3:49 a.m.
Hi All,
Using Apache 2.2, how do I debug the LDAP lookups being made to a 2003
Domain Controller. Ive one user whos failing to authenticate, but all
my other users do and Im trying to see who. He authenticates ok, same
password via other mechanisms to the DC, but just not via the Apache
LDAP lookup.
I'm an LDAP novice so am looking for names of debug tools/methods etc.
Thanks,
Adrian
8:19 a.m.
"Adrian Marsh" <Adrian.Marsh(a)ubiquisys.com> writes:
Hi All,
Using Apache 2.2, how do I debug the LDAP lookups being made to a 2003
Domain Controller. Ive one user whos failing to authenticate, but all
my other users do and Im trying to see who. He authenticates ok, same
password via other mechanisms to the DC, but just not via the Apache
LDAP lookup.
Just dump the tranmitted packages by means of tcpdump or
wireshark. Get a hex to ascii table and transpose the hex values to
ascii.
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.180.1555.7770535
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
8:34 a.m.
Thanks Dieter.
After doing some wiresharking on a test server, I found that when the user entered his
username/password, the server wasn't even doing an LDAP lookup.
On further analysis, we found he had a "£" in his password.
I set Apache to also use local-file authentication (ahead of LDAP-lookup), and even that
fails when a "£" is in the password there, using local passwords. I've
tested other non-alphanumeric characters and all else are ok. Even "#" is ok.
It just seems to be a problem when "£" is used in the password, Apache fails.
Very strange (Apache 2.2).
But thanks for your reply.
Adrian
-----Original Message-----
From: openldap-technical-bounces+adrian.marsh=ubiquisys.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+adrian.marsh=ubiquisys.com@OpenLDAP.org] On Behalf Of
Dieter Kluenter
Sent: 14 November 2008 16:19
To: openldap-technical(a)openldap.org
Subject: Re: Debugging a user authentication
"Adrian Marsh" <Adrian.Marsh(a)ubiquisys.com> writes:
Hi All,
Using Apache 2.2, how do I debug the LDAP lookups being made to a 2003
Domain Controller. Ive one user whos failing to authenticate, but all
my other users do and Im trying to see who. He authenticates ok, same
password via other mechanisms to the DC, but just not via the Apache
LDAP lookup.
Just dump the tranmitted packages by means of tcpdump or
wireshark. Get a hex to ascii table and transpose the hex values to
ascii.
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.180.1555.7770535
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
5320
days inactive
5320
days old
openldap-technical@openldap.org
2 comments
2 participants
participants (2)
-
Adrian Marsh -
Dieter Kluenter