httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sascha Kersken" ...@lingoworld.de>
Subject Re: [users@httpd] Apache2.2.4 - LDAP
Date Mon, 23 Apr 2007 21:58:32 GMT
Hi again,

> Hey Thanks - that totally got me to my hopefully last problem - Any idea
> on the below ?

[Mon Apr 23 14:45:21 2007] [warn] [client 127.0.0.1] [2124] auth_ldap
authenticate: user XXXXX\\VTLU authentication failed; URI / [LDAP:
ldap_simple_bind_s() failed][Invalid Credentials]
[Mon Apr 23 14:45:21 2007] [error] [client 127.0.0.1] user XXXXX\\VTLU:
authentication failure for "/": Password Mismatch

To authenticate the request to the LDAP server, you need an AuthLDAPBindDN 
directive like
AuthLDAPBindDN "cn=ldap-user, dc=testnet, dc=local"

The AuthLDAPRemoteUserAttribute directive you used merely sets the 
REMOTE_USER environment variable but doesn't specify the user for the LDAP 
bind.

Regards
Sascha

-----Original Message-----
From: Sascha Kersken [mailto:sk@lingoworld.de]
Sent: Monday, April 23, 2007 2:00 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache2.2.4 - LDAP

Hi,

> [Mon Apr 23 13:37:34 2007] [notice] Child 3880: Starting thread to
listen
> on port 7070.
> [Mon Apr 23 13:37:40 2007] [error] Internal error: pcfg_openfile()
called
> with NULL filename
> [Mon Apr 23 13:37:40 2007] [error] [client 127.0.0.1] (9)Bad file
> descriptor: Could not open password file: (null)

> Could it be the AuthName ? I have it set to my user id

No, auth name is the realm; i.e. the authentication context (provided
within
the login box by the browser).

> <Directory />
>             Order allow,deny
>             Allow from all
>             AuthType Basic
>             AuthName vtlu
>             AuthzLDAPAuthoritative on
>             AuthLDAPUrl ldap://aaa.bbbb.org:389/basedn?sAMAccountName?
>             AuthLDAPRemoteUserAttribute vtlu
>             AuthLDAPBindPassword xxxxxx
>             require valid-user
> </Directory>


With Apache 2.2, you need to add the line
  AuthBasicProvider ldap
If you don't, Apache presumes the file provider and looks for an
AuthUserFile directive which you don't provide here (because you want
ldap).
That's the reason for the "NULL filename" error message.


Regards
Sascha

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message