LDAP Authentication

So if that is the case is $auth_ldap_bind_dn supposed to be
the
distigusihed name of my domain admin?

If it helps, I keep getting the following message,

Could not bind to LDAP server



-----Original Message-----
From: David Morton [mailto:mortondadgrmm.net] 
Sent: June 13, 2006 3:35 PM
To: Dan OConnor
Cc: maia-usersrenaissoft.com
Subject: Re: [Maia-users] LDAP Authentication

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan OConnor wrote:

> Also what is the purpose of $auth_ldap_password, I have
done an ldap
> connection before but I needed to provide a user /
password to connect
> to the ldap server, I assume that?s what it?s for but
there is no
> username to go with it?

it goes with $auth_ldap_bind_dn

Some other on the list have connected Maia to AD before, so
hopefully
they can
shed more light on the issue.


- --
David Morton
Maia Mailguard                        - http://www.maiamailguard
.com
Morton Software Design and Consulting - http://www.dgrmm.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


iD8DBQFEjyF5Uy30ODPkzl0RAljUAKDBUUuJtSWPsdxssxu5uOmZQlDdPACd
Huzp
OS5SJU2BfsmeOtuR2PgmnCk=
=Zm9X
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

On Tue, Jun 13, 2006 at 03:52:06PM -0500, Dan OConnor wrote:
> So if that is the case is $auth_ldap_bind_dn supposed
to be the
> distigusihed name of my domain admin?
> 
> If it helps, I keep getting the following message,
> 
> Could not bind to LDAP server


$auth_ldap_bind_dn   is your DN you bind with to your LDAP
 Its usually something like cn=binduser,dc=foo,dc=bar where
 binduser is the username to bind to your tree, normally a
user
 which only has read access.

$auth_ldap_password  is the password, if necessary to bind
                     to your LDAP, which applies to the user
                     mentioned in $auth_ldap_bind_dn



and attention - you want to bind to an MS-AD - did you set

$auth_ldap_version = 3;  

The default is 2, but AD (at least on W2k3) needs Ldap
Version 3
for successful bind.

And the following should be set (default is 1)

$auth_ldap_opt_referrals = 0;

hope that helps
regards, matthias wamser

> 
> -----Original Message-----
> From: David Morton [mailto:mortondadgrmm.net] 
> Sent: June 13, 2006 3:35 PM
> To: Dan OConnor
> Cc: maia-usersrenaissoft.com
> Subject: Re: [Maia-users] LDAP Authentication
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Dan OConnor wrote:
> 
> > Also what is the purpose of $auth_ldap_password, I
have done an ldap
> > connection before but I needed to provide a user /
password to connect
> > to the ldap server, I assume that?s what it?s for
but there is no
> > username to go with it?
> 
> it goes with $auth_ldap_bind_dn
> 
> Some other on the list have connected Maia to AD
before, so hopefully
> they can
> shed more light on the issue.
> 
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

Matthias Wamser wrote:
> On Tue, Jun 13, 2006 at 03:52:06PM -0500, Dan OConnor
wrote:
>   
>> So if that is the case is $auth_ldap_bind_dn
supposed to be the
>> distigusihed name of my domain admin?
>>
>> If it helps, I keep getting the following message,
>>
>> Could not bind to LDAP server
>>     
>
>
> $auth_ldap_bind_dn   is your DN you bind with to your
LDAP
>  Its usually something like cn=binduser,dc=foo,dc=bar
where
>  binduser is the username to bind to your tree,
normally a user
>  which only has read access.
>
> $auth_ldap_password  is the password, if necessary to
bind
>                      to your LDAP, which applies to the
user
>                      mentioned in $auth_ldap_bind_dn
>
>
>
>
>   
Why does it need to bind?  LDAP authentication shouldn't
require a bind 
in normal circumstances unless I'm horribly misinformed.



-- 
Aaron Bennett
Sr. Unix Systems Administrator
Clark University ITS
abennettclarku.edu     |     508.781.7315

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

Depends on your LDAP configuration -- you can choose to
disable  
anonymous binds.  I believe that AD (which is what the
original  
question was about) does not allow anonymous binds at all.

-Eric


#########################################################
Eric Pierce, RHCE                  Phone: (813) 974-8868
Academic Computing                 Fax:   (813) 974-1799
University of South Florida        Email: epierceusf.edu



On Jun 14, 2006, at 11:05 AM, Aaron Bennett wrote:
>>
> Why does it need to bind?  LDAP authentication
shouldn't require a  
> bind
> in normal circumstances unless I'm horribly
misinformed.
>
>
>
> -- 
> Aaron Bennett
> Sr. Unix Systems Administrator
> Clark University ITS
> abennettclarku.edu     |     508.781.7315
>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

On Wed, Jun 14, 2006 at 03:58:35PM -0400, Eric Pierce wrote:
> Depends on your LDAP configuration -- you can choose to
disable  
> anonymous binds.  I believe that AD (which is what the
original  
> question was about) does not allow anonymous binds at
all.
> 
Yes, this is the point. 

regards, Matthias
> 
> On Jun 14, 2006, at 11:05 AM, Aaron Bennett wrote:
> >>
> > Why does it need to bind?  LDAP authentication
shouldn't require a  
> > bind
> > in normal circumstances unless I'm horribly
misinformed.

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users