search

threerings / openvpn-auth-ldap

Implements username/password authentication via LDAP for OpenVPN 2.x.
Other
135 stars 63 forks source link

openldap-auth-ldap unable to find user #21

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What version of the product are you using? On what operating system?
FreeBSD 8.0
openldap 2.4.21
openvpn 2.1.1
openvpn-auth-ldap-2.0.3

Please provide any additional information below.

I am unable to get openvpn to authenticate against an OpenLDAP server that 
does not allow anonymous binds to search for uids. Below are logs from an 
auth via lighttpd and from openvpn.
You can see that lighttpd binds using its service account, checks the 
account object exists, and then attempts a bind using the discovered DN 
for the user.
Openvpn-auth-ldap however appears to bind using the service account and 
then to rebind as anonymous: AUTHZ anonymous. This then means it cannot 
find the user that is connecting and so it fails.

Lighttpd
========
slapd[80287]: conn=1003 fd=13 ACCEPT from IP=10.0.9.2:58061 
(IP=10.0.9.2:389)
slapd[80287]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037
slapd[80287]: conn=1003 op=0 STARTTLS
slapd[80287]: conn=1003 op=0 RESULT oid= err=0 text=
slapd[80287]: conn=1003 fd=13 TLS established tls_ssf=256 ssf=256
slapd[80287]: conn=1003 op=1 BIND 
dn="uid=lighttpd,ou=services,dc=tector,dc=org,dc=uk" method=128
slapd[80287]: conn=1003 op=1 BIND 
dn="uid=lighttpd,ou=services,dc=tector,dc=org,dc=uk" mech=SIMPLE ssf=0
slapd[80287]: conn=1003 op=1 RESULT tag=97 err=0 text=
slapd[80287]: conn=1003 op=2 SRCH base="ou=users,dc=tector,dc=org,dc=uk" 
scope=2 deref=0 filter="(uid=richard)"
slapd[80287]: conn=1003 op=2 SRCH attr=1.1
slapd[80287]: conn=1003 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[80287]: conn=1004 fd=16 ACCEPT from IP=10.0.9.2:13430 
(IP=10.0.9.2:389)
slapd[80287]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037
slapd[80287]: conn=1004 op=0 STARTTLS
slapd[80287]: conn=1004 op=0 RESULT oid= err=0 text=
slapd[80287]: conn=1004 fd=16 TLS established tls_ssf=256 ssf=256
slapd[80287]: conn=1004 op=1 BIND 
dn="uid=richard,ou=users,dc=tector,dc=org,dc=uk" method=128
slapd[80287]: conn=1004 op=1 BIND 
dn="uid=richard,ou=users,dc=tector,dc=org,dc=uk" mech=SIMPLE ssf=0
slapd[80287]: conn=1004 op=1 RESULT tag=97 err=0 text=
slapd[80287]: conn=1004 op=2 UNBIND
slapd[80287]: conn=1004 fd=16 closed

Openvpn-auth-ldap
=================
slapd[80287]: conn=1045 fd=13 ACCEPT from IP=10.0.9.2:43556 
(IP=10.0.9.2:389)
slapd[80287]: conn=1045 op=0 BIND 
dn="uid=openvpn,ou=services,dc=tector,dc=org,dc=uk" method=128
slapd[80287]: conn=1045 op=0 BIND 
dn="uid=openvpn,ou=services,dc=tector,dc=org,dc=uk" mech=SIMPLE ssf=0
slapd[80287]: conn=1045 op=0 RESULT tag=97 err=0 text=
slapd[80287]: conn=1045 op=1 EXT oid=1.3.6.1.4.1.1466.20037
slapd[80287]: conn=1045 op=1 STARTTLS
slapd[80287]: conn=1045 op=1 AUTHZ anonymous mech=starttls ssf=0
slapd[80287]: conn=1045 op=1 RESULT oid= err=0 text=
slapd[80287]: conn=1045 fd=13 TLS established tls_ssf=256 ssf=256
slapd[80287]: conn=1045 op=2 SRCH base="ou=users,dc=tector,dc=org,dc=uk" 
scope=2 deref=0 filter="(uid=richard)"
slapd[80287]: conn=1045 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
slapd[80287]: conn=1045 op=3 UNBIND
slapd[80287]: conn=1045 fd=13 closed

Original issue reported on code.google.com by rich...@tector.org.uk on 29 Mar 2010 at 12:51

GoogleCodeExporter commented 9 years ago 
I have just realised this is basically a duplicate of Issue 19. Apologies

Original comment by rich...@tector.org.uk on 29 Mar 2010 at 12:56