[Auth_ldap] Apache Active Directory Authentication Error
Danny Russell
drussell at mpifix.com
Tue Oct 24 15:07:20 PDT 2006
I am very confused why this doesn't work. I have the exact same
configuration on a different box and it works. I am querying a Windows
2003 Server Active Directory. I believe the problem stems from the
AuthLDAPURL derivative.
The system it works on is:
CentOS release 4.4 (Final)
openldap-2.2.13-6.4E
openldap-devel-2.2.13-6.4E
openldap-clients-2.2.13-6.4E
httpd-2.0.52-28.ent.centos4
The system it does not work on is:
CentOS release 4.4 (Final)
openldap-2.3.19-4.centos
openldap-devel-2.3.19-4.centos
openldap-clients-2.3.19-4.centos
httpd-2.0.52-28.ent.centos4
OpenLdap is a newer version on the non-working system???
When I use this configuration it does not work. The AuthLDAPURL is set
to search the entire ldap structure:
<VirtualHost *:80>
ServerAdmin drussell at domain.com
DocumentRoot /var/www/nocut01.domain.com
ServerName nocut01.domain.com
ServerAlias nocut.domain.com
ErrorLog logs/nocut01.mpifix.com-error_log
CustomLog logs/nocut01.mpifix.com-access_log combined
<Location />
Options All ExecCGI -Indexes
Order allow,deny
Allow from all
# LDAP Authentication & Authorization is final; do not
check other databases
AuthLDAPAuthoritative on
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "NOC UT (Domain Credentials)"
# Active Directory requires an authenticating DN to
access records
AuthLDAPBindDN "CN=LDAP Query,OU=Technical
Operations,OU=Users,OU=UT,DC=domain,DC=com"
# This is the password for the AuthLDAPBindDN user in
Active Directory
AuthLDAPBindPassword " PASSWORD!#"
# The LDAP query URL
AuthLDAPURL
"ldap://10.10.1.1:389/dc=domain,dc=com?sAMAccountName?sub?(objectClass=*
)"
require user drussell
</Location>
</VirtualHost>
[Tue Oct 24 16:54:53 2006] [warn] [client 10.10.2.11] [5833] auth_ldap
authenticate: user drussell authentication failed; URI /
[ldap_search_ext_s() for user failed][Operations error]
[Tue Oct 24 16:54:54 2006] [warn] [client 10.10.2.11] [5826] auth_ldap
authenticate: user drussell authentication failed; URI /
[ldap_search_ext_s() for user failed][Operations error]
[Tue Oct 24 16:54:56 2006] [warn] [client 10.10.2.11] [5827] auth_ldap
authenticate: user drussell authentication failed; URI /
[ldap_search_ext_s() for user failed][Operations error]
When I switch the AuthLDAPURL to search inside of a container, it works:
<VirtualHost *:80>
ServerAdmin drussell at domain.com
DocumentRoot /var/www/nocut01.domain.com
ServerName nocut01.domain.com
ServerAlias nocut.domain.com
ErrorLog logs/nocut01.domain.com-error_log
CustomLog logs/nocut01.domain.com-access_log combined
<Location />
Options All ExecCGI -Indexes
Order allow,deny
Allow from all
# LDAP Authentication & Authorization is final; do not
check other databases
AuthLDAPAuthoritative on
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "NOC UT (Domain Credentials)"
# Active Directory requires an authenticating DN to
access records
AuthLDAPBindDN "CN=LDAP Query,OU=Technical
Operations,OU=Users,OU=UT,DC=domain,DC=com"
# This is the password for the AuthLDAPBindDN user in
Active Directory
AuthLDAPBindPassword "PASSWORD!#"
# The LDAP query URL
AuthLDAPURL
"ldap://10.10.1.1:389/ou=ut,dc=domain,dc=com?sAMAccountName?sub?(objectC
lass=*)"
require user drussell
</Location>
</VirtualHost>
Danny Russell
Mobile Productivity, Inc.
drussell at mpifix.com
Enabling the World To Work
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.rudedog.org/pipermail/auth_ldap/attachments/20061024/0416416f/attachment.htm
More information about the Auth_ldap
mailing list