httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Yamry <rya...@kimberly.k12.wi.us>
Subject Re: [users@httpd] Cannot authentication locally when LDAP is unavailable
Date Thu, 09 Jan 2014 17:52:44 GMT
error.log states:

[Thu Jan 09 10:22:36 2014] [warn] [client 10.9.2.49] [18090] auth_ldap
authenticate: user user1 authentication failed; URI /index.php [User not
found][No such object]

At this point the ldap server was offline.  Of course, that user only
resides locally in the AuthUserFile.


---
Rob Yamry  |  Network Engineer  |  Kimberly Area School District  |  Phone:
920.788.7900  x 4158  |  Direct: 920.423.4158  |  ryamry@kimberly.k12.wi.us


On Thu, Jan 9, 2014 at 11:33 AM, Eric Covener <covener@gmail.com> wrote:

> On Thu, Jan 9, 2014 at 12:28 PM, Rob Yamry <ryamry@kimberly.k12.wi.us>
> wrote:
> > Hello-
> >   Im having a problem where local authentication will not work when when
> the
> > configured LDAP server is unavailble.  When the ldap server is online I
> can
> > authenticate fine against ldap and local file.  However, when the ldap
> > server is offline, I cannot authenticate with the user1 account.
> >
> > Id appreciate any help you could provide.  Ive searched a lot on this and
> > found many examples, all very similar to my config below, but I still
> cannot
> > failback authentication to local file when ldap is unavailable.  Im
> running
> > Apache/2.2.10
> >
> > AuthName "Server Access"
> > AuthType Basic
> > # Check ldap auth first, then file auth
> > AuthBasicProvider file ldap
> > AuthUserFile /etc/apache2/htpasswd
> > AuthzLDAPAuthoritative off
> > AuthLDAPURL
> > ldap://ldap.domain.com:389/OU=Users,DC=domain,DC=com?sAMAccountName
> > AuthLDAPBindDN "domain\ldap_user"
> > AuthLDAPBindPassword password
> > AuthLDAPGroupAttributeIsDN off
> >
>
> logs?
>
> really 2.2.10 or w/ patches?
>
> > Require user user1
> > Require ldap-attribute memberOf=CN=groupName,DC=domain,DC=com
> >
>
> is it authentication or authorization that fails?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message