httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] mod_authnz_ldap module and Microsoft AD LDAP Server
Date Tue, 21 Oct 2008 17:27:53 GMT
On Tue, Oct 21, 2008 at 12:59 PM, Rodney Ramos <rodneyra@gmail.com> wrote:
> I´m trying to use the mod_authnz_ldap module to authenticate the users in a
> Microsoft AD LDAP Server, but I´m having a lot of problems.
>
> The only configuration that worked was:
>
> AuthName "XXXX"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldapserver:3268/dc=domain,dc=com?cn"
> AuthLDAPBindDN "ldap_bind_user"
> AuthLDAPBindPassword "ldap_bind_psw"
> AuthzLDAPAuthoritative off
> Require valid-user
>
> Questions:
>
> 1) Why should we use the port 3268 instead of the default one, 389?

On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP
referrals.

>
> 2) Why must we set the AuthzLDAPAuthoritative directive to off?

you don't need it for 2.2.6 and later

>
> The second problem occurred when I tried to make Apache authenticate the
> users first in a LDAP server and after, if it doens´t find the user there,
> in a flat file. So I add the follow line, before the "Require valid-user"
> line:
>
> AuthUserFile /tmp/htpasswd.txt
>
> The problem is that Apache doesn´t try to use the flat file to authenticante
> the users. It only uses the LDAP authenticate module, even though the
> directive AuthzLDAPAuthoritative is set to off.

You need to tell basic auth to look there:

AuthBasicProvider ldap file




-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message