I just got LDAPUserFolder to authenticate against Active Directory. If it's a similar arrangement you have, the problem may be with the 'Login Name Attribute' and 'LDAP Login DN' combination you've chosen. If I'm not mistaken, when you choose 'cn', just the canonical name is needed to authenticate. As such, you would submit you 'cn' in the 'LDAP Login DN' field. In my case, my 'cn' is just my full name. Something that helped me a lot was downloading LDAP Browser by Softerra. Using that, I could better understand the structure of my LDAP server. Hope that was of some help. CN=Jacob Behm,OU=BIS,DC=bisinc,DC=net
-----Original Message----- From: Joel Burton [mailto:joel@joelburton.com] Sent: Monday, August 12, 2002 11:32 AM To: zope@zope.org Subject: [Zope] LDAPUserFolder never authorizes
I've installed LDAPUserFolder to test its suitability for an upcoming project. It seems to install fine, and I can add/update users through its web interface, but I can never get it to authorize a user from the LDAP database.
1. The LDAP installation:
OpenLDAP 2.0.25 installed from source onto a Linux box. slapd configuration is:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema
defaultsearchbase "dc=joelburton,dc=com" pidfile /usr/local/var/slapd.pid argsfile /usr/local/var/slapd.args
access to * by anonymous write
database ldbm suffix "dc=joelburton,dc=com" rootdn "cn=Manager,dc=joelburton,dc=com" rootpw MY_PASSWORD_IS_HERE directory /usr/local/var/openldap-ldbm index objectClass eq
I can succesfully perform searches from the command line.
2. python-ldap & Zope
Installed properly, can import it. Python 2.1.3, Zope 2.6.0a1.
3. LDAPUserFolder
Installed in Products directory. Not broken, no warnings.
In folder /ldap, have an LDAPUserFolder with following config:
Server: joelburton.com Not SSL Login Name Attribute: cn RDN Attribute: cn User Base DN: dc=joelburton,dc=com Scope=SUBTREE Group Storage: not in LDAP server LDAP Login DN: cn=Manager,dc=joelburton,dc=com User object classes: top,person Encryption: SHA Default user roles: Anonymous Authentication: Cookie
I can view my users, add a user (& check with ldap commandline tools that they were actually added)
4. LDAP data:
dn: dc=joelburton, dc=com objectClass: dcObject objectClass: organization o: Example Company dc: joelburton
dn: cn=Manager,dc=joelburton,dc=com objectClass: organizationalRole cn: Manager
dn: cn=bob,dc=joelburton,dc=com sn: bob givenName: bob cn: bob objectClass: top objectClass: person objectClass: inetorgperson userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
'bob' has been given the Manager role & it appears on the Users tab of the LDAPUserFolder.
5. The problem:
When I go to http://server/ldap/manage, and try logging in with user=bob, and his password, it never authenticates. I can log in with my user (located in site's root acl_users, not in LDAPUserFolder).
The log (turned onto 9, Debugging) reads:
(9) Aug 12 12:30:21: joel not found (getUser) (9) Aug 12 12:30:18: bob not found (getUser) (9) Aug 12 12:30:18: No data in _lookupuser for uid bob
Any pointers on where to start would be helpful, as would a LDIF file that I could import w/data that I could use demonstrat that this will work.
I'm not very knowledgable about LDAP, so it's possible that I've done something wrong with my LDAP setting -- but LDAP's commandline tools seem to be working fine.
Thanks!
- J.
--
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )