httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stephen mccaul <>
Subject [users@httpd] mod_auth_ldap problems
Date Fri, 04 Oct 2002 13:13:16 GMT

Hello i have recently been trying to get mod_auth_ldap to work and have 
run into a brick wall. After configuring a test Location according to the 
examples given in the very well written documentation i fail to ever see 
any evidence that mod_auth_ldap is ever trying to authenticate against my 
ldap server. This seems like i am perhaps missing something silly.

relevant portions of config (slightly edited for security):

LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600

Alias /test "/home/test"
<Directory "/home/test">
	AllowOverride All
	AuthName "test"
	AuthType Basic
	AuthLDAPURL ldap://myldapserver/ou=People,,o=UoA?uid?sub 
	AuthLDAPBindDN ...
	AuthLDAPBindPassword ...
	require valid-user

What apache says in error_log: 
[error] Internal error: pcfg_openfile() called with NULL filename
[error] (9)Bad file descriptor: Could not open password file: (null)

i also tried putting the above LDAP directives into an .htaccess with 
slightly different result:
[error] user stephen not found: /test

this looked promising but i could not get any authentication to work so i 
tried tcpdump on the webserver which never showed any traffic to ldap. 
(yes i restarted httpd so the ldap cache would be empty)

At this point there are two issues:
	Why do the httpd.conf directives look for a file (i assume 
.htaccess?) and do not give auth_ldap a chance?

	why doesn't auth_ldap communicate with ldap?

in researching the first issue i read about the ordering of the auth 
modules having an effect. I tried recompiling httpd so that auth_ldap and 
util_ldap were .so so that i could explicitly control the loading. this 
made no difference. mod_auth is built in and mod_auth_ldap is dynamic 
which would imply that mod_auth_ldap is loaded after mod_auth and should 
get first crack at the authorization?

another thing tried was turning the log level to debug. The only LDAP 
related messages that came through were when it parsed the URL. From the 
debug output it looked like it parsed it correctly.

any help would be appreciated.

oh, almost forgot. This is httpd-2.0 cvs head. I'm trying to get 
subversion working with ldap authentication. I'm using openldap-2.0.27
for ldap client libraries. I'm working on a gentoo linux box.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message