I have a web appication that uses LDAP to authenticate users. It is fairly simple and works very weel except for one single individual...

The web application uses apache mod_authnz_ldap. I cannot change this!

The error logs say:
Code:
[warn] auth_ldap authenticate: user USERNAME authentication failed; URI /webapp.php [User is not unique (search found two or more matches)][No such object]
[error]  user USERNAME not found: /webapp.php
If I delete the user I get the error I would expect:
Code:
[warn] auth_ldap authenticate: user USERNAME authentication failed; URI /webapp.php [User not found][No such object]
[error] user USERNAME not found: /webapp.php
I have checked and double,triple checked that there is no other user with that cn, uid, uidNumber, email or anyother duplicate value!
I have deleted and recreated the user and as long as it is the same name, it will not work?? Other new users work fine!

The obvious solution is to use a different username, but that is not the point of this thread. I want to know WHY it is happening.

I have turned on debug level logging on the apache server and while this gives me all the information I would ever need to create a webserver from scratch, it is useless as to the exact LDAP conversation between Web Server and LDAP Server!

I have tried to use NDSTRACE, but all I can seem to get out of it is
Code:
09:39:20 0 00000000 FFFFFFFF -1 Event: LDAP Unbind (succeeded)
09:39:20 0 00000000 FFFFFFFF -1 Event: LDAP Connection (succeeded)
09:39:20 0 00000000 FFFFFFFF -1 Event: LDAP Bind (succeeded)
09:39:20 0 00000000 FFFFFFFF -1 Event: LDAP Bind Response (succeeded)
09:39:20 0 00000000 FFFFFFFF -1 Event: LDAP Search (succeeded)
09:39:20 0 00000000 FFFFFFFF -1 Event: LDAP Search Entry Response (succeeded)
Which is useless to me!

What I want to get is a detailed log of exactly what LDAP parameters are going to the server and the responses back! The LDAP Filter, Base, Search Scope, Attributes......

Bob