[Auth_ldap] Can't get AuthLDAP to work :)

Jeff Moore Jeff.Moore at chemeketa.edu
Tue Jun 13 21:03:49 PDT 2006 

After some good input from Brady I double and triple checked a few things(I appologise! I should have done this prior to posting.)and found some faults in my conf file. The result was that the following config works great! And it works with either the full DN or the "windows" USERNAME at DOMAIN.COM in the AuthLDAPBindDN field.

AuthLDAPEnabled on
AuthType basic
AuthName "AD Authentication"
AuthLDAPURL
ldap://dchostname:3268/dc=quux,dc=foo,dc=bar,dc=com?samAccountName
AuthLDAPBindDN "cn=bind_user,ou=ServiceAccounts,dc=quux,dc=foo,dc=bar,dc=com" (or "binduser at bar.com)
AuthLDAPBindPassword secretpassword

Thanks to Brady for the prompt reply and help!
Thanks all!
Jeff M


On 6/13/06, Jeff Moore <Jeff.Moore at chemeketa.edu> wrote:
>
> I have been struggling with getting any of our Linux Apache servers to
> authenticate using our Windows 2003 Active Directory Domain. Is this mod the
> best for this or should I be using something like mod_auth_kerb ?
> So far I have struggled to get even the basics work. I fought for half a
> day to try to get this string to work:
> ldapsearch -W -x -z 10000 -b "dc=DOMAIN,dc=COM" -D
> "cn=USERNAME,cn=Users,dc=DOMAIN,dc=COM" -h pdc.DOMAIN.COM -p 3268 -d 9
> Only to find out that the AD server doesn't support the -D
> "cn=USERNAME,cn=Users,dc=DOMAIN,dc=COM" value but will support -D "
> USERNAME at DOMAIN.COM" in its place and return all values.(yay progress!!)
> So I have commandline searches and my Java LDAP Browser working but the
> AuthLDAP still wont work. I tried to substitue the AuthLDAPBindDN value with
> the USERNAME at DOMAIN.COM value to no avail. I am having less than no luck.
> Note that the username and rights in AD are ok. The solution of replacing
> the full DN of the user with the "windows" USERNAME at DOMAIN.COM works for
> the ldapsearch and for my ldap browser.
> Any Ideas on where to go from here?
> Thanks in advance for any help!
> _______________________________________________
> Auth_ldap mailing list
> Auth_ldap at rudedog.org
> http://www.rudedog.org/mailman/listinfo/auth_ldap
>



-- 
----------------------------------------------
brady at bradybellinger dot com

More information about the Auth_ldap mailing list