,baseDN #uidAttribute=uid uidAttribute=cn # This is the base distinguished name where the user are located. baseDN=cn=users,dc=example,dc=com
Code:
Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on: Mar 30 11:52:06 oxchange slapd[8656]: Mar 30 11:52:06 oxchange slapd[8656]: daemon: listen=9, new connection on 14 Mar 30 11:52:06 oxchange slapd[8656]: daemon: added 14r (active) listener=(nil) Mar 30 11:52:06 oxchange slapd[8656]: conn=0 fd=14 ACCEPT from IP=xxx.xxx.xxx.xxx:46160 (IP=0.0.0.0:389) Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on: Mar 30 11:52:06 oxchange slapd[8656]: Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 1 descriptor Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on: Mar 30 11:52:06 oxchange slapd[8656]: 14r Mar 30 11:52:06 oxchange slapd[8656]: Mar 30 11:52:06 oxchange slapd[8656]: daemon: read active on 14 Mar 30 11:52:06 oxchange slapd[8656]: conn=0 op=0 BIND dn="" method=128 Mar 30 11:52:06 oxchange slapd[8656]: conn=0 op=0 RESULT tag=97 err=0 text= Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero Mar 30 11:52:06 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on 2 descriptors Mar 30 11:52:06 oxchange slapd[8656]: daemon: activity on: Mar 30 11:52:06 oxchange slapd[8656]: 14r Mar 30 11:52:06 oxchange slapd[8656]: Mar 30 11:52:06 oxchange slapd[8656]: daemon: read active on 14 Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" method=128 Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 BIND dn="cn=testuser,cn=users,dc=example,dc=com" mech=SIMPLE ssf=0 Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=1 RESULT tag=97 err=0 text= Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on 1 descriptor Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on: Mar 30 11:52:07 oxchange slapd[8656]: 14r Mar 30 11:52:07 oxchange slapd[8656]: Mar 30 11:52:07 oxchange slapd[8656]: daemon: read active on 14 Mar 30 11:52:07 oxchange slapd[8656]: connection_read(14): input error=-2 id=0, closing. Mar 30 11:52:07 oxchange slapd[8656]: conn=0 op=2 UNBIND Mar 30 11:52:07 oxchange slapd[8656]: daemon: removing 14 Mar 30 11:52:07 oxchange slapd[8656]: conn=0 fd=14 closed Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on 1 descriptor Mar 30 11:52:07 oxchange slapd[8656]: daemon: activity on: Mar 30 11:52:07 oxchange slapd[8656]: Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=8 active_threads=0 tvp=zero Mar 30 11:52:07 oxchange slapd[8656]: daemon: epoll: listen=9 active_threads=0 tvp=zero
When logging on to LDAP manually (for example by using phpldapadmin) with these credentials:
cn=testuser,cn=users,dc=example,dc=com
PW: xxxx
It is working pretty fine. I also tried to use different PW Hashes, actually i tested SHA,MD5,Crypt always with the same behaviour.
I used oxldapsync for getting the ldapusers to OX.
But there is only poor logging, also when i use the -v switch. It only logged once, this is a few days ago. Since this logging i have added new users to LDAP and executed oxldapsync a few times again but there are no new log entries.
Is there anyone who can make head or tail of it? I'm stuck and don't know how to get further.
Thanks in advance for your effort, i'm thankful for any hints.
Regards,
Chris
Comment