Return-Path: 
 <users-return-69007-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 98951 invoked from network); 19 Dec 2006 22:44:34 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 19 Dec 2006 22:44:34 -0000
Received: (qmail 96245 invoked by uid 500); 19 Dec 2006 22:44:29 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 96230 invoked by uid 500); 19 Dec 2006 22:44:29 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 96219 invoked by uid 99); 19 Dec 2006 22:44:29 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Dec 2006 14:44:29 -0800
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: local policy)
Received: from [209.197.59.83] (HELO mail.prologic-inc.com) (209.197.59.83)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Dec 2006 14:44:19 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
Date: Tue, 19 Dec 2006 17:42:03 -0500
Message-ID: <2DBB9F887DAA394FA75D98474EA5730D030DA363@vader.prologic-inc.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache 2.2.3 + Active Directory
Thread-Index: AccjvucJKj9vx21jRGCPbSLwNqwXKA==
From: "Dan Nawrocki" <dnawrocki@prologic-inc.com>
To: <users@httpd.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: [users@httpd] Apache 2.2.3 + Active Directory

I am attempting to use authentication over LDAP (actually Active
Directory), but it's not working and I'm going crazy!  Here's my
configuration file:

<Directory />
  SSLOptions +StdEnvVars
  Options FollowSymLinks
  AllowOverride None

  AuthType Basic
  AuthBasicProvider ldap
  AuthName "auth me!"
  AuthLDAPBindDN "bind_username"
  AuthLDAPBindPassword bind_password
  AuthLDAPURL ldap://host:389/dn?sAMAccountName

  Require valid-user
</Directory>


I'm getting two types of errors, depending on which username and
password I provide:

auth_ldap_authenticate: user xxx authentication failed ...
[ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]

Or

auth_ldap_authenticate: user yyy authentication failed ... [User not
found][No such object]

My first reaction was that this is a problem binding to the AD server,
but when I use ldapsearch with the bind_username and bind_password using
simple authentication, my queries work as expected.

Note that I am trying to serve this page over SSL in a VirtualHost; I
haven't tried basic HTTP.  If this is a problem, I can try again.

Does anyone have any ideas?

Thanks,
Dan Nawrocki



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org