Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   Problem in logging with LDAP and passwd, posted by Stefano Lacaprara on Mon Feb 22 12:29:16 2021 
    icon2.gif   Re: Problem in logging with LDAP and passwd, posted by Sebastian Schenk on Tue Mar 2 16:03:48 2021 
       icon2.gif   Re: Problem in logging with LDAP and passwd, posted by Laurent Jean-Rigaud on Fri Mar 5 01:43:20 2021 
          icon2.gif   Re: Problem in logging with LDAP and passwd, posted by Sebastian Schenk on Fri Mar 5 13:54:13 2021 
             icon2.gif   Re: Problem in logging with LDAP and passwd, posted by Laurent Jean-Rigaud on Sun Mar 14 17:02:49 2021 
    icon2.gif   Re: Problem in logging with LDAP and passwd, posted by scott on Tue Mar 19 16:58:52 2024 
Message ID: 69313     Entry time: Tue Mar 2 16:03:48 2021     In reply to: 69307     Reply to this: 69314
Icon: Reply  Author: Sebastian Schenk  Author Email: sebastian.schenk@physik.uni-halle.de 
Category: Question  OS: Linux  ELOG Version: ELOG V3.1.3- 
Subject: Re: Problem in logging with LDAP and passwd  
Dear Stefano,

the support for the LDAP is limited. As stated in the documentation "on an as-is basis".
We use the AD of our university, but I had to re-write a part of the elog auth.c to match the LDAP-tags, so this could also be a issue.

As for your question.
If some of the logins a working fine, then the other ones could have issues with the DN string, maybe...

Your 2 lines of the logfile output show 2 (attempt) directly after each other.
There should be some lines regarding LDAP in between.
I get the (attempt) and directly (success) case only for FILE authentication.

If you have left out these lines on purpose, ignore the following suggestion.
Is it possible that you have previously used FILE authentication for the users, who could login via LDAP successfully?
If yes, delete a user in passwd.file, which could successfully login via LDAP and let them login again.
This should prove, that there is no artifact from previous FILE authentication.

An other idea may be, check if the users have non-standard characters in their name, mail or password.
e.g. I had problems with german umlauts and your mail ends in it, so there could be some other special charaters.

I hope, I could help.
Best wishes,
Sebastian


> Dear experts,
>    I have a logbook which has authentication as follow
> 
> Authentication = LDAP, File
> Password file = PASSWD.file
> LDAP server = ldaps://it-ldap-XXX.XXX.XX:1636
> LDAP userbase = ou=people,ou=RGY,o=XXX,c=XX
> LDAP login attribute = uid
> LDAP register = 0
> Self register = 0
> Allow password change = 0
> 
> Some of the my user (but not all) have issue in accessing this protected elogbook.
> The ldap password is correct (we checked).
> What I see in the log is as follow:
> 
> 22-Feb-2021 11:25:51 [XXX.YYY.ZZZ.QQ] {Beam Run} LOGIN user "USERNAME" (attempt)
> 22-Feb-2021 11:25:59 [XXX.YYY.ZZZ.QQ] {Beam Run} LOGIN user "USERNAME" (attempt)
> 
> The user USERNAME is present in PASSWD.file.
> 
> For other user, for which the login works, I do see an (attempt) and then (success)
> 
> we tried the standard stuff: clear cache/cookies and with different browser. We also tried to remove the user from PASSWD.file and 
> create it again, but nothing has worked.
> 
> Any suggestion how I can debug this problem?
> 
> Thanks in advance,
>   Stefano
ELOG V3.1.5-fe60aaf