LDAP Programming
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsDatabasesLDAP Programming
Reload this Page

Anonymous binding, no search allowed


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old May 7th, 2012, 06:45 AM
mjh24 mjh24 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: May 2012
Posts: 2 mjh24 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 44 m 53 sec
Reputation Power: 0
Anonymous binding, no search allowed
Hi,

I'm trying to figure out how to set up an LDAP authentication in Apache. We are using Collabnet's Subversion Edge (2.2.0) which runs on Apache. SVN Edge does not have its own LDAP modules, but uses the ones in Apache.

For some reason we have two LDAP servers (don't ask me). Server A allows binding and searching. Given the proper base DN, bind DN and bind password I'm able to browse this server. It contains lots of information about users in a neat hierarchy. However, it does not contain user passwords and therefore it's not possible to use it for the actual authentication.

Along comes another LDAP server B. This server does not allow binding or searching. Nonetheless, it allows anonymous binding and is supposed to contain all the data needed for the authentication process: usernames and passwords without hierarchies. I have to work on assumptions, since I don't physically have access to server B or the person who manages it. All I know about server B is its address and that it doesn't allow binding/searching. With anonymous binding the only thing I can see (using LDAP browser) is the ROOT DSE.

Any ideas of what I could do next? Is it somehow possible to authenticate users without searching? When I use anonymous binding and try to authenticate with ROOTDSE as bind DN, I get the following authentication failed message: [ldap_search_ext_s() for user failed][Operations Error]. It doesn't matter which of the following LDAP URLs I use, it gives the same error:

"ldap://some.host/rootDSE?sAMAccount?sub" "NONE"
"ldap://some.host/?sAMAccount?sub" "NONE"
"ldap://some.host/''?sAMAccount?sub" "NONE"

LDAP server B should be working properly, since it is being used to authenticate users in other environments, such as ECM systems. I don't know how to use Apache to authenticate against LDAP server using anonymous bind when searching is not possible? And yes, I don't even know if sAMAccount is the correct attribute, but in that case, if everything else was working, wouldn't it give a different kind of error message (object not found/password mismatch)?

Thank you for your time!
Reply With Quote
Reply

Viewing: Dev Shed ForumsDatabasesLDAP Programming > Anonymous binding, no search allowed

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap