shibboleth-dev - Re: Shib 2.0, UsernamePassword handler, weird ldap error.....
Subject: Shibboleth Developers
List archive
- From: Daniel Fisher <>
- To:
- Subject: Re: Shib 2.0, UsernamePassword handler, weird ldap error.....
- Date: Wed, 05 Dec 2007 18:10:20 -0500
- Organization: Virginia Tech
That's an interesting error.
My first two guesses would be:
1) that user (or all users) aren't allowed to perform simple binds
(unlikely.....)
2) that user doesn't have the userPassword attribute or the attribute does exist but it has no value
I would send that log to your ldap admin and see what configuration they are using that might cause that.
wrote:
I'm trying this handler.... with this config file for the VT connector:
ShibUserPassAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
host="directory.cis-qas.brown.edu" port="636"
base="ou=People,dc=brown,dc=edu"
ssl="true"
serviceUser="cn=stc_query,ou=Special Users,dc=brown,dc=edu"
serviceCredential="XXX"
userField="uid"
;
};
and its failing with this:
[LDAP: error code 48 - Inappropriate Authentication]
and this is what I see in the Sun ldap server logs:
[05/Dec/2007:16:51:49 -0500] conn=112921 op=-1 msgId=-1 - fd=117 slot=117 LDAPS connection from 128.148.46.37 to 128.148.19.69
[05/Dec/2007:16:51:49 -0500] conn=112921 op=0 msgId=1 - BIND dn="cn=stc_query,ou=Special Users,dc=brown,dc=edu" method=128 version=3
[05/Dec/2007:16:51:49 -0500] conn=112921 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=stc_query,ou=special users,dc=brown,
dc=edu"
[05/Dec/2007:16:51:49 -0500] conn=112921 op=1 msgId=2 - SRCH base="ou=people,dc=brown,dc=edu" scope=1 filter="(&(uid=stc))" attrs="1.1"
[05/Dec/2007:16:51:50 -0500] conn=112921 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=1
[05/Dec/2007:16:51:50 -0500] conn=112922 op=-1 msgId=-1 - fd=232 slot=232 LDAPS connection from 128.148.46.37 to 128.148.19.69
[05/Dec/2007:16:51:50 -0500] conn=112922 op=0 msgId=1 - BIND dn="brownUUID=825df2cd-efb4-63c1-58d5-df9cab59112d,ou=People,dc=brown,dc=edu"
method=128 version=3
[05/Dec/2007:16:51:50 -0500] conn=112922 op=0 msgId=1 - RESULT err=48 tag=97 nentries=0 etime=0
[05/Dec/2007:16:51:50 -0500] conn=112922 op=-1 msgId=-1 - closing - B1
[05/Dec/2007:16:51:50 -0500] conn=112922 op=-1 msgId=-1 - closed.
[05/Dec/2007:16:51:54 -0500] conn=112918 op=6 msgId=7 - UNBIND
[05/Dec/2007:16:51:54 -0500] conn=112918 op=6 msgId=-1 - closing - U1
[05/Dec/2007:16:51:54 -0500] conn=112918 op=-1 msgId=-1 - closed.
the VT code BINDs as my serviceUser, searches for me, finds me, tries to BIND as me (brownUUID=825df ...), which fails
... for reasons that I'm having trouble guessing..
suggestions?
- Shib 2.0, UsernamePassword handler, weird ldap error....., Steven_Carmody, 12/05/2007
- Re: Shib 2.0, UsernamePassword handler, weird ldap error....., Daniel Fisher, 12/05/2007
Archive powered by MHonArc 2.6.16.