Mac OSX authentication on Mindtouch Core 10.1.3 - "Password Provided? False"
I have installed Mindtouch core on 64-bit Ubuntu Server 10.04. Mono version is: 2.10.2. I've been trying to set up LDAP authentication against Open Directory on a Lion server, running 10.7.4. I can't seem to get OSX Open Directory authentication working. Local auth is fine, but when using OSX auth on the main login page, I recieve the following error:
Your login has failed - please verify that your username and password are correct.
The configuration is as follows:
Type: nativeBrowsing to http://myserver/@api/deki/services/default/49 produces the following error:
hostname: <MYLIONSERVERIP> (My DNS works fine, but I saw that even the Mindtouch guys were using an IP here, so I followed suit...)
405Method Not Allowedallowed methods are DELETE When I try to login to the wiki using the OSX authentication, I get the following in /var/log/dekiwiki/deki-api.log:
2012-07-09 20:56:11,373 [DispatchThread #25] WARN MindTouch.Deki.Services.LdapAuthenticationService - GetLdapConnection(Failed to bind to LDAP server: '<MYLIONSERVERIP>' with bindingdn: 'uid=test1,cn=users,dc=MYHOSTNAME,dc=MYHOSTNAME,dc =com'. Password provided? False. Exception: LdapException: (49) Invalid CredentialsI found a post regarding the "Password Provided? False" message caused by special characters in passwords. It was determined that this was a bug in the authentication script. I'm not sure if this bug was resolved, but I have changed my test password to an alphanumeric one anyway. However, the issue persists. I've even tried passwords without numbers.
LdapException: Matched DN: )
Novell.Directory.Ldap.LdapException: Invalid Credentials
at Novell.Directory.Ldap.LdapResponse.chkResultCode () [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.chkResultCode (Novell.Directory.Ldap.LdapMessageQueue queue, Novell.Directory.Ldap.LdapConstraints cons, Novell.Directory.Ldap.LdapResponse response) [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, System.String dn, System.SByte passwd, Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, System.String dn, System.String passwd, Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn, System.String passwd) [0x00000] in <filename unknown>:0
at MindTouch.Deki.Services.LdapClient.GetLdapConnecti onFromBindingDN (System.String server, System.String bindingdn, System.String password) [0x00000] in <filename unknown>:0
I have also tried setting the bindingdn to a specific user, and adding the bindingpw key, and using an alphanumeric password for this user. With this configuration, I still get the "Password Provided? False" message.
Telnet to port 389 from Mindtouch server to Lion server works fine. Running tcpdump on both machines during a login test, I do see the Mindtouch server reaching out to my Lion server on tcp/389. So, it is definitely not a firewall issue. (These servers are on the same subnet, and no iptables or anything like that anyway) The strangest thing about this is that despite seeing the traffic, I don't see an authentication attempt in the log on the Lion / OD side.
Does anyone have any ideas? Please let me know if there are any additional details I can provide. I'm pretty stumped here... I just started a second fresh install to verify that the issue is reproducible, so I'll post my findings tonight or tomorrow on that endeavor.
Thanks in advance!
Last edited by supasledge; 07-10-2012 at 01:45 AM.
Update after fresh installation
Ok, so I tried reinstalling from scratch on a new server. I used the same procedure as my first try, to the letter. (I followed documentation I had created the first time through) OSX authentication is configured with the same settings:
Type: nativeIt worked on the first try! I wish I could tell what went wrong the first time, but the new install seems to be working for now. Apologies to anyone who reads this huge thread for nothing!
Tags for this Thread