httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Struiksma <astruik...@esd189.org>
Subject [users@httpd] reverse proxy with LDAP authentication
Date Fri, 19 Sep 2008 18:25:31 GMT
We are trying to setup a company intranet server (apache 2.2.3-4+etch5) so that it is available
outside our LAN. However, we want users to be prompted for a username and password when they
are coming from the outside. We want the authentication to use our AD LDAP server. We have
this configuration running on another nearly identical Debian 4.0 server and it works fine.
However when we try this configuration on the new intranet server the LDAP authentication
fails. Here is the setup that works on the old server which we are attempting to duplicate
on the new server:

<Location "/">
        Allow from 192.168.1.0/24
        Satisfy Any
        Order deny,allow
        Deny from all
        Require valid-user
        AuthType basic
        AuthName "INTRANET"
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthLDAPBindDN  "cn=apache_user,cn=Users,dc=company,dc=com"
        AuthLDAPBindPassword "abcefg"
        AuthLDAPUrl "ldap://192.168.1.2:389 192.168.1.3:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=*)"
</Location>

We have done a tcpdump and compared the packet dump of a login attempt on both the old and
new servers. The communication is nearly identical until the new server starts looking for
the user account in the forest and other areas of the directory. If we add cn=Users to the
AuthLDAPUrl line on the server then it also works fine. However, not all of our users on in
cn=Users.

Is there a way to get around this problem?

What could we have possibly done on the old server so that it works with the above config?

Thank you!

Andrew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message