httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <>
Subject Re: [users@httpd] Apache 2.2 + Ldap
Date Thu, 24 Sep 2009 13:20:07 GMT
On Thu, 2009-09-24 at 05:55 -0700, Luis Clemente wrote:
> Hi all,
>    Someone knows how I can setting the apache 2.2. server to authenticated in a Ldap
server? Here is my httpd.conf Ldap configuration:
> <Directory /var/www/html>
>   AuthBasicProvider ldap
>   AuthType      basic
>   AuthLDAPURL   "ldap://"
>   AuthzLDAPAuthoritative on
>   AuthName      "Please sign in with an Internet e-mail ID (IIP) which is in the Postman
>   AuthLDAPGroupAttribute mail
>   Require       group cn=postman,ou=memberlist,ou=compgroups
> </Directory>
>    I think it is simple but I don't know what is happen. I use my email to authenticated
it. If I use the wrong password, the follow message it appears:
> [Tue Sep 22 17:07:32 2009] [warn] [client] [8449] auth_ldap authenticate:
user authentication failed; URI / [ldap_simple_bind_s() to check user credentials
failed][Invalid credentials]
> [Tue Sep 22 17:07:32 2009] [error] [client] user authentication
failure for "/": Password Mismatch
>    But if I use the right password nether message it is showed and the authenticated
it is not accept.
>    So anyone can help me? Someone knows how to do this?
> Best regard's
> Luis

This is how we have it set up:

AuthType Basic
AuthName "Foo"
AuthBasicProvider "ldap"
AuthLDAPURL "ldap://ldap/o=Foo?mail?sub?(accountActive=TRUE)"
AuthLDAPBindDN "cn=fooclient,ou=System Accounts,o=Foo"
AuthLDAPBindPassword "foopass"
AuthzLDAPAuthoritative "On"
Require valid-user
Require ldap-group cn=IT,ou=Groups,o=Foo

fooclient/foopass are credentials used to look up the user before
authenticating them, IIRC. It is required if your LDAP server disallows
anonymous binds. Probably what you are missing is that you need 'Require
ldap-group ...' not 'Require group ...'.



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message