httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Clarke, Roy" <rcla...@ptc.com>
Subject RE: [users@httpd] LDAP auth problems.
Date Thu, 03 Mar 2005 08:05:25 GMT
Eric, 

I have no real answer but I am seeing the same thing with Apache 2.0.50,
using the LDAP module to hook into a Lotus Notes LDAP service that
requires Bind DN/password details. I use AuthLDAP all the time for our
software, which is bundled with an LDAP that does not require Bind
credentials with no problems.

My problem comes from trying to hook an existing Lotus Notes LDAP into
this system which does need bind credentials. Turning on debug logging
in httpd.conf I see that errors are coming from the Microsoft LDAP SDK
that the AuthLDAP module has been compiled against in our instance.

I tried the Apache 1.3.x that our software used to bundle, where the
AuthLDAP was pre-compiled with the old Netscape LDAP SDK libraries, and
it works fine, so from what I am seeing and what you have reported I'm
wondering if there is some issue / tweak required to get Apache 2's
AuthLDAP module going againt LDAPs needing bind credentials. I
understand there were a number of changes to AuthLDAP from Apache 1.3 to
Apache 2.

Has anyone had any success in this area?

The only other thing I can think of in your case Eric is that doesn't AD
server use different objectclasses in it's schema to store users than
standard? Maybe these don't inherit the inetOrgPerson (or similar)
standard object class? Could be way off the mark here though...

Roy


-----Original Message-----
From: Eric Ladner [mailto:eric.ladner@gmail.com] 
Sent: 02 March 2005 20:53
To: users@httpd.apache.org
Subject: [users@httpd] LDAP auth problems.


I have an apache 2.0.52 server set up and I'm trying to get LDAP
authentication working with a Win2K AD server.

<Directory /opt/apache/htdocs/test_auth>
  #SetHandler ldap-status
  Order allow,deny
  Allow from all
  AuthLDAPEnabled on
  AuthLDAPAuthoritative on
  AuthName "Password Access"
  AuthLDAPBindDN
cn=svc-loc-unix,OU=Services00,OU=Services,OU=LOCATION,OU=North%20America
,OU=Somewhere,dc=DOMAIN,dc=somewhere,dc=net
  AuthLDAPBindPassword mypassword
  AuthLDAPUrl
ldap://server.somewhere.net/OU=LOCATION,OU=North%20America,OU=Somewhere,
DC=DOMAIN,DC=somewhere,DC=net?cn?sub

)
  AuthType Basic
  require valid-user
</Directory>

All I'm getting back in the erorr log when I try an authentication is
this:

[Wed Mar 02 14:49:10 2005] [error] [client 10.0.0.5] user eric not
found: /test_auth

(of course, the names have been changed to protect the innocent).

Anybody have any ideas?  I've tried all kinds of different URL's on the
AuthLDAPUrl line, too.
-- 
Eric Ladner

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message