httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hart <tomh...@coopfed.org>
Subject Re: [users@httpd] ldap authentication not working
Date Thu, 04 Oct 2007 18:09:58 GMT
I'm beginning to believe that the BindDN and BindPassword are incorrect, 
because it doesn't seem to matter what I type in there, I get the same 
results. I'm pretty sure I have the DN correct though.

We have an apache service account (account name is cu_apache) in the 
Users container under our domain coopfed.local. Does the DN seem right?

Tom Hart wrote:
> Ok, I'm getting a bit closer. Here's what I have now.
>
> <Directory "C:/Program Files/Apache Software 
> Foundation/Apache2.2/htdocs">
>    Options Indexes FollowSymLinks
>    AllowOverride None
>    Order deny,allow
>
>    AuthType Basic
>    AuthName "Testing LDAP Auth"
>    AuthBasicProvider ldap
>      #AuthLDAPAuthoritative on - still doesn't let apache start
>
>    AuthLDAPUrl "ldap://server/?sAMAccountName"
>    AuthLDAPBindDN "cn=cu_apache,cn=Users,dc=coopfed,dc=local"
>    AuthLDAPBindPassword "********"
>
>    Require valid-user
>
> </Directory>
>
> Now I get a login box, but when using the admin u/p I get this in 
> error.log
>
> [Thu Oct 04 13:57:10 2007] [warn] [client 192.168.1.207] [6764] 
> auth_ldap authenticate: user administrator authentication failed; URI 
> /test.php [LDAP: ldap_simple_bind_s() failed][Invalid Credentials]
> [Thu Oct 04 13:57:10 2007] [error] [client 192.168.1.207] user 
> administrator: authentication failure for "/test.php": Password Mismatch
>
> I know the login credentials are correct. Is there a better way to set 
> up LDAPUrl or to see what's trying to authenticate where in the 2003 AD?
>
> Tom Hart wrote:
>> As a follow-up I realized ldap-user is used to specifiy a certain 
>> user aka ldap-user "Joe Smith". However based on the fact that I'm 
>> not getting prompted for a u/p, and AuthLDAPAuthoritative is failing, 
>> I believe my problem lies deeper than that. I could be wrong of 
>> course, just trying to narrow down the search.
>>
>> Tom Hart wrote:
>>> Hi everybody. Thanks to the help of this list I managed to get the 
>>> auth_ldap module loaded, but now I'm having a little trouble 
>>> bringing this project to full fruition.
>>>
>>> I'm not sure which part of this is failing, and unfortunately I 
>>> can't seem to find where I can see any type of log info about ldap 
>>> access attemps, whether they're even happening, or why apache won't 
>>> start with AuthLDAPAuthoritative on.
>>>
>>> Any ideas? Here's my main directory chunk from httpd.conf
>>>
>>> <Directory "C:/Program Files/Apache Software 
>>> Foundation/Apache2.2/htdocs">
>>>    Options Indexes FollowSymLinks
>>>    AllowOverride None
>>>    Order allow,deny
>>>
>>>    #AuthLDAPAuthoritative on - apache won't start with this enabled
>>>
>>>    AuthType Basic
>>>    AuthName "Testing LDAP Auth"
>>>    AuthBasicProvider ldap
>>>
>>>    AuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local"
>>>    AuthLDAPBindDN "cn=tomhart,ou=people,dc=coopfed,dc=local"
>>>    AuthLDAPBindPassword ********
>>>
>>>    Require ldap-user
>>>
>>> </Directory>
>>>
>>> Also, I'm not sure how important this is but I'm using windows 2003 
>>> server.
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message