"Gaël Lams"
Hi,
AuthLDAPEnabled on AuthType Basic AuthName "Test Directory" AuthLDAPURL ldap://192.168.12.29/?cn AuthLDAPCompareDNOnServer off AuthLDAPGroupAttributeIsDN on AuthLDAPRemoteUserIsDN on AuthLDAPGroupAttribute member #Require group CN=SNC Require valid-user </Directory> I think you should use
Did you perform an ldapsearch against you domino directory and do you see in the members list the use you are trying to authenticate? you should use this for the ldapsearch: "(&(objectClass=dominoGroup)(cn=SNC))"
I can do ldapsearch with success. ldapsearch -x -H ldap://192.168.12.29 "(&(CN=SNC)(member=CN=Dale Schuster,O=SNCustomer))" dn # extended LDIF # # LDAPv3 # base <> with scope sub # filter: (&(CN=SNC)(member=CN=Dale Schuster,O=SNCustomer)) # requesting: dn # # SNC dn: CN=SNC # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Or even the following: ldapsearch -x -H ldap://192.168.12.29 -D "cn=SNC" member="CN=Dale Schuster,O=SNCustomer" dn # extended LDIF # # LDAPv3 # base <> with scope sub # filter: member=CN=Dale Schuster,O=SNCustomer # requesting: dn # # SNC dn: CN=SNC # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Using the cn should be fine. Are you sure you really need " AuthLDAPGroupAttributeIsDN on" and "AuthLDAPRemoteUserIsDN on". I would remove them, especially because I see them indicated as experimental on the apache's web site and I don't think you need them.
I removed both of those directives, and the result is still exactly the same. It is frustrating not seeing anything in the logs. Do you know of what I can do to log more info? Perhaps there is something from openLDAP I can view. ~Dale -- Dale Schuster Systems Administrator Sierra Nevada Corporation Information Systems -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org