Wednesday 2014-02-12

After 30 minutes of trying to get wordpress 3.5.1 to log authentication requests, I gave up and just tcpdump'd the LDAP transaction.

> tshark -r wp.pcap 
  1   0.000000    10.1.0.60 -> 10.1.0.162   TCP 51892 > ldap [SYN] Seq=0 Win=14600 Len=0 MSS=1460 TSV=549306396 TSER=0 WS=5
  2   0.000140   10.1.0.162 -> 10.1.0.60    TCP ldap > 51892 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=1609855233 TSER=549306396 WS=3
  3   0.000163    10.1.0.60 -> 10.1.0.162   TCP 51892 > ldap [ACK] Seq=1 Ack=1 Win=14624 Len=0 TSV=549306396 TSER=1609855233
  4   0.000191    10.1.0.60 -> 10.1.0.162   LDAP bindRequest(1) "=test_user,dc=ofs,dc=edu,dc=sg" simple 
  5   0.000278   10.1.0.162 -> 10.1.0.60    TCP ldap > 51892 [ACK] Seq=1 Ack=58 Win=5792 Len=0 TSV=1609855233 TSER=549306396
  6   0.000388   10.1.0.162 -> 10.1.0.60    LDAP bindResponse(1) invalidDNSyntax (invalid DN) 
  7   0.000399    10.1.0.60 -> 10.1.0.162   TCP 51892 > ldap [ACK] Seq=58 Ack=25 Win=14624 Len=0 TSV=549306396 TSER=1609855233
  8   0.003992    10.1.0.60 -> 10.1.0.162   LDAP unbindRequest(2) 
  9   0.004016    10.1.0.60 -> 10.1.0.162   TCP 51892 > ldap [FIN, ACK] Seq=65 Ack=25 Win=14624 Len=0 TSV=549306400 TSER=1609855233
 10   0.004154   10.1.0.162 -> 10.1.0.60    TCP ldap > 51892 [FIN, ACK] Seq=25 Ack=66 Win=5792 Len=0 TSV=1609855237 TSER=549306400
 11   0.004163    10.1.0.60 -> 10.1.0.162   TCP 51892 > ldap [ACK] Seq=66 Ack=26 Win=14624 Len=0 TSV=549306400 TSER=1609855237

Simple LDAP Login v 1.5.5 needs some tweaks as you probably need to specify the OU in the base DN (contrary to the docs), and you need to specify the LDAP Login Attribute.

The above tcpdump shows both of them missing, and after the tcpdump, ldap auth was working within 5 minutes.