Anonymous_User Absent Member.
Absent Member.
595 views

problems with ldapauth.dll module...

I've put in the ldapauth.dll module to try to get authentication though IIS
working with LDAP. When I do a test search everything is fine and it does
the lookup properly, but when I try to load it in IIS it shows the status as
'not loaded'. I get the feeling I may have configured the ldapauth.ini file
wrong and I was wondering if someone can help me out with the filter syntax.
I have all the other things correct like the searchbase - o=organization
(because that's what is working in the e-mail), but I'm not sure what to
stick in there for the filter. Should it be something like:
(&(uid=%user%)(ou=people)(o=organization)

We're using a netscape ldap server

I know I don't have this correct and it won't work until I can hammer it
out. Can anyone give me a little advice here?


Labels (1)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...

Are you missing the end ")"?

But what do you want to get back from the filter?

What is wrong with?
LDAPFILTER (objectclass=*)

-jim


will wrote:
> I've put in the ldapauth.dll module to try to get authentication though IIS
> working with LDAP. When I do a test search everything is fine and it does
> the lookup properly, but when I try to load it in IIS it shows the status as
> 'not loaded'. I get the feeling I may have configured the ldapauth.ini file
> wrong and I was wondering if someone can help me out with the filter syntax.
> I have all the other things correct like the searchbase - o=organization
> (because that's what is working in the e-mail), but I'm not sure what to
> stick in there for the filter. Should it be something like:
> (&(uid=%user%)(ou=people)(o=organization)
>
> We're using a netscape ldap server
>
> I know I don't have this correct and it won't work until I can hammer it
> out. Can anyone give me a little advice here?
>
>

0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...

I tried the (objectclass=*) in for the filter and it's still showing red.
Personally I don't care what's in the filter as long as I can get this thing
to come up green. 🙂


"Jim Willeke" <jim@DOT.willeke.com> wrote in message
news:%w7Fk.11371$gS5.8502@kovat.provo.novell.com...
> Are you missing the end ")"?
>
> But what do you want to get back from the filter?
>
> What is wrong with?
> LDAPFILTER (objectclass=*)
>
> -jim
>
>
> will wrote:
>> I've put in the ldapauth.dll module to try to get authentication though
>> IIS working with LDAP. When I do a test search everything is fine and it
>> does the lookup properly, but when I try to load it in IIS it shows the
>> status as 'not loaded'. I get the feeling I may have configured the
>> ldapauth.ini file wrong and I was wondering if someone can help me out
>> with the filter syntax.
>> I have all the other things correct like the searchbase - o=organization
>> (because that's what is working in the e-mail), but I'm not sure what to
>> stick in there for the filter. Should it be something like:
>> (&(uid=%user%)(ou=people)(o=organization)
>>
>> We're using a netscape ldap server
>>
>> I know I don't have this correct and it won't work until I can hammer it
>> out. Can anyone give me a little advice here?



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...

Can you provide your ldapauth.ini file?

What version of IIS?

-jim

will wrote:
> I tried the (objectclass=*) in for the filter and it's still showing red.
> Personally I don't care what's in the filter as long as I can get this thing
> to come up green. 🙂
>
>
> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
> news:%w7Fk.11371$gS5.8502@kovat.provo.novell.com...
>> Are you missing the end ")"?
>>
>> But what do you want to get back from the filter?
>>
>> What is wrong with?
>> LDAPFILTER (objectclass=*)
>>
>> -jim
>>
>>
>> will wrote:
>>> I've put in the ldapauth.dll module to try to get authentication though
>>> IIS working with LDAP. When I do a test search everything is fine and it
>>> does the lookup properly, but when I try to load it in IIS it shows the
>>> status as 'not loaded'. I get the feeling I may have configured the
>>> ldapauth.ini file wrong and I was wondering if someone can help me out
>>> with the filter syntax.
>>> I have all the other things correct like the searchbase - o=organization
>>> (because that's what is working in the e-mail), but I'm not sure what to
>>> stick in there for the filter. Should it be something like:
>>> (&(uid=%user%)(ou=people)(o=organization)
>>>
>>> We're using a netscape ldap server
>>>
>>> I know I don't have this correct and it won't work until I can hammer it
>>> out. Can anyone give me a little advice here?

>
>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...

IIS 6 and server 2003

contents of the ldapauth.ini file are:

LDAPHOST <ipaddress>
LDAPPORT 389
BINDUSER uid=Directory%20Manager,ou=people,o=mercy-ships
BINDPASSWORD <password>
LDAPFILTER (&(uid=%username%)(ou=people)(objectclass=*))
SEARCHBASE o=orgainization
!CERTSFILE
NTUSER IUSR_ABRA
NTUSERPASSWORD NTPASSWORD
CACHESIZE 1000
CACHETIME 1800

I've used the ldapsearch tool and it returns the right results if I use the
anonymous bind. If I use the normal account I use for an authenticated one
it returns 'no such value', but I've been told from the guys who wrote this
that if it can connect successfully with an anonymous one then that's
enough. I just can't figure out what I'm missing...

"Jim Willeke" <jim@DOT.willeke.com> wrote in message
news:kiaFk.11451$gS5.8424@kovat.provo.novell.com...
> Can you provide your ldapauth.ini file?
>
> What version of IIS?
>
> -jim
>
> will wrote:
>> I tried the (objectclass=*) in for the filter and it's still showing red.
>> Personally I don't care what's in the filter as long as I can get this
>> thing to come up green. 🙂
>>
>>
>> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
>> news:%w7Fk.11371$gS5.8502@kovat.provo.novell.com...
>>> Are you missing the end ")"?
>>>
>>> But what do you want to get back from the filter?
>>>
>>> What is wrong with?
>>> LDAPFILTER (objectclass=*)
>>>
>>> -jim
>>>
>>>
>>> will wrote:
>>>> I've put in the ldapauth.dll module to try to get authentication though
>>>> IIS working with LDAP. When I do a test search everything is fine and
>>>> it does the lookup properly, but when I try to load it in IIS it shows
>>>> the status as 'not loaded'. I get the feeling I may have configured the
>>>> ldapauth.ini file wrong and I was wondering if someone can help me out
>>>> with the filter syntax.
>>>> I have all the other things correct like the searchbase -
>>>> o=organization (because that's what is working in the e-mail), but I'm
>>>> not sure what to stick in there for the filter. Should it be something
>>>> like:
>>>> (&(uid=%user%)(ou=people)(o=organization)
>>>>
>>>> We're using a netscape ldap server
>>>>
>>>> I know I don't have this correct and it won't work until I can hammer
>>>> it out. Can anyone give me a little advice here?

>>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...

I assume the "%20" is a pasting thing?
uid=Directory%20Manager,ou=people,o=mercy-ships

This is not right, almost for sure:
LDAPFILTER (&(uid=%username%)(ou=people)(objectclass=*))

(objectclass=*) Should be fine by it self.
Might need:
(objectclass=inetorgperson)

If your users are named as uid=user,ou=people.....
You should also have:
LDAPUID uid
in the file.

Guessing that this would be better:
SEARCHBASE ou=people,o=mercy-ships

This should translate to something like:
ldapsearch -h <ipaddress> -p389 -b ou=people,o=mercy-ships -s sub -D
"uid=Directory Manager,ou=people,o=mercy-ships" -w secretpwd
"(objectclass=*)"

This should return ALL possible users that you might find.

Hope this helps.
-jim

will wrote:
> IIS 6 and server 2003
>
> contents of the ldapauth.ini file are:
>
> LDAPHOST <ipaddress>
> LDAPPORT 389
> BINDUSER uid=Directory%20Manager,ou=people,o=mercy-ships
> BINDPASSWORD <password>
> LDAPFILTER (&(uid=%username%)(ou=people)(objectclass=*))
> SEARCHBASE o=orgainization
> !CERTSFILE
> NTUSER IUSR_ABRA
> NTUSERPASSWORD NTPASSWORD
> CACHESIZE 1000
> CACHETIME 1800
>
> I've used the ldapsearch tool and it returns the right results if I use the
> anonymous bind. If I use the normal account I use for an authenticated one
> it returns 'no such value', but I've been told from the guys who wrote this
> that if it can connect successfully with an anonymous one then that's
> enough. I just can't figure out what I'm missing...
>
> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
> news:kiaFk.11451$gS5.8424@kovat.provo.novell.com...
>> Can you provide your ldapauth.ini file?
>>
>> What version of IIS?
>>
>> -jim
>>
>> will wrote:
>>> I tried the (objectclass=*) in for the filter and it's still showing red.
>>> Personally I don't care what's in the filter as long as I can get this
>>> thing to come up green. 🙂
>>>
>>>
>>> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
>>> news:%w7Fk.11371$gS5.8502@kovat.provo.novell.com...
>>>> Are you missing the end ")"?
>>>>
>>>> But what do you want to get back from the filter?
>>>>
>>>> What is wrong with?
>>>> LDAPFILTER (objectclass=*)
>>>>
>>>> -jim
>>>>
>>>>
>>>> will wrote:
>>>>> I've put in the ldapauth.dll module to try to get authentication though
>>>>> IIS working with LDAP. When I do a test search everything is fine and
>>>>> it does the lookup properly, but when I try to load it in IIS it shows
>>>>> the status as 'not loaded'. I get the feeling I may have configured the
>>>>> ldapauth.ini file wrong and I was wondering if someone can help me out
>>>>> with the filter syntax.
>>>>> I have all the other things correct like the searchbase -
>>>>> o=organization (because that's what is working in the e-mail), but I'm
>>>>> not sure what to stick in there for the filter. Should it be something
>>>>> like:
>>>>> (&(uid=%user%)(ou=people)(o=organization)
>>>>>
>>>>> We're using a netscape ldap server
>>>>>
>>>>> I know I don't have this correct and it won't work until I can hammer
>>>>> it out. Can anyone give me a little advice here?

>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...

The %20 is because there is a space in that account name. If you read the
top of the ldapauth.ini there is a comment there that says to use the %20 if
you need a space.

I'll try different vairations with the filter.


"Jim Willeke" <jim@DOT.willeke.com> wrote in message
news:2pfFk.11516$gS5.4632@kovat.provo.novell.com...
>I assume the "%20" is a pasting thing?
> uid=Directory%20Manager,ou=people,o=mercy-ships
>
> This is not right, almost for sure:
> LDAPFILTER (&(uid=%username%)(ou=people)(objectclass=*))
>
> (objectclass=*) Should be fine by it self.
> Might need:
> (objectclass=inetorgperson)
>
> If your users are named as uid=user,ou=people.....
> You should also have:
> LDAPUID uid
> in the file.
>
> Guessing that this would be better:
> SEARCHBASE ou=people,o=mercy-ships
>
> This should translate to something like:
> ldapsearch -h <ipaddress> -p389 -b ou=people,o=mercy-ships -s sub -D
> "uid=Directory Manager,ou=people,o=mercy-ships" -w secretpwd
> "(objectclass=*)"
>
> This should return ALL possible users that you might find.
>
> Hope this helps.
> -jim
>
> will wrote:
>> IIS 6 and server 2003
>>
>> contents of the ldapauth.ini file are:
>>
>> LDAPHOST <ipaddress>
>> LDAPPORT 389
>> BINDUSER uid=Directory%20Manager,ou=people,o=mercy-ships
>> BINDPASSWORD <password>
>> LDAPFILTER (&(uid=%username%)(ou=people)(objectclass=*))
>> SEARCHBASE o=orgainization
>> !CERTSFILE
>> NTUSER IUSR_ABRA
>> NTUSERPASSWORD NTPASSWORD
>> CACHESIZE 1000
>> CACHETIME 1800
>>
>> I've used the ldapsearch tool and it returns the right results if I use
>> the anonymous bind. If I use the normal account I use for an
>> authenticated one it returns 'no such value', but I've been told from the
>> guys who wrote this that if it can connect successfully with an anonymous
>> one then that's enough. I just can't figure out what I'm missing...
>>
>> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
>> news:kiaFk.11451$gS5.8424@kovat.provo.novell.com...
>>> Can you provide your ldapauth.ini file?
>>>
>>> What version of IIS?
>>>
>>> -jim
>>>
>>> will wrote:
>>>> I tried the (objectclass=*) in for the filter and it's still showing
>>>> red. Personally I don't care what's in the filter as long as I can get
>>>> this thing to come up green. 🙂
>>>>
>>>>
>>>> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
>>>> news:%w7Fk.11371$gS5.8502@kovat.provo.novell.com...
>>>>> Are you missing the end ")"?
>>>>>
>>>>> But what do you want to get back from the filter?
>>>>>
>>>>> What is wrong with?
>>>>> LDAPFILTER (objectclass=*)
>>>>>
>>>>> -jim
>>>>>
>>>>>
>>>>> will wrote:
>>>>>> I've put in the ldapauth.dll module to try to get authentication
>>>>>> though IIS working with LDAP. When I do a test search everything is
>>>>>> fine and it does the lookup properly, but when I try to load it in
>>>>>> IIS it shows the status as 'not loaded'. I get the feeling I may have
>>>>>> configured the ldapauth.ini file wrong and I was wondering if someone
>>>>>> can help me out with the filter syntax.
>>>>>> I have all the other things correct like the searchbase -
>>>>>> o=organization (because that's what is working in the e-mail), but
>>>>>> I'm not sure what to stick in there for the filter. Should it be
>>>>>> something like:
>>>>>> (&(uid=%user%)(ou=people)(o=organization)
>>>>>>
>>>>>> We're using a netscape ldap server
>>>>>>
>>>>>> I know I don't have this correct and it won't work until I can hammer
>>>>>> it out. Can anyone give me a little advice here?

>>



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...

Still comes up red. Just can't seem to get this thing to load. 😞

Thanks for all the help thus far though...

"Jim Willeke" <jim@DOT.willeke.com> wrote in message
news:2pfFk.11516$gS5.4632@kovat.provo.novell.com...
>I assume the "%20" is a pasting thing?
> uid=Directory%20Manager,ou=people,o=mercy-ships
>
> This is not right, almost for sure:
> LDAPFILTER (&(uid=%username%)(ou=people)(objectclass=*))
>
> (objectclass=*) Should be fine by it self.
> Might need:
> (objectclass=inetorgperson)
>
> If your users are named as uid=user,ou=people.....
> You should also have:
> LDAPUID uid
> in the file.
>
> Guessing that this would be better:
> SEARCHBASE ou=people,o=mercy-ships
>
> This should translate to something like:
> ldapsearch -h <ipaddress> -p389 -b ou=people,o=mercy-ships -s sub -D
> "uid=Directory Manager,ou=people,o=mercy-ships" -w secretpwd
> "(objectclass=*)"
>
> This should return ALL possible users that you might find.
>
> Hope this helps.
> -jim
>
> will wrote:
>> IIS 6 and server 2003
>>
>> contents of the ldapauth.ini file are:
>>
>> LDAPHOST <ipaddress>
>> LDAPPORT 389
>> BINDUSER uid=Directory%20Manager,ou=people,o=mercy-ships
>> BINDPASSWORD <password>
>> LDAPFILTER (&(uid=%username%)(ou=people)(objectclass=*))
>> SEARCHBASE o=orgainization
>> !CERTSFILE
>> NTUSER IUSR_ABRA
>> NTUSERPASSWORD NTPASSWORD
>> CACHESIZE 1000
>> CACHETIME 1800
>>
>> I've used the ldapsearch tool and it returns the right results if I use
>> the anonymous bind. If I use the normal account I use for an
>> authenticated one it returns 'no such value', but I've been told from the
>> guys who wrote this that if it can connect successfully with an anonymous
>> one then that's enough. I just can't figure out what I'm missing...
>>
>> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
>> news:kiaFk.11451$gS5.8424@kovat.provo.novell.com...
>>> Can you provide your ldapauth.ini file?
>>>
>>> What version of IIS?
>>>
>>> -jim
>>>
>>> will wrote:
>>>> I tried the (objectclass=*) in for the filter and it's still showing
>>>> red. Personally I don't care what's in the filter as long as I can get
>>>> this thing to come up green. 🙂
>>>>
>>>>
>>>> "Jim Willeke" <jim@DOT.willeke.com> wrote in message
>>>> news:%w7Fk.11371$gS5.8502@kovat.provo.novell.com...
>>>>> Are you missing the end ")"?
>>>>>
>>>>> But what do you want to get back from the filter?
>>>>>
>>>>> What is wrong with?
>>>>> LDAPFILTER (objectclass=*)
>>>>>
>>>>> -jim
>>>>>
>>>>>
>>>>> will wrote:
>>>>>> I've put in the ldapauth.dll module to try to get authentication
>>>>>> though IIS working with LDAP. When I do a test search everything is
>>>>>> fine and it does the lookup properly, but when I try to load it in
>>>>>> IIS it shows the status as 'not loaded'. I get the feeling I may have
>>>>>> configured the ldapauth.ini file wrong and I was wondering if someone
>>>>>> can help me out with the filter syntax.
>>>>>> I have all the other things correct like the searchbase -
>>>>>> o=organization (because that's what is working in the e-mail), but
>>>>>> I'm not sure what to stick in there for the filter. Should it be
>>>>>> something like:
>>>>>> (&(uid=%user%)(ou=people)(o=organization)
>>>>>>
>>>>>> We're using a netscape ldap server
>>>>>>
>>>>>> I know I don't have this correct and it won't work until I can hammer
>>>>>> it out. Can anyone give me a little advice here?

>>



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: problems with ldapauth.dll module...


Hello, I too am trying to get the LDAPAUTH.DLL to work. I downloaded
the latest off SourceForge:

'IIS LDAP Authentication ISAPI Module | Download IIS LDAP
Authentication ISAPI Module software for free at SourceForge.net'
(http://sourceforge.net/projects/iisldapauth/)

I can't get this to start to save my life. I assume its something I
have configured wrong in the ldapauth.ini file. Does anyone have this
working, and can post your ldapauth.ini file contents? Or does anyone
else know a solution to provide LDAP authentication through IIS?
Specifically I am trying to get this to Work with Tririga Application to
allow SSO with LDAP.


--
sines_corey2
------------------------------------------------------------------------
sines_corey2's Profile: http://forums.novell.com/member.php?userid=42482
View this thread: http://forums.novell.com/showthread.php?t=365101

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.