Apache2 and authnz_ldap problem: "value does not conform to assertion syntax"
Hello Team,
my configuration: Debian Etch amd64, apache2, openldap, all of
them are from package, not from source.
I would like to authenticate the users when them want to access a
directory. Here is the relevant part of apache config:
AuthType Basic
AuthName "Server"
AuthBasicProvider ldap
AuthLDAPUrl "ldap://localhost:389/dc=domain,dc=hu?cn?sub?objectClass=*";
AuthLDAPBindDN cn=httpd,dc=domain,dc=hu
AuthLDAPBindPassword ****
Require ldap-user
If I want to access the directory, browser drops more-and-more
the auth pop-up's, however I type the good password. If I type
bad password (advisedly), in error.log there will be a line:
...user airween: authentication failure for "/": Password
Mismatch
case of good password in error.log there is nothing, in
access.log there are several lines with http 401 return code...
But, in syslog openldap logs these lines:
send_ldap_result: err=21 matched="" text="value does not conform
to assertion syntax"
I tried to look the traffic between ldap and apache, and tried to
compare those results (tcpdump). When apache wants to authenticate,
in the step "compare" it sends just "attributeDesc: cn", but it
doesn't send "assertionValue" and its value. But, when I try
from command line with ldapcompare, there is the "assertValue:
airween" content is the traffic.
Could you help me, please? What may be wrong?
Thanks:
a.
Reply to: