httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sven Peters">
Subject [users@httpd] auth_mod_ldap with groups - invalid DN ?
Date Tue, 04 Feb 2003 18:58:19 GMT

I'm trying to use the mod_auth_ldap in 2.0.44 for Group-LDAP Auth.
This is my config (the interesting part):

        <Directory /home/intranet/sysadmin/>
                AuthType Basic
                AuthName "Sysadmin-Bereich"
                order deny,allow
                AuthLDAPEnabled on
                AuthLDAPURL "ldap://localhost/dc=lucky,dc=de?uid
                AuthLDAPGroupAttributeIsDN Off
                AuthLDAPGroupAttribute memberUid
                require group "cn=Domain Admins,ou=Groups,dc=lucky,dc=de"

When the auth takes progress i get the following in the error_log:

[Tue Feb 04 19:48:37 2003] [debug] mod_auth_ldap.c(261): [client] [22043] auth_ldap authenticate: using URL
[Tue Feb 04 19:48:37 2003] [debug] mod_auth_ldap.c(329): [client] [22043] auth_ldap authenticate: accepting spete
[Tue Feb 04 19:48:37 2003] [debug] mod_auth_ldap.c(549): [client] [22043] auth_ldap authorise: require group: testing for group
membership in `"cn=Domain Admins,ou=Groups,dc=lucky,dc=de"'
[Tue Feb 04 19:48:37 2003] [debug] mod_auth_ldap.c(554): [client] [22043] auth_ldap authorise: require group: testing for
memberUid: spete ("cn=Domain Admins,ou=Groups,dc=lucky,dc=de")
[Tue Feb 04 19:48:37 2003] [debug] mod_auth_ldap.c(569): [client] [22043] auth_ldap authorise: require group: authorisation
failed [Comparison complete][Invalid DN syntax]
[Tue Feb 04 19:48:37 2003] [debug] mod_auth_ldap.c(592): [client] [22043] auth_ldap authorise: authorisation denied

Also the ldap.log shows:

Feb  4 19:48:37 mars slapd[21239]: do_compare: invalid dn ("cn=Domain

The part of the LDAP of the group look like:

dn: cn=Domain Admins,ou=Groups,dc=lucky,dc=de
objectClass: posixGroup
gidNumber: 200
cn: Domain Admins
description: Windows Domain Users
memberUid: spete

What's wrong with my config? What do I need to set to provide a valid DN?

Thanks for helping.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message