[Auth_ldap] mod_auth_ldap AD 2k3 error

Emmanuel SCIEUR emmanuel.scieur at eseo.fr
Tue Mar 8 07:00:39 PST 2005 

Tank for all,
When I specifying the global catalog port: all is OK.

The AD on port ldap (not on catalog port) returns referral like this:

#
refldap://DomainDnsZones.<domain>.eseo.fr/DC=DomainDnsZones,DC=<domain>,DC=e
s
 eo,DC=fr
 
# refldap://<domain>.eseo.fr/CN=Configuration,DC=<domain>,DC=eseo,DC=fr

And that seems cause trouble in auth_ldap.
I have a native 2003 domains.

Best regards,
-------------------------------------------
Emmanuel SCIEUR - IT Department
ESEO
4, rue Merlet de la Boulaye
BP30926 - 49009 Angers Cedex 1 - FRANCE
Email: emmanuel.scieur at eseo.fr
Tél. +33 (0)2 41 86 67 85
-------------------------------------------


-----Message d'origine-----
De : Shawn [mailto:core at enodev.com] 
Envoyé : mardi 8 mars 2005 15:15
À : emmanuel.scieur at eseo.fr
Cc : auth_ldap at rudedog.org
Objet : Re: [Auth_ldap] mod_auth_ldap AD 2k3 error

Try specifying the global catalog port on the 2k3 server.

I didn't scan your config for mistakes, but I had trouble with 2k3, I
think because it was a mixed domain (2000/2003).

Otherwise, sniff packets and show folks the conversation between
auth_}ldap and your ldap.

On Tue, 2005-03-08 at 12:09 +0100, Emmanuel SCIEUR wrote:
> I have a Windows 2003 AD, Apache 1.3.33 and auth-ldap_1.6.0-8,
> 
> If I try to get /nagios/cgi-bin/status.cgi
> I have the error message:
> 
> LDAP search for (&(objectClass=user)(sAMAccountName=<user>)) failed: LDAP
> error: Operations error; URI /nagios/cgi-bin/status.cgi
> 
> And if I try to get /usr/share/nagios/htdocs/index.html All is right.
> 
> My configuration is:
> 
> <DirectoryMatch /usr/lib/cgi-bin/nagios>
>         Options ExecCGI
>  
>         AllowOverride AuthConfig
>         Order Allow,Deny
>         Allow From All
>         AuthLDAPAuthoritative off
>         AuthLDAPURL
>
ldap://<server>.<domain>.eseo.fr:389/dc=<domain>,dc=eseo,dc=fr?sAMAccountNam
> e?sub?(objectClass=user)
>         AuthLDAPBindDN cn=<user>,dc=<domain>,dc=eseo,dc=fr
>         AuthLDAPBindPassword xxxxxxxx
>         AuthName "Nagios Access"
>         AuthType Basic
>         require valid-user
>         AuthUserFile /nagios/htpasswdnagios.users
> </DirectoryMatch>
> <DirectoryMatch /usr/share/nagios/htdocs>
> Options FollowSymLinks
>         AllowOverride AuthConfig
>         Order Allow,Deny
>         Allow From All
>         AuthLDAPAuthoritative off
>         AuthLDAPURL
>
ldap://<server>.<domain>.eseo.fr:389/OU=admins,DC=<domain>,DC=eseo,DC=fr?sAM
> AccountName?sub?(objectClass=user)
>         AuthLDAPBindDN cn=<user>,dc=<domain>,dc=eseo,dc=fr
>         AuthLDAPBindPassword xxxxxxxx
> 
>         AuthName "Nagios Access"
>         AuthType Basic
>         require valid-user
>         AuthUserFile /nagios/htpasswdnagios.users
> </DirectoryMatch>
> 
> Best regards,
> -------------------------------------------
> Emmanuel SCIEUR - IT Department
> ESEO
> 4, rue Merlet de la Boulaye
> BP30926 - 49009 Angers Cedex 1 - FRANCE
> Email: emmanuel.scieur at eseo.fr
> -------------------------------------------
> 
> 
> 
> _______________________________________________
> Auth_ldap mailing list
> Auth_ldap at rudedog.org
> http://www.rudedog.org/mailman/listinfo/auth_ldap
>

More information about the Auth_ldap mailing list