httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Reitenbach <sebas...@l00-bugdead-prods.de>
Subject [users@httpd] Problem with ldap authentication against domino server
Date Thu, 06 Jan 2011 14:36:13 GMT
Hi,

I have LDAP authentication working against openldap. But I have to 
authenticate against an Lotus Domino Server.

below the contents of my .htaccess file:

AuthType Basic
AuthBasicProvider ldap
AuthName "LDAP"
#AuthLDAPURL "ldap://openldapserver:389/ou=people,dc=intern"
AuthLDAPURL "ldap://dominoserver:389/?uid"
AuthzLDAPAuthoritative on
#require valid-user
require ldap-user user
#require ldap-group cn=admin
#require ldap-attribute gidnumber=1011
Satisfy any

Order deny,allow
Deny from all

When I comment the require ldap-user line, and uncomment the require valid-
user line, then I can successfully log in with my credentials.

When I try to restrict the login to a given user or group, then the 
authentication does't work.


here it works using the openldap server:
==> /var/log/apache2/error_log <==
[Thu Jan 06 14:02:21 2011] [debug] mod_authnz_ldap.c(982): [2013] auth_ldap 
url parse: `ldap://openldapserver:389/ou=people,dc=intern', Host: 
openldapserver:389, Port: 389, DN: ou=people,dc=intern, attrib: (null), scope: 
base, filter: (null), connection mode: not using SSL
[Thu Jan 06 14:02:21 2011] [debug] mod_authnz_ldap.c(982): [2014] auth_ldap 
url parse: `ldap://openldapserver:389/ou=people,dc=intern', Host: 
openldapserver:389, Port: 389, DN: ou=people,dc=intern, attrib: (null), scope: 
base, filter: (null), connection mode: not using SSL
[Thu Jan 06 14:02:21 2011] [debug] mod_authnz_ldap.c(379): [client 127.0.0.1] 
[2014] auth_ldap authenticate: using URL 
ldap://openldapserver:389/ou=people,dc=intern
[Thu Jan 06 14:02:21 2011] [debug] mod_authnz_ldap.c(484): [client 127.0.0.1] 
[2014] auth_ldap authenticate: accepting user
[Thu Jan 06 14:02:21 2011] [debug] mod_authnz_ldap.c(659): [client 127.0.0.1] 
[2014] auth_ldap authorise: require user: authorisation successful



here it doesn't work, using the domino server:
==> /var/log/apache2/error_log <==
[Thu Jan 06 14:04:28 2011] [debug] mod_authnz_ldap.c(982): [2015] auth_ldap 
url parse: `ldap://dominoserver:389/?uid', Host: dominoserver:389, Port: 389, 
DN: , attrib: uid, scope: base, filter: (null), connection mode: not using SSL
[Thu Jan 06 14:04:28 2011] [debug] mod_authnz_ldap.c(379): [client 127.0.0.1] 
[2015] auth_ldap authenticate: using URL ldap://dominoserver:389/?uid
[Thu Jan 06 14:04:28 2011] [debug] mod_authnz_ldap.c(484): [client 127.0.0.1] 
[2015] auth_ldap authenticate: accepting user
[Thu Jan 06 14:04:28 2011] [debug] mod_authnz_ldap.c(665): [client 127.0.0.1] 
[2015] auth_ldap authorise: require user: authorisation failed [Comparison 
complete][Insufficient access]
[Thu Jan 06 14:04:28 2011] [debug] mod_authnz_ldap.c(685): [client 127.0.0.1] 
[2015] auth_ldap authorise: require user: authorisation failed [Comparison 
complete][Insufficient access]
[Thu Jan 06 14:04:28 2011] [debug] mod_authnz_ldap.c(874): [client 127.0.0.1] 
[2015] auth_ldap authorise: authorisation denied

Well, it states about the insufficient access, but I wonder what kind of 
access migth be missing?

I can run
ldapsearch -x -h dominoserver -b "" -D "CN=Test User,O=MyCompany" -W

And I successfully get stuff back from the Domino Server, the Test User has 
uid=user.
However, what I noticed is I have to specify the empty baseDN -b "", without 
it, I don't get any search results back. I don't have to do it against the 
OpenLDAP server, don't know whether this could be the cause of my problem?

Sebastian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message