httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <>
Subject Re: [users@httpd] mod_authnz_ldap module and Microsoft AD LDAP Server
Date Tue, 21 Oct 2008 17:27:53 GMT
On Tue, Oct 21, 2008 at 12:59 PM, Rodney Ramos <> wrote:
> I´m trying to use the mod_authnz_ldap module to authenticate the users in a
> Microsoft AD LDAP Server, but I´m having a lot of problems.
> The only configuration that worked was:
> AuthName "XXXX"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldapserver:3268/dc=domain,dc=com?cn"
> AuthLDAPBindDN "ldap_bind_user"
> AuthLDAPBindPassword "ldap_bind_psw"
> AuthzLDAPAuthoritative off
> Require valid-user
> Questions:
> 1) Why should we use the port 3268 instead of the default one, 389?

On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP

> 2) Why must we set the AuthzLDAPAuthoritative directive to off?

you don't need it for 2.2.6 and later

> The second problem occurred when I tried to make Apache authenticate the
> users first in a LDAP server and after, if it doens´t find the user there,
> in a flat file. So I add the follow line, before the "Require valid-user"
> line:
> AuthUserFile /tmp/htpasswd.txt
> The problem is that Apache doesn´t try to use the flat file to authenticante
> the users. It only uses the LDAP authenticate module, even though the
> directive AuthzLDAPAuthoritative is set to off.

You need to tell basic auth to look there:

AuthBasicProvider ldap file

Eric Covener

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message