httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Avis <...@waniasset.com>
Subject [users@httpd] Re: Confused about LDAP authentication with Active Directory
Date Fri, 27 Feb 2009 11:31:43 GMT
Marc Patermann <hans.moser <at> ofd-sth.niedersachsen.de> writes:

>You mean the DN contains a component with a space in it!?
>ou=WCL user,dc=foo,dc=bar

Ah... 'ou'... I was using 'cn'.  The corrected search query works, as
demonstrated by the following perl script:

    #!/usr/bin/perl
    die "usage: $0 host domain username password\n" if @ARGV != 4;
    my ($host, $domain, $username, $password) = @ARGV;
    use Net::LDAP;
    my $ldap = new Net::LDAP($host) or die $@;
    my $mesg = $ldap->bind("$domain\\$username", password => $password);
    $mesg->code && die $mesg->error;
    $mesg = $ldap->search(base => 'ou=WCL Users,ou=WCL Logins,dc=wcl,dc=local',
                          filter => '(objectClass=*)');
    $mesg->code && die $mesg->error;
    $_->dump foreach $mesg->entries;

This spits out details of every user in the domain, with the sAMAccountName
being the user's login.

In httpd.conf I have

    <Location "/test_auth">
      AuthType Basic
      AuthName "Secure Area"
      AuthBasicProvider ldap
      AuthzLDAPAuthoritative   Off
      AuthLDAPURL "ldap://wcl-dc1:389/ou=WCL Users,ou=WCL
Logins,dc=wcl,dc=local?cn?sub"
      Require valid-user
    </Location>

I don't know what the extra '?cn?sub' at the end of the query string is for but
various examples have it so I cargo-culted it in.

When I try to fetch /test_auth/index.html I am prompted for a username and
password but the page that appears is blank.  The error log has

[Fri Feb 27 11:26:09 2009] [notice] child pid 18708 exit signal Segmentation
fault (11)

So I suppose I need to run Apache under the debugger, or make it generate a core
dump, to see where it's crashing.  Unless you can spot anything obvious from the
above.

-- 
Ed Avis <eda@waniasset.com>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message