[Auth_ldap] Can't get AuthLDAP to work :(

Brady Bellinger brady.bellinger at gmail.com
Tue Jun 13 18:16:54 PDT 2006 

What version of Apache and auth_ldap are you using?  If you're running
Apache 1.3.x with auth_ldap, here's what I do:

AuthLDAPEnabled on
AuthType basic
AuthName "AD Authentication"
AuthLDAPURL
ldap://dchostname:3268/dc=quux,dc=foo,dc=bar,dc=com?samAccountName
AuthLDAPBindDN "cn=bind_user,ou=Service
Accounts,dc=quux,dc=foo,dc=bar,dc=com"
AuthLDAPBindPassword secretpassword

I'm pretty sure you must bind to LDAP with a valid user...anonymous binds
didn't work for me when we went to 2003.
Note this setup is unencrypted.  For encrypted connections I tunnel the
requests through stunnel, but auth_ldap supports ldaps via openldap, but
I've never tried it (if it ain't broke, don't fix it).

Brady

On 6/13/06, Jeff Moore <Jeff.Moore at chemeketa.edu> wrote:
>
> I have been struggling with getting any of our Linux Apache servers to
> authenticate using our Windows 2003 Active Directory Domain. Is this mod the
> best for this or should I be using something like mod_auth_kerb ?
> So far I have struggled to get even the basics work. I fought for half a
> day to try to get this string to work:
> ldapsearch -W -x -z 10000 -b "dc=DOMAIN,dc=COM" -D
> "cn=USERNAME,cn=Users,dc=DOMAIN,dc=COM" -h pdc.DOMAIN.COM -p 3268 -d 9
> Only to find out that the AD server doesn't support the -D
> "cn=USERNAME,cn=Users,dc=DOMAIN,dc=COM" value but will support -D "
> USERNAME at DOMAIN.COM" in its place and return all values.(yay progress!!)
> So I have commandline searches and my Java LDAP Browser working but the
> AuthLDAP still wont work. I tried to substitue the AuthLDAPBindDN value with
> the USERNAME at DOMAIN.COM value to no avail. I am having less than no luck.
> Note that the username and rights in AD are ok. The solution of replacing
> the full DN of the user with the "windows" USERNAME at DOMAIN.COM works for
> the ldapsearch and for my ldap browser.
> Any Ideas on where to go from here?
> Thanks in advance for any help!
> _______________________________________________
> Auth_ldap mailing list
> Auth_ldap at rudedog.org
> http://www.rudedog.org/mailman/listinfo/auth_ldap
>



-- 
----------------------------------------------
brady at bradybellinger dot com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.rudedog.org/pipermail/auth_ldap/attachments/20060613/40ef5ac2/attachment.htm

More information about the Auth_ldap mailing list