FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-19-2010, 04:45 AM
ashish nair
 
Default Users added in group via add member not able to authenticate

Hi,

I am trying to setup 389 ldap server which went fine without any problems. But I am stuck with the group authentication.I wanted to
have common groups in a few* OU's.
For ex: I have a pool of users in the directory server. I created a group under one OU and added those users(which are not in this tree) via add member option.But when I provide DN of this OU for authentication the users of this group are not able to do so. But when I create users under this tree directly it works. I tried many options but its not working.


Please help.


Regards
Ashish

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-19-2010, 09:19 AM
ashish nair
 
Default Users added in group via add member not able to authenticate

Hi Daniel,
*
Thanks for responding.
*
DC=ldapser,dc=com
|
OU=People
** |--------user1...usern
** |
** |--------OU=shared
****** ****** |
********** ** |--------------uid=ituser1
************* |--------------cn=IT
*
This is the structure of the the ldap server.I have added users user1...usern in the IT group via add member.
Now when I give the OU of shared as path for authentication, its only accepting the logins
of the ituser1 but not of the group IT.
I need this setup as these users are common to a few OU's.
*
The ldap connecting string that is there in apache
"ldap://10.209.22.65:389/ou=shared,ou=People,dc=ldapser,dc=com?uid?sub?(obj ectClass=*)"
*
I tried both with uid and uniquemember. Both are not working .
*
Thanks again.
*

*
On Mon, Jul 19, 2010 at 1:22 PM, Daniel Maher <dma+389users@witbe.net> wrote:




On 07/19/2010 06:45 AM, ashish nair wrote:
> Hi,
>
> I am trying to setup 389 ldap server which went fine without any
> problems. But I am stuck with the group authentication.I wanted to

> have common groups in a few *OU's.
> For ex: I have a pool of users in the directory server. I created a
> group under one OU and added those users(which are not in this tree) via
> add member option.But when I provide DN of this OU for authentication

> the users of this group are not able to do so. But when I create users
> under this tree directly it works. I tried many options but its not working.
> Please help.

Please provide more details, for example, the OUs and DNs (sanitised if

necessary), the search string (or equivalent) that you're using to
authenticate, and any other relavant information (environment, etc..).


--
Daniel Maher <dma + 389users AT witbe DOT net>
--

389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-19-2010, 10:16 AM
ashish nair
 
Default Users added in group via add member not able to authenticate

Hi Daniel,
*
When I try authenticating the users in the group IT, it is searching for that user in that OU itself. But the users that are added as members in the group are not able to because these are not present physically in that OU.

*
auth_ldap authenticate: user*user1 authentication failed; URI /secure [User not found][No such object]

Thanks
*
*
On Mon, Jul 19, 2010 at 2:49 PM, ashish nair <nair.ashish13@gmail.com> wrote:


Hi Daniel,
*
Thanks for responding.
*
DC=ldapser,dc=com
|
OU=People
** |--------user1...usern
** |
** |--------OU=shared
****** ****** |
********** ** |--------------uid=ituser1
************* |--------------cn=IT
*
This is the structure of the the ldap server.I have added users user1...usern in the IT group via add member.
Now when I give the OU of shared as path for authentication, its only accepting the logins
of the ituser1 but not of the group IT.
I need this setup as these users are common to a few OU's.
*
The ldap connecting string that is there in apache
"ldap://10.209.22.65:389/ou=shared,ou=People,dc=ldapser,dc=com?uid?sub?(obj ectClass=*)"
*
I tried both with uid and uniquemember. Both are not working .
*
Thanks again.



*

*
On Mon, Jul 19, 2010 at 1:22 PM, Daniel Maher <dma+389users@witbe.net> wrote:




On 07/19/2010 06:45 AM, ashish nair wrote:
> Hi,
>
> I am trying to setup 389 ldap server which went fine without any
> problems. But I am stuck with the group authentication.I wanted to
> have common groups in a few *OU's.

> For ex: I have a pool of users in the directory server. I created a
> group under one OU and added those users(which are not in this tree) via
> add member option.But when I provide DN of this OU for authentication

> the users of this group are not able to do so. But when I create users
> under this tree directly it works. I tried many options but its not working.
> Please help.

Please provide more details, for example, the OUs and DNs (sanitised if

necessary), the search string (or equivalent) that you're using to
authenticate, and any other relavant information (environment, etc..).


--
Daniel Maher <dma + 389users AT witbe DOT net>
--

389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-19-2010, 11:16 AM
ashish nair
 
Default Users added in group via add member not able to authenticate

Hi* Daniel,
*
When I created the group IT it came as cn=IT itself. Also this string that I gave is provided in the apache configuration file in the VirtualHost of the folder secure.
So anyone hitting that folder would required user authentication from the ldap server connected using that string.
This works perfectly fine when*someone login using ituser1 as its directly under OU=shared but not with users under IT group.Seems that its not authenticating other users as its not in this OU ( [User not found] )

Note that I can see all the members inside the IT group added as add member.
*
*
Thank you for helping.


On Mon, Jul 19, 2010 at 4:01 PM, Daniel Maher <dma+389users@witbe.net> wrote:


On 07/19/2010 12:16 PM, ashish nair wrote:
> Hi Daniel,
> When I try authenticating the users in the group IT, it is searching for
> that user in that OU itself. But the users that are added as members in

> the group are not able to because these are not present physically in
> that OU.
> auth_ldap authenticate: user user1 authentication failed; URI /secure
> [User not found][No such object]
> Thanks

> On Mon, Jul 19, 2010 at 2:49 PM, ashish nair <nair.ashish13@gmail.com

> <mailto:nair.ashish13@gmail.com>> wrote:
>
> * * Hi Daniel,
> * * Thanks for responding.
> * * DC=ldapser,dc=com
> * * |

> * * OU=People
> * * * * |--------user1...usern
> * * * * |
> * * * * |--------OU=shared
> * * * * * * * * * *|
> * * * * * * * * * *|--------------uid=ituser1
> * * * * * * * * * *|--------------cn=IT

> * * This is the structure of the the ldap server.I have added users
> * * user1...usern in the IT group via add member.
> * * Now when I give the OU of shared as path for authentication, its
> * * only accepting the logins

> * * of the ituser1 but not of the group IT.
> * * I need this setup as these users are common to a few OU's.
> * * The ldap connecting string that is there in apache
> * * "ldap://10.209.22.65:389/ou=shared,ou=People,dc=ldapser,dc=com?uid?sub?(obj ectClass=*)"

> * * I tried both with uid and uniquemember. Both are not working .
> * * Thanks again.

"cn=IT" ? *"cn" means "Common Name", and it generally contains a
person's name. *Based on what you've described above, there is no IT group.


The Apache error contains the string "/secure", but the LDAP search
string you provided does not. *You might want to verify that.

--



Daniel Maher <dma + 389users AT witbe DOT net>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:03 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org