Installation

Authenication problems

Authenication problems

by Peter Staab -
Number of replies: 2
I have been trying to get webwork to authenticate users using our LDAP server, a microsoft product I believe. I had our IT dept set up a special user to bind to and followed the instructions with the additions for such a special user and get the following error when logging in as myself:

AUTH LDAP: bind error 49: The wrong password was supplied or the SASL credentials could not be processed

I am still able to login using the password that I have in webwork (not my ldap password), meaning it's skipping that. I assume that the error comes from the server not getting the correct username/password for the special user.

I have tried a number of ways to try the SEARCHDN variable, with no luck. I wonder if anyone has any suggestions. Also, if anyone has been successful with this with a microsoft LDAP server, if there was anything unusual that you needed to do.

Peter
In reply to Peter Staab

Re: Authenication problems

by Mark Hamrick -
Peter, I am assuming that you have the server installed with PHP not just mod_perl when I recommend this, but I would try the PHP code below to just verify that your machine is connecting to the server properly. I found it was easier to get debugging done on the PHP side due to the availability of resources locally.

http://wdg.uncc.edu/LDAPS_Authentication_to_AD_using_PHP_on_RHEL5

If this works, at least you know it is an issue with the PERL code, not a machine setup issue with certificates or something else.
In reply to Mark Hamrick

Re: Authenication problems

by Peter Staab -
Mark,

I few things I'm bit confused with. First of all, does the webwork server need to be running openldap? I was following through the steps on the page you suggested and #8 seems to suggest this. However I thought that didn't need to be running to access the AD server.

Also, It appears that our ldap server is not running securely. Although I know of security problems, do you know if that would be causing access problems? I have put in ldap:// protocol instead of ldaps:// in the configuration files.