openvpn-auth-ldap icon indicating copy to clipboard operation
openvpn-auth-ldap copied to clipboard

Published 20 hours ago verified publisher icon threerings

LDAP search failed: No such object

Open GoogleCodeExporter opened this issue 9 years ago • 3 comments 

What steps will reproduce the problem?
the plugin's configuration is:

<LDAP>
        URL             ldap://xxxxx
        BindDN           uid=xxxxx,dc=xxx,dc=xxx
        Password         xxxxxxx
        Timeout         15
        TLSEnable       no
        FollowReferrals no
        TLSCACertFile   /usr/local/etc/ssl/ca.pem
        TLSCACertDir    /etc/ssl/certs
        TLSCertFile     /usr/local/etc/ssl/client-cert.pem
        TLSKeyFile      /usr/local/etc/ssl/client-key.pem
</LDAP>
<Authorization>
        BaseDN          "ou=xxx,dc=xxx,dc=xxx"
        SearchFilter    "(&(uid=%u)(accountStatus=active))"
        RequireGroup    false
        <Group>
                BaseDN          "ou=Groups,dc=example,dc=com"
                SearchFilter    "(|(cn=developers)(cn=artists))"
                MemberAttribute uniqueMember
        </Group>
</Authorization>

I am sure that all values are correct, because using an equivalent ldapsearch 
command, ldap server responds with the correct entry.

What is the expected output? What do you see instead?
the expected should be a login success message. But the following log comes 
("LDAP search failed: No such object" and then "No remote address supplied to 
OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."):

Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 TLS: Initial packet from 
[AF_INET]xx.xx.xx.xx:1194, sid=466b3052 a5fc388e
LDAP search failed: No such object
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 PLUGIN_CALL: POST 
/usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY 
status=0
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 TLS: Username/Password authentication 
succeeded for username 'username' 
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 Data Channel Encrypt: Cipher 'BF-CBC' 
initialized with 128 bit key
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 Data Channel Encrypt: Using 160 bit 
message hash 'SHA1' for HMAC authentication
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 Data Channel Decrypt: Cipher 'BF-CBC' 
initialized with 128 bit key
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 Data Channel Decrypt: Using 160 bit 
message hash 'SHA1' for HMAC authentication
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 Control Channel: TLSv1, cipher 
TLSv1/SSLv3 DHE-RSA-AES256-SHA
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 [] Peer Connection Initiated with 
[AF_INET]xx.xx.xx.xx:1194
No remote address supplied to OpenVPN LDAP Plugin 
(OPENVPN_PLUGIN_CLIENT_CONNECT).
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 PLUGIN_CALL: POST 
/usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=1
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 PLUGIN_CALL: plugin function 
PLUGIN_CLIENT_CONNECT failed with status 1: 
/usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so
Thu Jan 23 12:57:12 2014 xx.xx.xx.xx:1194 WARNING: client-connect plugin call 
failed

What version of the product are you using? On what operating system?
Using openvpn-auth-ldap 2.0.3-6 with openvpn.i686 2.3.2-2, installed on 
CentOS-6 from the epel repository.

Please provide any additional information below.
when providing wrong user password or no-existing user (in this example - 
"asdf"), plugin outputs correctly ... which shows that there is no bind or 
wrong attribute problem and ldap responds correctly !!!

Thu Jan 23 12:57:26 2014 xx.xx.xx.xx:1194 TLS: Initial packet from 
[AF_INET]xx.xx.xx.xx:1194, sid=17665875 67640a48
LDAP bind failed: Invalid credentials
Incorrect password supplied for LDAP DN "uid=username,ou=xxx,dc=xxx,dc=xxx".
Thu Jan 23 12:57:26 2014 xx.xx.xx.xx:1194 PLUGIN_CALL: POST 
/usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY 
status=1
Thu Jan 23 12:57:26 2014 xx.xx.xx.xx:1194 PLUGIN_CALL: plugin function 
PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: 
/usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so
Thu Jan 23 12:57:26 2014 xx.xx.xx.xx:1194 TLS Auth Error: Auth 
Username/Password verification failed for peer
Thu Jan 23 12:57:26 2014 xx.xx.xx.xx:1194 Control Channel: TLSv1, cipher 
TLSv1/SSLv3 DHE-RSA-AES256-SHA
Thu Jan 23 12:57:26 2014 xx.xx.xx.xx:1194 Peer Connection Initiated with 
[AF_INET]xx.xx.xx.xx:1194
Thu Jan 23 12:57:29 2014 xx.xx.xx.xx:1194 PUSH: Received control message: 
'PUSH_REQUEST'
Thu Jan 23 12:57:29 2014 xx.xx.xx.xx:1194 Delayed exit in 5 seconds
Thu Jan 23 12:57:29 2014 xx.xx.xx.xx:1194 SENT CONTROL [UNDEF]: 'AUTH_FAILED' 
(status=1)
Thu Jan 23 12:57:34 2014 xx.xx.xx.xx:1194 SIGTERM[soft,delayed-exit] received, 
client-instance exiting
Thu Jan 23 12:57:34 2014 xx.xx.xx.xx:1194 TLS: Initial packet from 
[AF_INET]xx.xx.xx.xx:1194, sid=06097dc3 01f59e32
LDAP user "asdf" was not found.
Thu Jan 23 12:57:34 2014 xx.xx.xx.xx:1194 PLUGIN_CALL: POST 
/usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY 
status=1
Thu Jan 23 12:57:34 2014 xx.xx.xx.xx:1194 PLUGIN_CALL: plugin function 
PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: 
usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so
Thu Jan 23 12:57:34 2014 xx.xx.xx.xx:1194 TLS Auth Error: Auth 
Username/Password verification failed for peer

please correct any mistakes in the config file or suggest any solution
thank you

Original issue reported on code.google.com by [email protected] on 23 Jan 2014 at 5:50

GoogleCodeExporter avatar Jun 21 '15 01:06 GoogleCodeExporter