[Auth_ldap] Re: Operations error connecting to AD

Kyle srk-ejunk at comcast.net
Thu May 26 16:24:29 PDT 2005 

Use the global catalog port 3268. And use username at domain.com for the
AuthLDAPBindDN instead of the LDAP style DN. It's a better idea to use
ldaps if you can as well.

Kyle

-----Original Message-----
From: auth_ldap-bounces at rudedog.org
[mailto:auth_ldap-bounces at rudedog.org] On Behalf Of Adam Glassman
Sent: Wednesday, May 25, 2005 4:06 PM
To: auth_ldap at rudedog.org
Subject: [Auth_ldap] Re: Operations error connecting to AD

Resubmitting from the correct email address.

Adam Glassman wrote:

> Auth_ldap version: 1.6.0-8
> apache version:  1.3.33-5
> Web Server: Debian 3
> LDAP Server: Windows 2003 SP 1
>
>
> Trying to get auth_ldap working from Apache on debian linux to AD on 
> Windows 2003. I can run ldapsearch using the BindDN specified below 
> but when I enter my username and password in the browser, I get
>
> Error 500: The server encountered an internal error or 
> misconfiguration and was unable to complete your request.
>
>   The apache error log has:
>
> [error] [client 192.168.xxx.xxx] LDAP search for 
> (&(objectclass=user)(samaccountname=testuser)) failed: LDAP error: 
> Operations error; URI /test/index.html
> [crit] [client 192.168.xxx.xxx] configuration error:  couldn't check 
> user.  No user file?: /test/index.html
>
> Looking at the Windows logs, I can see the query user authenticating 
> from the web server, but I don't see any errors after that or the end 
> user authenticating.
>
> My config is as follows:
>
> Alias /test /var/www/test
> <DirectoryMatch /var/www/test>
>        Options ExecCGI
>
>        AllowOverride AuthConfig
>        Order Allow,Deny
>        Allow From All
>
>        AuthName "AD Authentication"
>
>        AuthLDAPURL 
>
ldap://adserver.ds.domain.com:389/dc=ds,dc=domain,dc=com?samaccountname?
sub?(objectclass=user) 
>
>        AuthLDAPBindDN cn=query,ou=people,dc=ds,dc=domain,dc=com
>        AuthLDAPBindPassword xxxxxxxx
>        AuthLDAPEnabled On
>        AuthLDAPAuthoritative Off
>
>        AuthType Basic
>        require valid-user
> </DirectoryMatch>
>
> I appreciate any insight you can lend,
>
> Adam Glassman
> aglassman at next-online.net
>
_______________________________________________
Auth_ldap mailing list
Auth_ldap at rudedog.org
http://www.rudedog.org/mailman/listinfo/auth_ldap

More information about the Auth_ldap mailing list