Thanks Dieter.

After doing some wiresharking on a test server, I found that when the user entered his username/password, the server wasn't even doing an LDAP lookup.

On further analysis, we found he had a "£" in his password. I set Apache to also use local-file authentication (ahead of LDAP-lookup), and even that fails when a "£" is in the password there, using local passwords. I've tested other non-alphanumeric characters and all else are ok. Even "#" is ok. It just seems to be a problem when "£" is used in the password, Apache fails. Very strange (Apache 2.2).

But thanks for your reply.

Adrian

-----Original Message----- From: openldap-technical-bounces+adrian.marsh=ubiquisys.com@OpenLDAP.org [mailto:openldap-technical-bounces+adrian.marsh=ubiquisys.com@OpenLDAP.org] On Behalf Of Dieter Kluenter Sent: 14 November 2008 16:19 To: openldap-technical@openldap.org Subject: Re: Debugging a user authentication

"Adrian Marsh" Adrian.Marsh@ubiquisys.com writes:

Hi All,

Using Apache 2.2, how do I debug the LDAP lookups being made to a 2003 Domain Controller. Ive one user whos failing to authenticate, but all my other users do and Im trying to see who. He authenticates ok, same password via other mechanisms to the DC, but just not via the Apache LDAP lookup.

Just dump the tranmitted packages by means of tcpdump or wireshark. Get a hex to ascii table and transpose the hex values to ascii.

-Dieter