httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Fischer <mike.fisc...@ipsi.fraunhofer.de>
Subject [users@httpd] mod_ldap, mod_auth_ldap, SSL and Active Directory
Date Wed, 16 Feb 2005 14:49:16 GMT
Hello there,

I'm trying to set up mod_auth_ldap to authenticate users via Active 
Directory.

I got as far as that it'll work, if I don't use SSL for the ldap 
connection to the AD-server.

In Detail:
I included LDAPTrustedCA and LDAPTrustedCAType in the httpd.conf
I set up an .htaccess-File Like this:
-----------------------------------------------------------------------
AuthType Basic
AuthName LDAPAuth
AuthLDAPEnabled on
require valid-user
AuthLDAPURL 
ldaps://aaa.bbb.ccc.ddd/dc=ipsi,dc=fraunhofer,dc=de?sAMAccountName?sub
AuthLDAPAuthoritative on
AuthLDAPBindDN cn=account,cn=whatever,dc=ipsi,dc=fraunhofer,dc=de
AuthLDAPBindPassword password
-----------------------------------------------------------------------

If I try to access the directory, I get permission denied.
Here's the log entry:
[Wed Feb 02 15:02:43 2005] [warn] [client eee.fff.ggg.hhh] [13851] 
auth_ldap authenticate: user thisuser authentication failed; URI /privat 
[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

It works ok if I use ldap: instead of ldaps: in the above mentioned
.htaccess file.

 From reading the source I gather that the initial connection attempt
is probably failing.

I tried sniffing on the AD box, but with the SSL packets being
encrypted, that was no help.

Does anyone have an idea how I could dget more insight into this
situation?

Kind regards,
Mike Fischer
-- 
Fraunhofer Gesellschaft e.V.
IPSI.ITI

Dolivostr. 15
64293 Darmstadt
Telefon: 06151 / 869 - 845


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message