Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: mophilly on March 15, 2013, 11:57:08 PM
-
I am trying to authenticate a user from an application running on a client of the SME 8 server. The user is a member of the Users group in SME. The client machine is a CentOS 5 installed for testing although I have confirmed the following behavior on a Mac OS X client as well.
This works when the admin password is entered:
ldapsearch -x -h ldap.mydomain.com -p 389 -b dc=ldap,dc=mydomain,dc=com "(uid=mark)" cn sn displayName
However using the admin password in the client app is not wise.
This fails when run on the client machine or run on the SME server console:
ldapwhoami -n -v -h ldap.mydomain.com -p 389 -D "ou=Users,uid=mark,dc=mydomain,dc=com" -w markspwd -x;
The output is...
ldap_initialize( ldap://ldap.mydomain.com:389 )
ldap_bind: Invalid credentials (49)
I have verified the password. I don't see what is missing.
Any help and suggestions greatly appreciated.
-
ldapsearch -x -h ldap.mydomain.com -p 389 -b dc=ldap,dc=mydomain,dc=com "(uid=mark)" cn sn displayName
Here, you're using anonymous bind (no -D arg), so you just see what an anonymous user can see without any other security requirement.
ldapwhoami -n -v -h ldap.mydomain.com -p 389 -D "ou=Users,uid=mark,dc=mydomain,dc=com" -w markspwd -x;
And here, you're trying to bind to the LDAP server as a valid user. For this to work, you must use either SSL or TLS. You can use SSL on port 636 with -H ldaps://ldap.mydomain.com instead of -h ldap.mydomain.com -p 389. Or you can use TLS on port 389, for this, you just have to add -ZZ to your commandline.
In any case, for this to work, you need to be able to verify the certificate of your SME Server box.
Regards, Daniel
-
Thank you, Daniel. I appreciate the response, and I am glad to have some direction to guide my efforts.