You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/03/02 14:49:21 UTC
DO NOT REPLY [Bug 46787] New: authnz_ldap_module: [Bad search
filter] error
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
Summary: authnz_ldap_module: [Bad search filter] error
Product: Apache httpd-2
Version: 2.2.3
Platform: PC
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_authn_ldap
AssignedTo: bugs@httpd.apache.org
ReportedBy: kekc.reg@gmail.com
I have a strange error with authnz_ldap_module.
I have searched the web and tried a lot of combinations, but nothing helps.
This list is my only hope (ok, not the only, I cab also try
svnserve+sasl+ldap).
Here is my subversion.conf:
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /repos>
DAV svn
SVNPath /var/www/svn/repos
AuthName "Test repository"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl "ldap://server.three.two.one:389/dc=three, dc=two,
dc=one?sAMAccountName?sub?(objectClass=*) NONE"
AuthLDAPBindDN "admin@three.two.one"
AuthLDAPBindPassword "password"
Require valid-user
</Location>
And here are related error.log strings:
...
[Thu Feb 26 16:47:11 2009] [debug] mod_authnz_ldap.c(373): [client
192.168.12.138] [11270] auth_ldap authenticate: using URL
ldap://server.three.two.one:389/dc=three, dc=two,
dc=one?sAMAccountName?sub?(objectClass=*) NONE
[Thu Feb 26 16:47:11 2009] [warn] [client 192.168.12.138] [11270]
auth_ldap authenticate: user authentication failed; URI /repos
[ldap_search_ext_s() for user failed][Bad search filter]
Brawser show 500 Internal Server Error.
Please help me!
Thanks in advance and good luck!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46787] authnz_ldap_module: [Bad search filter]
error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Eric Covener <co...@gmail.com> 2009-03-02 06:26:36 PST ---
> AuthLDAPUrl "ldap://server.three.two.one:389/dc=three, dc=two,
dc=one?sAMAccountName?sub?(objectClass=*) NONE"
"NONE" should be the 2nd argument, not inside the first argument by virtue of
the enclosing quotes.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46787] authnz_ldap_module: [Bad search filter]
error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
--- Comment #4 from Anton Yakimov <ke...@gmail.com> 2009-03-03 01:33:08 PST ---
(In reply to comment #3)
> (In reply to comment #2)
>
> > AuthLDAPUrl
> > "ldap://server.three.two.one:389/dc=three,dc=two,dc=one?sAMAccountName"
> > AuthLDAPBindDN "CN=Admin,OU=Administrators,DC=tecom,DC=nnov,DC=ru"
> > AuthLDAPBindPassword "password"
>
> Include logs, and a binary packet trace if you can (the bind password will be
> present in the trace)
Error Log is here:
[Thu Feb 26 16:47:11 2009] [debug] mod_authnz_ldap.c(373): [client
192.168.12.138] [11270] auth_ldap authenticate: using URL
ldap://server.three.two.one:389/dc=three, dc=two,
dc=one?sAMAccountName?sub?(objectClass=*) NONE
[Thu Feb 26 16:47:11 2009] [warn] [client 192.168.12.138] [11270]
auth_ldap authenticate: user authentication failed; URI /repos
[ldap_search_ext_s() for user failed][Bad search filter]
I don't klnow how to catch "binary packet trace", sorry.
Would be glad, if you show me how)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46787] authnz_ldap_module: [Bad search filter]
error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
--- Comment #3 from Eric Covener <co...@gmail.com> 2009-03-02 07:29:57 PST ---
(In reply to comment #2)
> AuthLDAPUrl
> "ldap://server.three.two.one:389/dc=three,dc=two,dc=one?sAMAccountName"
> AuthLDAPBindDN "CN=Admin,OU=Administrators,DC=tecom,DC=nnov,DC=ru"
> AuthLDAPBindPassword "password"
Include logs, and a binary packet trace if you can (the bind password will be
present in the trace)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46787] authnz_ldap_module: [Bad search filter]
error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |INVALID
--- Comment #5 from Eric Covener <co...@gmail.com> 2009-03-03 04:01:16 PST ---
(In reply to comment #4)
> (In reply to comment #3)
> > (In reply to comment #2)
> >
> > > AuthLDAPUrl
> > > "ldap://server.three.two.one:389/dc=three,dc=two,dc=one?sAMAccountName"
> > > AuthLDAPBindDN "CN=Admin,OU=Administrators,DC=tecom,DC=nnov,DC=ru"
> > > AuthLDAPBindPassword "password"
> >
> > Include logs, and a binary packet trace if you can (the bind password will be
> > present in the trace)
>
> Error Log is here:
> [Thu Feb 26 16:47:11 2009] [debug] mod_authnz_ldap.c(373): [client
> 192.168.12.138] [11270] auth_ldap authenticate: using URL
> ldap://server.three.two.one:389/dc=three, dc=two,
> dc=one?sAMAccountName?sub?(objectClass=*) NONE
That error doesn't match the configuration quoted in this reply.
It does match the exact configuration error I've already illustrated, where the
NONE is part of the LDAP URI via quotes.
> I don't klnow how to catch "binary packet trace", sorry.
> Would be glad, if you show me how)
Bugzill is for bug reports only, not working through coinfiguration issues.
http://httpd.apache.org/userslist.html
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46787] authnz_ldap_module: [Bad search filter]
error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
Anton Yakimov <ke...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
--- Comment #2 from Anton Yakimov <ke...@gmail.com> 2009-03-02 06:42:27 PST ---
Hi Eric!
You could be more glad and not marking issue "RESOLVED INVALID" without
confirmation..
I have tried a lot of variants, suggested in users@httpd and nothng helps.
Your "help" doesn't help also.
Here is another variant:
AuthLDAPUrl
"ldap://server.three.two.one:389/dc=three,dc=two,dc=one?sAMAccountName"
AuthLDAPBindDN "CN=Admin,OU=Administrators,DC=tecom,DC=nnov,DC=ru"
AuthLDAPBindPassword "password"
But I get the same error.
PS I must say, that I have tried two linux machines in our network:
1) CentOS, apache 2.2.3
2) Ubuntu, apache 2.2.9
And the problem is in both.
But I can't say, that it's a LDAP (AD) server, because out other ldap clients
work OK:
KnowledgeTree, Mantis, ldapsearch...
Thank you anyway!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46787] authnz_ldap_module: [Bad search filter]
error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|mod_authn_ldap |mod_authz_ldap
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46787] authnz_ldap_module: [Bad search filter]
error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46787
--- Comment #6 from Anton Yakimov <ke...@gmail.com> 2009-03-03 06:11:29 PST ---
Thanks, sorry for confusion..
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org