On 29/03/11 14:47 -0700, sim123 wrote:
I have openLDAP server up and running and trying to integrate it with Confluence. My LDAP structure looks like
DN :: uid=123, ou=users, dc=example, dc=com uid :: 123 mail :: bjason@example.com cn :: barbara sn :: jason userPassword :: test (plain test for now)
I have another similar entry in another branch (su) for "confluence admin", I did LDAP configuration in confluence and tested the bind with confluence user. Now for every user authentication I am assuming LDAP should be able to bind on any attribute other than DN. however I can not do that. when I try
By that, I assume that you are referring to a two step process where a privileged user binds (or anonymously binds) to the server, searches for the DN of a user based on some search criteria, unbinds, and then rebinds using the returned DN, and the password submitted by the client.
If that's a correct assumption, you might want to verify that:
* The privileged user has appropriate permissions to search in your user tree * The client (confluence) is submitting appropriate base, scope, and filter its search, and is retrieving the expected user DN * The client is then binding a second time with the DN and user password
to login from confluence using mail & password, this is what I see in my slapd.d logs :
connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 48 contents: op tag 0x60, time 1301434489 ber_get_next conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber:
dnPrettyNormal: <uid=234,ou=su,dc=example,dc=com>
<<< dnPrettyNormal: <uid=234,ou=su,dc=example,dc=com>, <uid=234,ou=su,dc=example,dc=com> do_bind: version=3 dn="uid=234,ou=su,dc=example,dc=com" method=128 bdb_dn2entry("uid=234,ou=su,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: got id=0x1 => bdb_dn2id("ou=su,dc=example,dc=com") <= bdb_dn2id: got id=0x4 => bdb_dn2id("uid=234,ou=su,dc=example,dc=com") <= bdb_dn2id: got id=0x7 entry_decode: "uid=234,ou=su,dc=example,dc=com" <= entry_decode(uid=234,ou=su,dc=example,dc=com) do_bind: v3 bind: "uid=234,ou=su,dc=example,dc=com" to "uid=234,ou=su,dc=example,dc=com" send_ldap_result: conn=1000 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 144 contents: op tag 0x63, time 1301434489 ber_get_next conn=1000 op=1 do_search ber_scanf fmt ({miiiib) ber:
dnPrettyNormal: <ou=user,dc=example,dc=com>
<<< dnPrettyNormal: <ou=user,dc=example,dc=com>, <ou=user,dc=example,dc=com> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: => get_ctrls ber_scanf fmt ({m) ber: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) <= get_ctrls: n=1 rc=0 err="" ==> limits_get: conn=1000 op=1 self="uid=234,ou=su,dc=example,dc=com" this="ou=user,dc=example,dc=com" => bdb_search bdb_dn2entry("ou=user,dc=example,dc=com") => bdb_dn2id("ou=user,dc=example,dc=com") <= bdb_dn2id: got id=0x3 entry_decode: "ou=user,dc=example,dc=com" <= entry_decode(ou=user,dc=example,dc=com) search_candidates: base="ou=user,dc=example,dc=com" (0x00000003) scope=2 => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read: failed (-30988) <= bdb_equality_candidates: id=0, first=0, last=0
It looks like the search is not returning any entries. From your confluence server, can you perform an ldapsearch as your privileged user to see if you get any entries returned?