[Auth_ldap] Ldap issue with apache and AD windows 2k3

Brady Bellinger brady.bellinger at gmail.com
Wed Jun 7 20:08:22 PDT 2006 

This is the mailing list for the Apache 1.3 module.  The 2.x versions of
Apache have the ldap mod included...so you'd be best served by an Apache
mailing list.

As for your problem, point to the global catalog port instead  of 389...I
can't remember offhand  what port it is, 3268 (?)
Not sure if that will fix your problem, but I had trouble going through 389.

Brady


On 6/7/06, Lubrano di Ciccone, Christophe (DEF) <diciccone at ppg.com> wrote:
>
> Hello,
> I have a unix with apache 2.0 with the mod auth_ldap_mode. I have this
> .conf for the ldap request with some directives setup accordingly to my env.
> and the others ones not defined then the default vues are used. (see below)
>
> It is working fine with 2000 native mode. I test my configuration with a
> 2003 domain and I cannot longer have the user (sAMAccountname) being
> authentified. GRR***
>
> I made a capture using ethereal and I noticed that the user sAMAccountname
> is well authenticated, but when the require group is processed, the bind was
> a NULL one and and I get "This server could not verify that you are
> authorized to access the document requested. Either you supplied the wrong
> credentials (e.g., bad password), or your browser doesn't understand how
> to supply the credentials required." in the browser on the client.
>
> Does anybody have faced one day with such issue ?
>
> Thanks a lot for your help
> Christophe
>
> <IfModule !mod_auth_ldap.c>
>   LoadModule auth_ldap_module modules/auth_ldap.so
> </IfModule>
>
> <Location />
>   AuthName "ZZZZZZZZZZ"
>   AuthType Basic
>
>   AuthLDAPURL
> ldap://DCGCwindows2003.xxx.yyy.com:389/dc=xxx,dc=yyy,dc=com?sAMAccountName
>   AuthLDAPBindDN "CN=user,OU=Users,OU=AAA,DC=xxx,DC=yyy,DC=com"
>   AuthLDAPBindPassword "therightpassword"
>
>   require group CN=group,OU=Users,OU=AAA,DC=xxx,DC=yyy,DC=com
>
>
> _______________________________________________
> Auth_ldap mailing list
> Auth_ldap at rudedog.org
> http://www.rudedog.org/mailman/listinfo/auth_ldap
>



-- 
----------------------------------------------
brady at bradybellinger dot com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.rudedog.org/pipermail/auth_ldap/attachments/20060607/0c1ec4b0/attachment.htm

More information about the Auth_ldap mailing list