LDAP filter not working
53 views
Skip to first unread message
centreit
Nov 18, 2009, 12:30:49 AM11/18/09
to RubyCAS
I have tried to set an LDAP filter to check to see if a user is a
member of an Active Directory group before they are authenticated. The
filter is correct as per standard LDAP filters go and works if I use
openldap to do a manual lookup however if I use this filter with
rubycas-server it says that the filter syntax is incorrect.
The filter string is:
filter: (memberOf=CN=IT Users,OU=Security
Groups,OU=org,DC=domain,DC=com,DC=au)
Can anybody point me in the right direction?
Cheers,
Daniel
member of an Active Directory group before they are authenticated. The
filter is correct as per standard LDAP filters go and works if I use
openldap to do a manual lookup however if I use this filter with
rubycas-server it says that the filter syntax is incorrect.
The filter string is:
filter: (memberOf=CN=IT Users,OU=Security
Groups,OU=org,DC=domain,DC=com,DC=au)
Can anybody point me in the right direction?
Cheers,
Daniel
Matt Zukowski
Nov 18, 2009, 9:59:28 AM11/18/09
to rubycas...@googlegroups.com
What is the exact error message you are getting?
--
You received this message because you are subscribed to the Google Groups "RubyCAS" group.
To post to this group, send email to rubycas...@googlegroups.com.
To unsubscribe from this group, send email to rubycas-serve...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubycas-server?hl=.
centreit
Nov 18, 2009, 6:02:37 PM11/18/09
to RubyCAS
The error on the logon page is:
LDAP authentication failed with 'invalid filter syntax'. Check your
authenticator configuration.
The error in the CAS Server log file is:
ERROR -- : LDAP authentication failed with 'invalid filter syntax'.
Check your authenticator configuration.
(CASServer::AuthenticatorError)
Thanks,
Daniel
On Nov 18, 11:59 pm, Matt Zukowski <matt.zukow...@gmail.com> wrote:
> What is the exact error message you are getting?
>
> > .
LDAP authentication failed with 'invalid filter syntax'. Check your
authenticator configuration.
The error in the CAS Server log file is:
ERROR -- : LDAP authentication failed with 'invalid filter syntax'.
Check your authenticator configuration.
(CASServer::AuthenticatorError)
Thanks,
Daniel
On Nov 18, 11:59 pm, Matt Zukowski <matt.zukow...@gmail.com> wrote:
> What is the exact error message you are getting?
>
> On Wed, Nov 18, 2009 at 12:30 AM, centreit <djdmmm...@gmail.com> wrote:
> > I have tried to set an LDAP filter to check to see if a user is a
> > member of an Active Directory group before they are authenticated. The
> > filter is correct as per standard LDAP filters go and works if I use
> > openldap to do a manual lookup however if I use this filter with
> > rubycas-server it says that the filter syntax is incorrect.
>
> > The filter string is:
>
> > filter: (memberOf=CN=IT Users,OU=Security
> > Groups,OU=org,DC=domain,DC=com,DC=au)
>
> > Can anybody point me in the right direction?
>
> > Cheers,
>
> > Daniel
>
> > --
>
> > You received this message because you are subscribed to the Google Groups
> > "RubyCAS" group.
> > To post to this group, send email to rubycas...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > rubycas-serve...@googlegroups.com<rubycas-server%2Bunsu...@googlegroups.com>
> > I have tried to set an LDAP filter to check to see if a user is a
> > member of an Active Directory group before they are authenticated. The
> > filter is correct as per standard LDAP filters go and works if I use
> > openldap to do a manual lookup however if I use this filter with
> > rubycas-server it says that the filter syntax is incorrect.
>
> > The filter string is:
>
> > filter: (memberOf=CN=IT Users,OU=Security
> > Groups,OU=org,DC=domain,DC=com,DC=au)
>
> > Can anybody point me in the right direction?
>
> > Cheers,
>
> > Daniel
>
> > --
>
> > You received this message because you are subscribed to the Google Groups
> > "RubyCAS" group.
> > To post to this group, send email to rubycas...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > .
Matt Zukowski
Nov 19, 2009, 10:03:50 PM11/19/09
to rubycas...@googlegroups.com
The error message comes from your LDAP server, not from the CAS client. In other words, it's your LDAP server that is rejecting the LDAP syntax. The CAS client doesn't have anything to do with it (unless it's somehow garbling it along the way, but I don't think that's the case).
Maybe you need to escape the ='s or commas in your LDAP query, or put the group DN in quotes? I'm not very well versed in LDAP so I'm not exactly sure why the query might not be working.
Maybe you need to escape the ='s or commas in your LDAP query, or put the group DN in quotes? I'm not very well versed in LDAP so I'm not exactly sure why the query might not be working.
To unsubscribe from this group, send email to rubycas-serve...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages