httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Waltz, Micheal" <mwa...@adtest.ucsd.edu>
Subject [users@httpd] Apache 2 LDAP authentication against Apple Open Directory Server
Date Tue, 19 Jun 2007 23:35:32 GMT
I am new to using mod_ldap and mod_auth_ldap to create an ACL for certain directories we want
to limit access to. I've managed to get it working properly with OpenLDAP but we migrated
to Apple's Open Directory Server on OSX, which from what I've read should act similar. This
is not the case and I keep getting the following error in my Redhat EL4 Apache 2.0.55 error
log whenever I try to login:

[Mon Jun 18 16:06:40 2007] [warn] [client 132.239.79.130] [18337] auth_ldap authenticate:
user username authentication failed; URI /ldaptest/ [ldap_simple_bind_s() to check user credentials
failed][Invalid credentials]

Here are the relevant sections in the httpd.conf:


LoadModule ldap_module modules/mod_ldap.so

LoadModule auth_ldap_module modules/mod_auth_ldap.so



....



<Directory "/www/docs/public/ldaptest">

        AuthType Basic

        AuthName "LDAP Test"

        AuthLDAPBindDN uid=adminuser,cn=users,dc=server,dc=ucsd,dc=edu

        AuthLDAPBindPassword secret

        AuthzLDAPAuthoritative off

        AuthLDAPURL ldap://server.ucsd.edu:389/cn=users,dc=server,dc=ucsd,dc=edu?uid

        AuthLDAPRemoteUserIsDN OFF

        require valid-user

</Directory>

No errors or warnings come up when the server is started and I don't see anything relevant
on the OD log side, just the apache error above. Ideally I would like to authenticate with
valid users and groups over an anonymous bind, but without the AuthLDAPBindDN it gives another
error about [Invalid Credentials].

I've looked around online as much as I could, but I haven't found any other cases of GNU/Linux
Apache2 servers using OSX OD server for an ACL. One solution that looks promising is using
Apples mod_auth_apple, but I am unable to find the source code on the Darwin site for it to
even attempt to compile it myself. The command ldapsearch works fine from the shell and I
can query users anonymously or authenticated without any problems. If anyone has had any experience
with this type of setup or could offer any help I would be most grateful, thank you.

Specifics:
Client Server: Redhat EL4 - Apache 2.0.55 - Standard install
LDAP Server: Apple OS X 10.4.9 - Open Directory Master - Directory Binding Enabled, SSL Enabled,
All Hash and Authentication Methods checked

Micheal Waltz
System Administrator
UCSD Educational Computing
858-822-3959
http://meded.ucsd.edu/edcom


Mime
View raw message