Return-Path: 
 <users-return-76149-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 40009 invoked from network); 4 Oct 2007 18:15:53 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 4 Oct 2007 18:15:53 -0000
Received: (qmail 3234 invoked by uid 500); 4 Oct 2007 18:15:30 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 3213 invoked by uid 500); 4 Oct 2007 18:15:30 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 3186 invoked by uid 99); 4 Oct 2007 18:15:30 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Oct 2007 11:15:30 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of tomhart@coopfed.org
 designates 70.42.55.28 as permitted sender)
Received: from [70.42.55.28] (HELO smtp.atof.net) (70.42.55.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Oct 2007 18:15:30 +0000
Received: from [192.168.1.207] ([::ffff:216.171.183.110])
  (AUTH: CRAM-MD5 tomhart@coopfed.org, TLS: TLSv1/SSLv3,256bits,AES256-SHA)
  by smtp.atof.net with esmtp; Thu, 04 Oct 2007 14:14:08 -0400
  id 00302AF9.47052D70.00007A34
Message-ID: <47052C76.7020903@coopfed.org>
Date: Thu, 04 Oct 2007 14:09:58 -0400
From: Tom Hart <tomhart@coopfed.org>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: users@httpd.apache.org
References: <47051DC0.7060501@coopfed.org> <47052580.4000204@coopfed.org>
 <470529C7.8050004@coopfed.org>
In-Reply-To: <470529C7.8050004@coopfed.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] ldap authentication not working

I'm beginning to believe that the BindDN and BindPassword are incorrect, 
because it doesn't seem to matter what I type in there, I get the same 
results. I'm pretty sure I have the DN correct though.

We have an apache service account (account name is cu_apache) in the 
Users container under our domain coopfed.local. Does the DN seem right?

Tom Hart wrote:
> Ok, I'm getting a bit closer. Here's what I have now.
>
> <Directory "C:/Program Files/Apache Software 
> Foundation/Apache2.2/htdocs">
>    Options Indexes FollowSymLinks
>    AllowOverride None
>    Order deny,allow
>
>    AuthType Basic
>    AuthName "Testing LDAP Auth"
>    AuthBasicProvider ldap
>      #AuthLDAPAuthoritative on - still doesn't let apache start
>
>    AuthLDAPUrl "ldap://server/?sAMAccountName"
>    AuthLDAPBindDN "cn=cu_apache,cn=Users,dc=coopfed,dc=local"
>    AuthLDAPBindPassword "********"
>
>    Require valid-user
>
> </Directory>
>
> Now I get a login box, but when using the admin u/p I get this in 
> error.log
>
> [Thu Oct 04 13:57:10 2007] [warn] [client 192.168.1.207] [6764] 
> auth_ldap authenticate: user administrator authentication failed; URI 
> /test.php [LDAP: ldap_simple_bind_s() failed][Invalid Credentials]
> [Thu Oct 04 13:57:10 2007] [error] [client 192.168.1.207] user 
> administrator: authentication failure for "/test.php": Password Mismatch
>
> I know the login credentials are correct. Is there a better way to set 
> up LDAPUrl or to see what's trying to authenticate where in the 2003 AD?
>
> Tom Hart wrote:
>> As a follow-up I realized ldap-user is used to specifiy a certain 
>> user aka ldap-user "Joe Smith". However based on the fact that I'm 
>> not getting prompted for a u/p, and AuthLDAPAuthoritative is failing, 
>> I believe my problem lies deeper than that. I could be wrong of 
>> course, just trying to narrow down the search.
>>
>> Tom Hart wrote:
>>> Hi everybody. Thanks to the help of this list I managed to get the 
>>> auth_ldap module loaded, but now I'm having a little trouble 
>>> bringing this project to full fruition.
>>>
>>> I'm not sure which part of this is failing, and unfortunately I 
>>> can't seem to find where I can see any type of log info about ldap 
>>> access attemps, whether they're even happening, or why apache won't 
>>> start with AuthLDAPAuthoritative on.
>>>
>>> Any ideas? Here's my main directory chunk from httpd.conf
>>>
>>> <Directory "C:/Program Files/Apache Software 
>>> Foundation/Apache2.2/htdocs">
>>>    Options Indexes FollowSymLinks
>>>    AllowOverride None
>>>    Order allow,deny
>>>
>>>    #AuthLDAPAuthoritative on - apache won't start with this enabled
>>>
>>>    AuthType Basic
>>>    AuthName "Testing LDAP Auth"
>>>    AuthBasicProvider ldap
>>>
>>>    AuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local"
>>>    AuthLDAPBindDN "cn=tomhart,ou=people,dc=coopfed,dc=local"
>>>    AuthLDAPBindPassword ********
>>>
>>>    Require ldap-user
>>>
>>> </Directory>
>>>
>>> Also, I'm not sure how important this is but I'm using windows 2003 
>>> server.
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org