[Zope] LDAPUserFolder never authorizes

Jacob Behm poster@bitstream.net
Mon, 12 Aug 2002 12:04:40 -0500


I just got LDAPUserFolder to authenticate against Active Directory.  If
it's a similar arrangement you have, the problem may be with the 'Login
Name Attribute' and 'LDAP Login DN' combination you've chosen.  If I'm
not mistaken, when you choose 'cn', just the canonical name is needed to
authenticate.  As such, you would submit you 'cn' in the 'LDAP Login DN'
field.  In my case, my 'cn' is just my full name.

Something that helped me a lot was downloading LDAP Browser by Softerra.
Using that, I could better understand the structure of my LDAP server.

Hope that was of some help.

CN=Jacob Behm,OU=BIS,DC=bisinc,DC=net

> -----Original Message-----
> From: Joel Burton [mailto:joel@joelburton.com]
> Sent: Monday, August 12, 2002 11:32 AM
> To: zope@zope.org
> Subject: [Zope] LDAPUserFolder never authorizes
> 
> I've installed LDAPUserFolder to test its suitability for an upcoming
> project. It seems to install fine, and I can add/update users through
> its web interface, but I can never get it to authorize a user from the
> LDAP database.
> 
> 
> 1. The LDAP installation:
> 
> OpenLDAP 2.0.25 installed from source onto a Linux box.
> slapd configuration is:
> 
> 
>     include     /usr/local/etc/openldap/schema/core.schema
>     include     /usr/local/etc/openldap/schema/cosine.schema
>     include     /usr/local/etc/openldap/schema/inetorgperson.schema
> 
>     defaultsearchbase "dc=joelburton,dc=com"
>     pidfile     /usr/local/var/slapd.pid
>     argsfile    /usr/local/var/slapd.args
> 
>     access to * by anonymous write
> 
>     database    ldbm
>     suffix      "dc=joelburton,dc=com"
>     rootdn      "cn=Manager,dc=joelburton,dc=com"
>     rootpw      MY_PASSWORD_IS_HERE
>     directory   /usr/local/var/openldap-ldbm
>     index       objectClass eq
> 
> I can succesfully perform searches from the command line.
> 
> 
> 2. python-ldap & Zope
> 
> Installed properly, can import it. Python 2.1.3, Zope 2.6.0a1.
> 
> 
> 3. LDAPUserFolder
> 
> Installed in Products directory. Not broken, no warnings.
> 
> In folder /ldap, have an LDAPUserFolder with following config:
> 
>   Server: joelburton.com                   Not SSL
>   Login Name Attribute: cn
>   RDN Attribute: cn
>   User Base DN: dc=joelburton,dc=com       Scope=SUBTREE
>   Group Storage: not in LDAP server
>   LDAP Login DN: cn=Manager,dc=joelburton,dc=com
>   User object classes: top,person
>   Encryption: SHA
>   Default user roles: Anonymous
>   Authentication: Cookie
> 
> I can view my users, add a user (& check with ldap commandline tools
> that they were actually added)
> 
> 
> 4. LDAP data:
> 
>     dn: dc=joelburton, dc=com
>     objectClass: dcObject
>     objectClass: organization
>     o: Example Company
>     dc: joelburton
> 
>     dn: cn=Manager,dc=joelburton,dc=com
>     objectClass: organizationalRole
>     cn: Manager
> 
>     dn: cn=bob,dc=joelburton,dc=com
>     sn: bob
>     givenName: bob
>     cn: bob
>     objectClass: top
>     objectClass: person
>     objectClass: inetorgperson
>     userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
> 
> 'bob' has been given the Manager role & it appears on the Users tab of
> the LDAPUserFolder.
> 
> 
> 5. The problem:
> 
> When I go to http://server/ldap/manage, and try logging in with
> user=bob, and his password, it never authenticates. I can log in with
my
> user (located in site's root acl_users, not in LDAPUserFolder).
> 
> The log (turned onto 9, Debugging) reads:
> 
>     (9) Aug 12 12:30:21: joel not found (getUser)
>     (9) Aug 12 12:30:18: bob not found (getUser)
>     (9) Aug 12 12:30:18: No data in _lookupuser for uid bob
> 
> 
> 
> Any pointers on where to start would be helpful, as would a LDIF file
> that I could import w/data that I could use demonstrat that this will
> work.
> 
> I'm not very knowledgable about LDAP, so it's possible that I've done
> something wrong with my LDAP setting -- but LDAP's commandline tools
> seem to be working fine.
> 
> Thanks!
> 
> - J.
> 
> 
> --
> 
> Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim:
> wjoelburton
> Independent Knowledge Management Consultant
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )