Trying to figure where the problem is:

Leonard Kroll Leonard.Kroll at umb.edu
Fri Sep 23 21:09:46 BST 2011 

I am new to the LDAP world.
Ok, I am now using the full DN in the bindDN field, I get an error 32,
which means no data found.
Ldapsearch reads the LDAP fine using the same DN.
CN=aaaa bbbb, OU=sssssss,dc=umassb, dc=net.
 
Any Ideas how to get around this problem.
 
 
========================================================================
==============
16:00:24.344 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:83] -
Created authenticator:
edu.vt.middleware.ldap.auth.AuthenticatorConfig at 26673841::env={java.nami
ng.provider.url=ldap://xxx.xxx.xxx.xxx
<mailto:edu.vt.middleware.ldap.auth.AuthenticatorConfig at 26673841::env=%7
Bjava.naming.provider.url=ldap://xxx.xxx.xxx.xxx>
ldap://xxx.xxx.xxx.xxx,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
baseDN=dc=umassb,dc=net}
16:00:24.344 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:412] -
Begin getCredentials
16:00:24.344 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:413] -
useFistPass = false
16:00:24.345 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:414] -
tryFistPass = false
16:00:24.345 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:415] -
useCallback = false
16:00:24.345 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:416] -
callbackhandler class =
javax.security.auth.login.LoginContext$SecureCallbackHan
dler
16:00:24.345 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:419] -
name callback class = javax.security.auth.callback.NameCallback
16:00:24.345 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:421] -
password callback class = javax.security.auth.callback.PasswordCallback
16:00:24.346 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:102]
- Looking up DN using userFilter
16:00:24.347 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:193]
- Search with the following parameters:
16:00:24.347 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:194]
-   dn = 
16:00:24.347 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:195]
-   filter = email={0}
16:00:24.347 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:196]
-   filterArgs = [xxx]
16:00:24.347 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:197]
-   searchControls = javax.naming.directory.SearchControls at f0761a
16:00:24.347 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:198]
-   handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler at d9d6ae]
16:00:24.348 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200]
-   config = {java.naming.provider.url=ldap://xxx.xxx.xxx.xxx
ldap://xxx.xxx.xxx.xxx,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
baseDN=dc=umassb,dc=net}
16:00:24.348 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
connectionStrategy: DEFAULT
16:00:24.348 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] - setting
connectionRetryExceptions: [class javax.naming.NamingException
]
16:00:24.348 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {0}
Attempting connection to ldap://xxx.xxx.xxx.xxx ldap://xxx.xxx.xxx.xxx
for strategy DEFAULT
16:00:24.349 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind with
the following parameters:
16:00:24.349 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
authtype = simple
16:00:24.349 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] -   dn =
CN=aaaaa yyyyy,ou=sssss,dc=umassb,dc=net
16:00:24.349 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
credential = <suppressed>
16:00:24.349 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] -   env =
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, 
java.naming.provider.url=ldap://xxx.xxx.xxx.xxx ldap://xxxx.xxx.xxx.xxx,
baseDN=dc=umassb,dc=net}
16:00:24.362 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164] -
Error occured attempting authentication
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D:
NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
        ''
^@]
   
 
Leonard Kroll
UNIX / GIS Administrator
Univ. Massachusetts Boston
Leonard(dot)Kroll(at)umb.edu <mailto:at at umb.edu> 
Phone: 617-287-5048
fax:      617-287-5224
________________________________

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Daniel Fisher
Sent: Friday, September 23, 2011 3:15 PM
To: Shib Users
Subject: Re: Trying to figure where the problem is:
 
On Fri, Sep 23, 2011 at 2:32 PM, Leonard Kroll <Leonard.Kroll at umb.edu>
wrote:
	I am attempting to authenticate using LDAP.
	Can anyone tell me if this error is from the LDAP bind, or user
authentication?
	I believe it is from the bind, can you confirm?
	 
	Any ideas how to fix this error?
	 14:29:12.997 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] -   dn =
xxxxxx.ggggggg at xxxx.edu
 
It looks like you're using an e-mail address for the bindDn. That option
must be set to the fully qualified DN of the entry that has read access
to your user entries.
 
--Daniel Fisher
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110923/d69b7c00/attachment.html

More information about the users mailing list