httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "SANCHEZ, Michel" <michel.SANC...@airbus.com>
Subject [users@httpd] Authentification problem with Apache 2.23 and OpenLDAP 2.2 on win32
Date Wed, 17 Jan 2007 13:49:32 GMT
Hi,

Apache 2.2.3, OpenLDAP 2.2.29, both on win32.

It seems that the LDAP authentification mechanism with mod_authnz_ldap.so doesn't work.

Apache configuration httpd conf :

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

ProxyPass / balancer://mycluster stickysession=jsessionid nofailover=on
<Location />
  Order allow,deny
  Allow from all	
  AuthType Basic
  AuthName "Cluster Test"
   AuthBasicProvider ldap
  AuthzLDAPAuthoritative off
  AuthLDAPBindDN "cn=Manager,dc=my-domain,dc=com"
  AuthLDAPBindPassword "admin"

  AuthLDAPURL "ldap://tola300003783.tls.fr.eu.airbus.corp:389/ou=people,dc=my-domain,dc=com?uid"
  Require valid-user
</Location>

The query with ldapsearch works well, from Apache i got en internal server error

Error log :
[Wed Jan 17 14:34:20 2007] [debug] mod_authnz_ldap.c(373): [client 152.3.74.202] [2184] auth_ldap
authenticate: using URL ldap://tola300003783.tls.fr.eu.airbus.corp:389/ou=people,dc=my-domain,dc=com?uid
[Wed Jan 17 14:34:20 2007] [warn] [client 152.3.74.202] [2184] auth_ldap authenticate: user
michel authentication failed; URI / [ldap_search_ext_s() for user failed][Erreur de protocole]

slapd.log :
backend_startup: starting "dc=my-domain,dc=com"
bdb_db_open: dbenv_open(./data)
slapd starting
connection_get(1212): got connid=0
connection_read(1212): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 51 contents:
ber_get_next
do_bind
ber_get_next on fd 1212 failed errno=10035 (WSAEWOULDBLOCK)
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>
=> ldap_bv2dn(cn=Manager,dc=my-domain,dc=com,0)
ldap_err2string
<= ldap_bv2dn(cn=Manager,dc=my-domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=Manager,dc=my-domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=manager,dc=my-domain,dc=com)=0 Success
<<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>, <cn=manager,dc=my-domain,dc=com>
do_bind: version=3 dn="cn=Manager,dc=my-domain,dc=com" method=128
do_bind: v3 bind: "cn=Manager,dc=my-domain,dc=com" to "cn=Manager,dc=my-domain,dc=com"
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=4 tag=97 err=0
ber_flush: 14 bytes to sd 1212
connection_get(1212): got connid=0
connection_read(1212): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 107 contents:
connection_input: conn=0 deferring operation: binding
do_search
ber_scanf fmt ({miiiib) ber:
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=3 tag=101 err=2
ber_flush: 32 bytes to sd 1212


Thanks for help.

Michel.



This e-mail is intended only for the above addressee. It may contain privileged information.
If you are not the addressee you must not copy, distribute, disclose or use any of the information
in it. 
If you have received it in error please delete it and immediately notify the sender.
Security Notice: all e-mail, sent to or from this address, may be accessed by someone other
than the recipient, for system management and security reasons. This access is controlled
under Regulation of security reasons.
This access is controlled under Regulation of Investigatory Powers Act 2000, Lawful Business
Practises.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message