httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hart <tomh...@coopfed.org>
Subject Re: [users@httpd] ldap authentication not working
Date Thu, 04 Oct 2007 17:58:31 GMT
Ok, I'm getting a bit closer. Here's what I have now.

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order deny,allow

    AuthType Basic
    AuthName "Testing LDAP Auth"
    AuthBasicProvider ldap
   
    #AuthLDAPAuthoritative on - still doesn't let apache start

    AuthLDAPUrl "ldap://server/?sAMAccountName"
    AuthLDAPBindDN "cn=cu_apache,cn=Users,dc=coopfed,dc=local"
    AuthLDAPBindPassword "********"

    Require valid-user

</Directory>

Now I get a login box, but when using the admin u/p I get this in error.log

[Thu Oct 04 13:57:10 2007] [warn] [client 192.168.1.207] [6764] 
auth_ldap authenticate: user administrator authentication failed; URI 
/test.php [LDAP: ldap_simple_bind_s() failed][Invalid Credentials]
[Thu Oct 04 13:57:10 2007] [error] [client 192.168.1.207] user 
administrator: authentication failure for "/test.php": Password Mismatch

I know the login credentials are correct. Is there a better way to set 
up LDAPUrl or to see what's trying to authenticate where in the 2003 AD?

Tom Hart wrote:
> As a follow-up I realized ldap-user is used to specifiy a certain user 
> aka ldap-user "Joe Smith". However based on the fact that I'm not 
> getting prompted for a u/p, and AuthLDAPAuthoritative is failing, I 
> believe my problem lies deeper than that. I could be wrong of course, 
> just trying to narrow down the search.
>
> Tom Hart wrote:
>> Hi everybody. Thanks to the help of this list I managed to get the 
>> auth_ldap module loaded, but now I'm having a little trouble bringing 
>> this project to full fruition.
>>
>> I'm not sure which part of this is failing, and unfortunately I can't 
>> seem to find where I can see any type of log info about ldap access 
>> attemps, whether they're even happening, or why apache won't start 
>> with AuthLDAPAuthoritative on.
>>
>> Any ideas? Here's my main directory chunk from httpd.conf
>>
>> <Directory "C:/Program Files/Apache Software 
>> Foundation/Apache2.2/htdocs">
>>    Options Indexes FollowSymLinks
>>    AllowOverride None
>>    Order allow,deny
>>
>>    #AuthLDAPAuthoritative on - apache won't start with this enabled
>>
>>    AuthType Basic
>>    AuthName "Testing LDAP Auth"
>>    AuthBasicProvider ldap
>>
>>    AuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local"
>>    AuthLDAPBindDN "cn=tomhart,ou=people,dc=coopfed,dc=local"
>>    AuthLDAPBindPassword ********
>>
>>    Require ldap-user
>>
>> </Directory>
>>
>> Also, I'm not sure how important this is but I'm using windows 2003 
>> server.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message