Solved

Problem by asking password of LDAP

Posted on 2007-11-20
2
1,391 Views
Last Modified: 2012-06-22
Hi, I try to authentify with Digest_LDAP_auth my LDAP, but I get always an error statement.
I use in LDAP the basedn dc=projekt1,dc=fb2,dc=fff,dc=de.
I got an OU=daemon and UID=squid.
I got in OU=user and UID=test.
With the command :

digest_ldap_auth -v 3 -b "ou=user,dc=projekt1,dc=fb2,dc=fh-frankfurt,dc=de" -D "ou=user,ou=daemon,dc=projekt1,dc=fb2,dc=fff,dc=de" -u "uid=squid" -A "userPassword"-e -w test -h 192.xxx.xxx.xxx:389
test test
I tried to login to LDAP with the userid=squid and check if the user test exsist with a password.

The result of these is an ERR.

Can someone help me?
THX

0
Comment
Question by:eb2007
2 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 20332136
Probably you have already read this HOWTO: http://wiki.squid-cache.org/KnowledgeBase/Using_the_digest_LDAP_authetication_helper

> I use in LDAP the basedn dc=projekt1,dc=fb2,dc=fff,dc=de.

It seems you are not. You are using this base dn (-b flag): ou=user,dc=projekt1,dc=fb2,dc=fh-frankfurt,dc=de

> I tried to login to LDAP with the userid=squid

You are not. You are trying to bind to LDAP as a user:
ou=user,ou=daemon,dc=projekt1,dc=fb2,dc=fff,dc=de

And here are 2 strange things:
1) Why in base DN you are using "dc=fh-frankfurt" and in user DN "dc=fff". Base DN syntax is impotent, which one is really yours?
2) Why in base DN you are using "ou=user,dc=projekt1" while in user DN "ou=user,ou=daemon,dc=projekt1,dc=fb2,dc=fff,dc=de". Do you have organization unit "daemon" and below is organization unit "user"?

> ... and check if the user test exsist with a password
Again, you are not. auth_ldap_digest accepts input string as a stdin, not as separate parameters of command line, so you should test it with:
echo "test:realm_name_goes_here" | digest_ldap_auth -v 3 -b ...

But I can't help you because I don't know what is a structure of your LDAP tree, what attribute keeps digest value, what attribute is used to disignate user and form user DN (probably 'uid'), what user is LDAP admin and what access rights do you have on your LDAP attributes.



0
 

Author Comment

by:eb2007
ID: 20403307
Thanks lot for you help.
My problem was, that my test was wrong.
I did´t know that i have to do it like this.
     echo "test:realm_name_goes_here" | digest_ldap_auth -v 3 -b ...

Our ldap konfigured a way, that it can check a certificate.
How can I configure squid a way, so that it can work with certificate.
We have already created a certificate.

THX
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now