[389-users] Users added in group via add member not able to authenticate

ashish nair nair.ashish13 at gmail.com
Mon Jul 19 11:16:24 UTC 2010 

Hi  Daniel,

When I created the group IT it came as cn=IT itself. Also this string that I
gave is provided in the apache configuration file in the VirtualHost of the
folder secure.
So anyone hitting that folder would required user authentication from the
ldap server connected using that string.
This works perfectly fine when someone login using ituser1 as its directly
under OU=shared but not with users under IT group.Seems that its not
authenticating other users as its not in this OU ( [User not found] )
Note that I can see all the members inside the IT group added as add member.


Thank you for helping.

On Mon, Jul 19, 2010 at 4:01 PM, Daniel Maher
<dma+389users at witbe.net<dma%2B389users at witbe.net>
> wrote:

> On 07/19/2010 12:16 PM, ashish nair wrote:
> > Hi Daniel,
> > When I try authenticating the users in the group IT, it is searching for
> > that user in that OU itself. But the users that are added as members in
> > the group are not able to because these are not present physically in
> > that OU.
> > auth_ldap authenticate: user user1 authentication failed; URI /secure
> > [User not found][No such object]
> > Thanks
> > On Mon, Jul 19, 2010 at 2:49 PM, ashish nair <nair.ashish13 at gmail.com
> > <mailto:nair.ashish13 at gmail.com>> wrote:
> >
> >     Hi Daniel,
> >     Thanks for responding.
> >     DC=ldapser,dc=com
> >     |
> >     OU=People
> >         |--------user1...usern
> >         |
> >         |--------OU=shared
> >                    |
> >                    |--------------uid=ituser1
> >                    |--------------cn=IT
> >     This is the structure of the the ldap server.I have added users
> >     user1...usern in the IT group via add member.
> >     Now when I give the OU of shared as path for authentication, its
> >     only accepting the logins
> >     of the ituser1 but not of the group IT.
> >     I need this setup as these users are common to a few OU's.
> >     The ldap connecting string that is there in apache
> >     "ldap://
> 10.209.22.65:389/ou=shared,ou=People,dc=ldapser,dc=com?uid?sub?(objectClass=*)
> "
> >     I tried both with uid and uniquemember. Both are not working .
> >     Thanks again.
>
> "cn=IT" ?  "cn" means "Common Name", and it generally contains a
> person's name.  Based on what you've described above, there is no IT group.
>
> The Apache error contains the string "/secure", but the LDAP search
> string you provided does not.  You might want to verify that.
>
> --
>  Daniel Maher <dma + 389users AT witbe DOT net>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100719/11db5269/attachment.html>

More information about the 389-users mailing list