[pubcookie-users] Pubcookie and Windows 2003 AD

Nathan Dors dors at cac.washington.edu
Mon Jun 6 11:29:44 PDT 2005 

Are you saying that the login cgi works when you point the 
ldap_uri in your pubcookie config file to your test LDAP server, 
and that it doesn't work when you change it to point to AD?

More likely, the login cgi wasn't built with the --enable-ldap 
option. Well, perhaps. The "ldap not implemented" message comes 
from code where ENABLE_LDAP isn't defined.

Side answer to the side note: you shouldn't have to change the 
AuthType value. But I'd try to get the login cgi working by itself 
first, before adding any application servers.

-Nathan

On Mon, 6 Jun 2005, Michael Miller wrote:

>
> I've been trying to get the pubcookie ldap basic verifier working with
> Windows 2003 Active Directory. The error message that I receive is "
> login failed for mmiller: ldap not implemented." My OpenLDAP test search
> works fine, see below. I have made sure that openldap, openldap-devel,
> openldap-clients are all installed on the machine. The keyserver is
> running as the root user so I assume that there are no file permission
> issues.
>
> As a side note...does the AuthType value on the ISAPI filter need to now
> change to ldap? What affect does the setting have on the system?
>
> I have included the config and log files below.
>
> Any Ideas are greatly appreciated. Thanks again for the support!
>
> Michael
>
>
>
>
> /usr/local/pubcookie/config
> Basic_verifier: ldap
> Ldap_uri:
> ldap://My-DC.collegis.com:389/cn=users,dc=collegis,dc=com??sub?(sAMAccou
> ntName=%s)?x-BindDN=MyUser,x-Password=MyPassword
>
>
>
> OpenLDAP Test Search
> ldapsearch -H ldap://orldc-dom.collegis.com/ -x 	\
> 		-D MyUser at collegis.com -W 			\
> 		-b cn=Users,dc=collegis,dc=com 		\
> 		-s sub "sAMAccountName=mmiller"
>
>
>
> /var/log/secure
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> libpbc_pubcookie_init
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> libpbc_augment_rand_state: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Sufficient
> Randomness: nothing to do.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: security_init:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> make_crypt_keyfile: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> make_crypt_keyfile: goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: security_init:
> goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: can't open ok
> browsers file: /usr/local/pubcookie/ok_browsers, continuing
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cgiMain() Hello
> (0)
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cgiMain() done
> initializing...
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Pragma: No-Cache
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Cache-Control:
> no-store, no-cache, must-revalidate
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Expires: Sat, 1
> Jan 2000 01:01:01 GMT
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Content-Type:
> text/html
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: no
> post_stuff
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: load_login_rec:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: load_login_rec:
> bye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login user: mmiller
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login version: a5
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login creds: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login appid: pinit
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login host: loginsvr.collegis.com
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login appsrvid: loginsvr.collegis.com
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login first_kiss: 162963456
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login post_stuff:
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login relay_uri: null
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> verify_unload_login_cookie: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie: hello
>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie: no
> cookies, bailing.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: 1118068410-584214
> Visit from user: mmiller client addr: 172.16.5.100 app host:
> loginsvr.collegis.com appid: pinit uri: /index.cgi relay: (null)
> because: PInit
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_logout:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_logout:
> program name: /index.cgi
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_logout: bye
>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cookie_test:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cgiMain: checked
> user_agent, logout, and pinit.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: vector_request:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: init_basic: using
> ldap verifier
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_l_cookie:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> verify_unload_login_cookie: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie: hello
>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie: no
> cookies, bailing.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> create=-1,  reauth=0
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> create=1118068410
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: flavor_basic:
> login failed for mmiller: ldap not implemented
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: flavor_basic:
> (null): ldap not implemented
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: print_login_page:
> hello reason: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> flb_get_reason_html: hello reason: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: goodbye: <p>Authentication Failed</p>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> flb_get_reason_html: bye return: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: goodbye: <INPUT TYPE="text" NAME="user" SIZE="20"
> VALUE="">
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> flb_get_user_field: goodbye: <INPUT TYPE="text" NAME="user" SIZE="20"
> VALUE="">
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> get_kiosk_duration: agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215), ip=172.16.5.100
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Not a kiosk
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: ntmpl_print_html:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: ntmpl_print_html:
> goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: print_login_page:
> goodbye: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> login in progress, goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Done.. c=1,
> max=100
>
>
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>

More information about the pubcookie-users mailing list