search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
732 stars 253 forks source link

Operations error 000004DC #94

Closed bitfrickler closed 8 years ago

bitfrickler commented 8 years ago

Im' trying to do some LDAP against my Active Directory.

When I start nginx I get

2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: Connecting to LDAP server "10.0.10.160:389". 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: ngx_event_connect_peer() -> -2. 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: connect_timeout=10000. 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: Connect handler 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: Initializing connection using URL "ldap://10.0.10.160:389" 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: Connection initialized 2015/08/03 16:39:31 [debug] 31499#0: ngx_http_auth_ldap_sb_write(len=23) 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: ldap_sasl_bind() -> msgid=1 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: bind_timeout=5000 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: Read handler 2015/08/03 16:39:31 [debug] 31499#0: ngx_http_auth_ldap_sb_ctrl(opt=8) 2015/08/03 16:39:31 [debug] 31499#0: ngx_http_auth_ldap_sb_ctrl(opt=8) 2015/08/03 16:39:31 [debug] 31499#0: ngx_http_auth_ldap_sb_read(len=8) 2015/08/03 16:39:31 [debug] 31499#0: ngx_http_auth_ldap_sb_read(len=14) 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: ldap_result() -> rc=97, msgid=1, msgtype=97 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: Initial bind successful 2015/08/03 16:39:31 [debug] 31499#0: http_auth_ldap: Marking the connection to "dcgf" as free

When I try to authenticate I get

2015/08/03 16:41:06 [debug] 31499#0: http_auth_ldap: ldap_result() -> rc=101, msgid=2, msgtype=101 2015/08/03 16:41:06 [debug] 31499#0: http_auth_ldap: Received search result (1: Operations error [000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]) 2015/08/03 16:41:06 [debug] 31499#0: http_auth_ldap: LDAP request to "dcgf" has finished 2015/08/03 16:41:06 [debug] 31499#0: http_auth_ldap: Marking the connection to "dcgf" as free

Wireshark tells me that nginx indeed tries to perform an LDAP query without authenticating/binding first.

bitfrickler commented 8 years ago

Me so STUPID!!! Look at #76. I did EXACTLY the same thing. With the SAME line!!