Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 86270 invoked from network); 16 Mar 2007 14:23:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Mar 2007 14:23:42 -0000 Received: (qmail 24702 invoked by uid 500); 16 Mar 2007 14:23:35 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 24646 invoked by uid 500); 16 Mar 2007 14:23:35 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 24620 invoked by uid 99); 16 Mar 2007 14:23:35 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Mar 2007 07:23:35 -0700 X-ASF-Spam-Status: No, hits=2.3 required=10.0 tests=HTML_FONT_BIG,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [24.172.62.1] (HELO sun.zacwolf.com) (24.172.62.1) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Mar 2007 07:23:21 -0700 Received: from [24.172.62.6] (saturn.zacwolf.com [24.172.62.6]) (authenticated bits=0) by sun.zacwolf.com (8.12.8/8.12.8) with ESMTP id l2GEMkcP008685 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 16 Mar 2007 10:22:46 -0400 Message-ID: <45FAA842.6060101@zacwolf.com> Date: Fri, 16 Mar 2007 10:22:58 -0400 From: Zac Morris User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: users@httpd.apache.org X-Enigmail-Version: 0.94.2.0 Content-Type: multipart/alternative; boundary="------------080300030804050404010902" X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] SECOND REQUEST: mod_authnz_ldap.so module --------------080300030804050404010902 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi, I need some help. I've tried Goggle and some forums with no luck on this one... I've setup a win32 Apache 2.2.4 server, with the *mod_authnz_ldap* module. When I access a protected url I'm getting an Error 500 and the error.log shows: [Tue Mar 13 16:26:06 2007] [warn] [client 127.0.0.1] [5496] auth_ldap authenticate: user devuser authentication failed; URI /servframe/images/edit.gif [ldap_search_ext_s() for user failed][Protocol Error] I'm pointing at an OpenLDAP-2.2.23 repository (running on a different server on the same subnet). I've configured Tomcat in a similar way (pointing to the same ldap repository via the: ...which is working just fine. >From what few hints I'm finding online, it seems that the "protocol error" can be seen depending on which LDAP SDKS were used during the build of mod_authnz_ldap? I've tried a couple different version of this library from various sources all with no luck, and I don't have the setup necessary to compile it on my own. Is ANYONE familiar with this problem, and is there a simple way to fix it? THANKS! -Zac P.S. The relevant portion of httpd.conf LDAPSharedCacheSize 200000 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600 Alias /servframe "R:\servframe" AllowOverride All order allow,deny allow from all AuthName "servframe" AuthType Basic AuthBasicProvider ldap AuthLDAPURL ldap://192.168.1.2:389/ou=people,o=/{domain here}/?uid?sub?(objectClass=*) AuthzLDAPAuthoritative off require valid-user --------------080300030804050404010902 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi,

I need some help.=C2=A0 I've tried Goggle and some forums with no luck on= this one...

I've setup a win32 Apache 2.2.4 server, with the mod_authnz_ldap module.=C2=A0 When I access a protected url I'm getting an Error 500 and = the error.log shows:

[Tue Mar 13 16:26:06 2007] [warn] [client 127.0.0.1] [5496] auth_ldap authenticate: user devuser authentication failed; URI /servframe/images/edit.gif [ldap_search_ext_s() for user failed][Protocol Error]

I'm pointing at an OpenLDAP-2.2.23 repository (running on a different server on the same subnet).


I've configured Tomcat in a similar way (pointing to the same ldap repository via the:
=C2=A0=C2=A0=C2=A0 <Rea= lm=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 className=3D"org.apache.catalina.realm.JNDIRealm" debug=3D"99"
=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0= =C2=A0 connectionURL=3D"ldap://192.168.1.2/"
=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0= =C2=A0 userBase=3D"ou=3Dpeople,o=3D{domain here}"
=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0= =C2=A0 userSearch=3D"(uid=3D{0})"
=C2=A0=C2=A0=C2=A0 =C2=A0 />

=2E..which is working just fine.


=46rom what few hints I'm finding online, it seems that the "protocol error" can be seen depending on which LDAP SDKS were used during the build of mod_authnz_ldap?=C2=A0 I've tried a couple different version of this library from various sources all with no luck, and I don't have the setup necessary to compile it on my own.

Is ANYONE familiar with this problem, and is there a simple way to fix it?

THANKS!
-Zac


P.S.=C2=A0 The relevant portion of httpd.conf

<IfModule authnz_ldap_module>
=C2=A0=C2=A0=C2=A0 LDAPSharedCacheSize 200000
=C2=A0=C2=A0=C2=A0 LDAPCacheEntries 1024
=C2=A0=C2=A0=C2=A0 LDAPCacheTTL 600
=C2=A0=C2=A0=C2=A0 LDAPOpCacheEntries 1024
=C2=A0=C2=A0=C2=A0 LDAPOpCacheTTL 600
</IfModule>
Alias /servframe "R:\servframe"
<Directory "R:\servframe">
=C2=A0=C2=A0=C2=A0=C2=A0 AllowOverride All
=C2=A0=C2=A0=C2=A0=C2=A0 order allow,deny
=C2=A0=C2=A0=C2=A0=C2=A0 allow from all
=C2=A0=C2=A0=C2=A0=C2=A0 AuthName "servframe"
=C2=A0=C2=A0=C2=A0=C2=A0 AuthType Basic
=C2=A0=C2=A0=C2=A0 =C2=A0AuthBasicProvider ldap
=C2=A0=C2=A0=C2=A0=C2=A0 AuthLDAPURL ldap://192.168.1.2:389/= ou=3Dpeople,o=3D{domain=C2=A0 here}?uid?sub?(objectClass=3D*)
=C2=A0=C2=A0=C2=A0 =C2=A0AuthzLDAPAuthoritative off
=C2=A0=C2=A0=C2=A0 =C2=A0require valid-user
</Directory> --------------080300030804050404010902--