httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arthur DiSegna" <adise...@authentium.com>
Subject RE: [users@httpd] authentication problem with apache2 + ldap + active directory
Date Sun, 18 Jun 2006 11:47:41 GMT
 

	-----Original Message----- 
	From: empty body [mailto:emptybody@gmail.com] 
	Sent: Sat 6/17/2006 9:41 PM 
	To: users@httpd.apache.org 
	Cc: 
	Subject: [users@httpd] authentication problem with apache2 + ldap + active directory
	
	

	ldap authentication fails with the following message in the error log:
	
	-----------------
	[Sat Jun 17 21:11:19 2006] [debug] mod_auth_ldap.c(337): [client
	192.168.x.x] [22698] auth_ldap authenticate: using URL
	ldap://ad.host.name.com:389/DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*)
	[Sat Jun 17 21:11:19 2006] [warn] [client 192.168.x.x] [22698]
	auth_ldap authenticate: user flastname authentication failed; URI
	/test [ldap_search_ext_s() for user failed][Operations error]
	[Sat Jun 17 21:11:28 2006] [debug] mod_headers.c(527): headers:
	ap_headers_output_filter()
	-----------------
	
	this is the relevant config:
	
	-----------------
	LoadModule ldap_module modules/mod_ldap.so
	LoadModule auth_ldap_module modules/mod_auth_ldap.so
	<Location /test>
	    AuthType Basic
	    AuthName "LDAP test"
	    AuthLDAPURL
	ldap://ad.host.name.com:389/DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*)
	    AuthLDAPBindDN "CN=BindLDAPUsername,OU=Generic IDs,DC=XYZ,DC=ABC,DC=com"
	    AuthLDAPBindPassword password
	    Require valid-user
	</Location>
	-----------------
	
	when i capture the traffic between the AD and apache, i can see the
	bind happen, then the query, then the response with one record and
	proper sAMAccountName, but no subsequent bind to the LDAP server using
	the DN and the password passed by the HTTP client.
	
	i can run the same exact query using ldapsearch and it gets back
	identical results (and captured traffic looks the same):
	
	-----------------
	ldapsearch -v -W -x \
	-D"CN=BindLDAPUsername,OU=Generic IDs,DC=XYZ,DC=ABC,DC=com" \
	-H ldap://ad.host.name.com:389 \
	-b "DC=XYZ,DC=ABC,DC=com" \
	"(&(objectClass=*)(sAMAccountName=flastname))" sAMAccountName
	-----------------
	
	
	tcpdump capture between apache and AD:
	http://rafb.net/paste/results/9Duquf89.html
	
	software:
	---------
	openldap 2.3.21 from sunfreeware.com
	solaris sparc 8
	apache 2.0.55
	
	thank you.
	
	---------------------------------------------------------------------
	The official User-To-User support forum of the Apache HTTP Server Project.
	See <URL:http://httpd.apache.org/userslist.html> for more info.
	To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
	   "   from the digest: users-digest-unsubscribe@httpd.apache.org
	For additional commands, e-mail: users-help@httpd.apache.org
	

	--------------------------------------------------------------------------------------

	

	
	Hi,  I am trying to setup authentication with AD as well but I am having the hard time compiling
Apache. Do you mind emailing me your ./configure line? I have apr and apr-util compiled and
installed but when 'make' Apache I receive an error about authnz is used by apr-util and must
be compiled using --with-ldap. This doesn't work.. Does anyone have any suggestions.
	 
	Thanks

	
	

Mime
View raw message