Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Zope: Users

problem connecting LdapUserFolder with Active Directory

  

 
Zope users RSS feed   Index | Next | Previous | View Threaded


yourpadre at gmail

Sep 1, 2009, 7:33 PM

Post #1 of 3 (1937 views)
Permalink
problem connecting LdapUserFolder with Active Directory
I tried connect to the server but raise a error

Traceback (innermost last):

- Module ZPublisher.Publish, line 119, in publish
- Module ZPublisher.mapply, line 88, in mapply
- Module ZPublisher.Publish, line 42, in call_object
- Module Products.LDAPUserFolder.LDAPUserFolder, line 441, in manage_edit
- Module Products.LDAPUserFolder.LDAPDelegate, line 213, in connect
- Module Products.LDAPUserFolder.SharedResource, line 115, in __call__
- Module ldap.ldapobject, line 508, in search_s
- Module ldap.ldapobject, line 820, in search_ext_s
- Module ldap.ldapobject, line 772, in _apply_method_s
- Module ldap.ldapobject, line 502, in search_ext_s
- Module ldap.ldapobject, line 428, in result
- Module ldap.ldapobject, line 432, in result2
- Module ldap.ldapobject, line 438, in result3
- Module ldap.ldapobject, line 96, in _ldap_call

OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627, comment: In
order to perform this operation a successful bind must be completed on the
connection., data 0, vece', 'desc': 'Operations error'}



I use Windows 2003. My domain is "ceed.local"

All options in LdapUserFolder use default, except
*Users Base DN = ou=Usuarios,ou=CEED,dc=ceed,dc=local
*Groups Base DN = ou=Usuarios,ou=CEED,dc=ceed,dc=local
*Manager DN = cn=zopeldap,ou=Usuarios,ou=CEED,dc=ceed,dc=local
read-only= on

Ldap server added with IP address.

can someone tell me what I doing wrong?
Thanks
--
________________________________________
Lo bueno de vivir un dia mas
es saber que nos queda un dia menos de vida


jens at dataflake

Sep 1, 2009, 11:30 PM

Post #2 of 3 (1793 views)
Permalink
Re: problem connecting LdapUserFolder with Active Directory [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Sep 2, 2009, at 04:33 , Miguel Beltran R. wrote:

> OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627,
> comment: In
> order to perform this operation a successful bind must be completed
> on the
> connection., data 0, vece', 'desc': 'Operations error'}

The error message is informative enough I would say. An operation
(probably a search) is being performed, but no bind has happened.

Since there is a (simple) bind being performed in the code right
before this error it appears AD does not like it. Maybe AD is not
configured to allow sinple user/password binds. Or it is configured to
only allow access from certain hosts, and the host with the Zope
installation is not on that list. With AD, the possibilities for
problems are endless.

jens



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkqeEQwACgkQRAx5nvEhZLK6nACfSTxtVaplzFSh9NZbhlp61Obr
BmcAnRr626z6IIfzu062WzWcnh0CRvcO
=CmKK
-----END PGP SIGNATURE-----
_______________________________________________
Zope maillist - Zope [at] zope
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )


yourpadre at gmail

Sep 2, 2009, 7:07 PM

Post #3 of 3 (1792 views)
Permalink
Re: problem connecting LdapUserFolder with Active Directory [In reply to]
2009/9/2 Jens Vagelpohl <jens [at] dataflake>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Sep 2, 2009, at 04:33 , Miguel Beltran R. wrote:
>
> > OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627,
> > comment: In
> > order to perform this operation a successful bind must be completed
> > on the
> > connection., data 0, vece', 'desc': 'Operations error'}
>
> The error message is informative enough I would say. An operation
> (probably a search) is being performed, but no bind has happened.
>
> Since there is a (simple) bind being performed in the code right
> before this error it appears AD does not like it. Maybe AD is not
> configured to allow sinple user/password binds. Or it is configured to
> only allow access from certain hosts, and the host with the Zope
> installation is not on that list. With AD, the possibilities for
> problems are endless.
>
> jens
>
>
> Thanks Jens, after a second look on directory LdapUserFolder (v2.12) I
found README.ActiveDirectory.txt what say how configure correctly LUF
My options was:
All options in LdapUserFolder use default, except
*Users Base DN = ou=Usuarios,ou=CEED,dc=ceed,dc=local
*Groups Base DN = ou=Usuarios,ou=CEED,dc=ceed,dc=local
*Manager DN = cn=zopeldap,ou=Usuarios,ou=CEED,dc=ceed,dc=local
* Manager DN Usage = Always (before was for login data only) **important
option**
*read-only= on

The server now connect to port 3268

Zope users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.