You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Zac Morris <za...@zacwolf.com> on 2007/03/16 15:22:58 UTC
[users@httpd] SECOND REQUEST: mod_authnz_ldap.so module
Hi,
I need some help. I've tried Goggle and some forums with no luck on
this one...
I've setup a win32 Apache 2.2.4 server, with the *mod_authnz_ldap*
module. When I access a protected url I'm getting an Error 500 and the
error.log shows:
[Tue Mar 13 16:26:06 2007] [warn] [client 127.0.0.1] [5496] auth_ldap
authenticate: user devuser authentication failed; URI
/servframe/images/edit.gif [ldap_search_ext_s() for user
failed][Protocol Error]
I'm pointing at an OpenLDAP-2.2.23 repository (running on a different
server on the same subnet).
I've configured Tomcat in a similar way (pointing to the same ldap
repository via the:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://192.168.1.2/"
userBase="ou=people,o=/{domain here}/"
userSearch="(uid={0})"
/>
...which is working just fine.
>From what few hints I'm finding online, it seems that the "protocol
error" can be seen depending on which LDAP SDKS were used during the
build of mod_authnz_ldap? I've tried a couple different version of this
library from various sources all with no luck, and I don't have the
setup necessary to compile it on my own.
Is ANYONE familiar with this problem, and is there a simple way to fix it?
THANKS!
-Zac
P.S. The relevant portion of httpd.conf
<IfModule authnz_ldap_module>
LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
</IfModule>
Alias /servframe "R:\servframe"
<Directory "R:\servframe">
AllowOverride All
order allow,deny
allow from all
AuthName "servframe"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://192.168.1.2:389/ou=people,o=/{domain
here}/?uid?sub?(objectClass=*)
AuthzLDAPAuthoritative off
require valid-user
</Directory>
Re: [users@httpd] SECOND REQUEST: mod_authnz_ldap.so module
Posted by Dmitri Colebatch <di...@colebatch.com>.
Hi Zac,
Not sure if you're still looking for this (I'm playing catch-up), but
this config snippet might provide something to compare against:
AuthType Basic
AuthName "LDAP Authentication"
AuthLDAPUrl ldap://ldap/o=users?cn?sub?(objectclass=Person)
AuthLDAPBindDN cn=readonly,o=admin
AuthLDAPBindPassword nottelling
require group cn=development_team,o=groups
We used AuthLDAPUrl where you have AuthLDAPURL, see if changing that
fixes your problem.
cheers,
dim
On 3/17/07, Zac Morris <za...@zacwolf.com> wrote:
> Hi,
>
> I need some help. I've tried Goggle and some forums with no luck on this
> one...
>
> I've setup a win32 Apache 2.2.4 server, with the mod_authnz_ldap module.
> When I access a protected url I'm getting an Error 500 and the error.log
> shows:
>
> [Tue Mar 13 16:26:06 2007] [warn] [client 127.0.0.1] [5496] auth_ldap
> authenticate: user devuser authentication failed; URI
> /servframe/images/edit.gif [ldap_search_ext_s() for user failed][Protocol
> Error]
>
> I'm pointing at an OpenLDAP-2.2.23 repository (running on a different server
> on the same subnet).
>
>
> I've configured Tomcat in a similar way (pointing to the same ldap
> repository via the:
> <Realm
> className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionURL="ldap://192.168.1.2/"
> userBase="ou=people,o={domain here}"
> userSearch="(uid={0})"
> />
>
> ...which is working just fine.
>
>
> From what few hints I'm finding online, it seems that the "protocol error"
> can be seen depending on which LDAP SDKS were used during the build of
> mod_authnz_ldap? I've tried a couple different version of this library from
> various sources all with no luck, and I don't have the setup necessary to
> compile it on my own.
>
> Is ANYONE familiar with this problem, and is there a simple way to fix it?
>
> THANKS!
> -Zac
>
>
> P.S. The relevant portion of httpd.conf
>
> <IfModule authnz_ldap_module>
> LDAPSharedCacheSize 200000
> LDAPCacheEntries 1024
> LDAPCacheTTL 600
> LDAPOpCacheEntries 1024
> LDAPOpCacheTTL 600
> </IfModule>
> Alias /servframe "R:\servframe"
> <Directory "R:\servframe">
> AllowOverride All
> order allow,deny
> allow from all
> AuthName "servframe"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL ldap://192.168.1.2:389/ou=people,o={domain
> here}?uid?sub?(objectClass=*)
> AuthzLDAPAuthoritative off
> require valid-user
> </Directory>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org