[Auth_ldap] directory config help
barry haycock
satori692002 at yahoo.com.au
Tue Mar 1 21:12:49 PST 2005
i have setup auth_ldap-1.6.0 apache-1.3.33 on solaris
9 against openldap-2.2.17
i have been having problems getting apache to
authenticate against ldap. it would be much
appreceiated if some one could have a look at what i
have done and point out any mistakes.
I can use this ldap database to authenticate all users
logging into the machine.
at this point in time i am just tring to get any user
in the ou=people,dc=sage,dc=ato to be able to access a
webpage. for my entry (barryh) i have confirmed that
the passwd is the correct passwd.
<apache>
<Directory /opt/local/apache/htdocs/phpldapadmin>
Options Indexes FollowSymlinks
AllowOverride None
#order deny,allow
order allow,deny
allow from all
AuthType basic
AuthName "Sage LDAP server Admin"
AuthLDAPenabled on
AuthLDAPURL
ldap://172.20.50.130:389/ou=people,dc=sage,dc=ato?uid?sub?
(objectClass=*)
AuthLDAPBindDN cn=Manager,dc=sage,dc=ato
AuthLDAPBindPassword secret
AuthLDAPAuthoritative on
Require valid-user
</Directory>
<ldap user entry>
$ ldapsearch -h localhost -b dc=sage,dc=ato uid=barryh
uid=barryh,ou=people,dc=sage,dc=ato
uid=barryh
cn=barry
sn=haycock
loginShell=/bin/ksh
uidNumber=500
gidNumber=500
homeDirectory=/home/barryh
shadowMin=-1
shadowMax=999999
shadowWarning=7
shadowInactive=-1
shadowExpire=-1
shadowFlag=0
objectClass=top
objectClass=person
objectClass=posixAccount
objectClass=shadowAccount
userPassword={CRYPT}PRVJ4AvtxSfyw
log entries
<ldap_log>
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 848112
local4.debug] conn=3051 fd=16 ACCEPT from
IP=172.20.50.130:42152 (IP=0.0.0.0:389)
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 347666
local4.debug] conn=3051 op=0 BIND
dn="cn=Manager,dc=sage,dc=ato" method=128
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 992945
local4.debug] conn=3051 op=0 BIND
dn="cn=Manager,dc=sage,dc=ato" mech=SIMPLE ssf=0
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 217296
local4.debug] conn=3051 op=0 RESULT tag=97 err=0 text=
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 998954
local4.debug] conn=3051 op=1 SRCH
base="ou=people,dc=sage,dc=ato" scope=1 deref=3
filter="(&(objectClass=posixAccount)(uidNumber=512))"
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 706578
local4.debug] conn=3051 op=1 SRCH attr=cn uid
uidnumber gidnumber gecos description homedirectory
loginshell
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 925615
local4.debug] <= bdb_equality_candidates: (uidNumber)
index_param failed (18)
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 362707
local4.debug] conn=3051 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 338319
local4.debug] conn=3051 op=2 UNBIND
Mar 2 13:59:09 sol-9-dev slapd[7184]: [ID 952275
local4.debug] conn=3051 fd=16 closed
<apache_error.log>
[Wed Mar 2 13:58:35 2005] [error] [client
172.20.50.25] LDAP search for (&(
(uid=*))(uid=barryh)) failed: LDAP error: Bad search
filter; URI /phpldapadmin/
</var/adm/messages>
Mar 2 13:41:14 sol-9-dev httpd[16140]: [ID 293258
user.error] libsldap: Status: 7 Mesg: Session error
no available conn.
a getent passwd dumps the users from ldap to the
screen, a /usr/lib/ldap/ldap_cachemgr -g reports that
everything is fine.
# /usr/lib/ldap/ldap_cachemgr -g
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 1
cachemgr cache data statistics:
Configuration refresh information:
Previous refresh time: 2005/03/02 14:12:40
Next refresh time: 2005/03/02 15:12:40
Server information:
Previous refresh time: 2005/03/02 14:12:40
Next refresh time: 2005/03/02 14:22:40
server: 172.20.50.130, status: UP
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
More information about the Auth_ldap
mailing list