httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Apache 2.2 + Ldap
Date Thu, 24 Sep 2009 13:20:07 GMT
On Thu, 2009-09-24 at 05:55 -0700, Luis Clemente wrote:
> Hi all,
> 
>    Someone knows how I can setting the apache 2.2. server to authenticated in a Ldap
server? Here is my httpd.conf Ldap configuration:
> 
> <Directory /var/www/html>
>   AuthBasicProvider ldap
>   AuthType      basic
>   AuthLDAPURL   "ldap://ldapserver.com:389/o=domain.com?mail"
>   AuthzLDAPAuthoritative on
>   AuthName      "Please sign in with an Internet e-mail ID (IIP) which is in the Postman
BlueGroup"
>   AuthLDAPGroupAttribute mail
>   Require       group cn=postman,ou=memberlist,ou=compgroups
> </Directory>
> 
>    I think it is simple but I don't know what is happen. I use my email to authenticated
it. If I use the wrong password, the follow message it appears:
> 
> [Tue Sep 22 17:07:32 2009] [warn] [client 9.6.113.47] [8449] auth_ldap authenticate:
user luisecc@comp.com authentication failed; URI / [ldap_simple_bind_s() to check user credentials
failed][Invalid credentials]
> [Tue Sep 22 17:07:32 2009] [error] [client 9.6.113.47] user luisecc@br.ibm.com: authentication
failure for "/": Password Mismatch
> 
>    But if I use the right password nether message it is showed and the authenticated
it is not accept.
> 
>    So anyone can help me? Someone knows how to do this?
> 
> Best regard's
> 
> Luis
> 

This is how we have it set up:

AuthType Basic
AuthName "Foo"
AuthBasicProvider "ldap"
AuthLDAPURL "ldap://ldap/o=Foo?mail?sub?(accountActive=TRUE)"
AuthLDAPBindDN "cn=fooclient,ou=System Accounts,o=Foo"
AuthLDAPBindPassword "foopass"
AuthzLDAPAuthoritative "On"
Require valid-user
Require ldap-group cn=IT,ou=Groups,o=Foo

fooclient/foopass are credentials used to look up the user before
authenticating them, IIRC. It is required if your LDAP server disallows
anonymous binds. Probably what you are missing is that you need 'Require
ldap-group ...' not 'Require group ...'.

Cheers

Tom



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message