You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Zac Morris <za...@zacwolf.com> on 2007/03/16 15:22:58 UTC

[users@httpd] SECOND REQUEST: mod_authnz_ldap.so module

Hi,

I need some help.  I've tried Goggle and some forums with no luck on
this one...

I've setup a win32 Apache 2.2.4 server, with the *mod_authnz_ldap*
module.  When I access a protected url I'm getting an Error 500 and the
error.log shows:

[Tue Mar 13 16:26:06 2007] [warn] [client 127.0.0.1] [5496] auth_ldap
authenticate: user devuser authentication failed; URI
/servframe/images/edit.gif [ldap_search_ext_s() for user
failed][Protocol Error]

I'm pointing at an OpenLDAP-2.2.23 repository (running on a different
server on the same subnet).


I've configured Tomcat in a similar way (pointing to the same ldap
repository via the:
    <Realm       className="org.apache.catalina.realm.JNDIRealm" debug="99"
                 connectionURL="ldap://192.168.1.2/"
                 userBase="ou=people,o=/{domain here}/"
                 userSearch="(uid={0})"
      />

...which is working just fine.


>From what few hints I'm finding online, it seems that the "protocol
error" can be seen depending on which LDAP SDKS were used during the
build of mod_authnz_ldap?  I've tried a couple different version of this
library from various sources all with no luck, and I don't have the
setup necessary to compile it on my own.

Is ANYONE familiar with this problem, and is there a simple way to fix it?

THANKS!
-Zac


P.S.  The relevant portion of httpd.conf

<IfModule authnz_ldap_module>
    LDAPSharedCacheSize 200000
    LDAPCacheEntries 1024
    LDAPCacheTTL 600
    LDAPOpCacheEntries 1024
    LDAPOpCacheTTL 600
</IfModule>
Alias /servframe "R:\servframe"
<Directory "R:\servframe">
     AllowOverride All
     order allow,deny
     allow from all
     AuthName "servframe"
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPURL ldap://192.168.1.2:389/ou=people,o=/{domain 
here}/?uid?sub?(objectClass=*)
     AuthzLDAPAuthoritative off
     require valid-user
</Directory>

Re: [users@httpd] SECOND REQUEST: mod_authnz_ldap.so module

Posted by Dmitri Colebatch <di...@colebatch.com>.

Hi Zac,

Not sure if you're still looking for this (I'm playing catch-up), but
this config snippet might provide something to compare against:

    AuthType Basic
    AuthName "LDAP Authentication"
    AuthLDAPUrl ldap://ldap/o=users?cn?sub?(objectclass=Person)
    AuthLDAPBindDN cn=readonly,o=admin
    AuthLDAPBindPassword nottelling
    require group cn=development_team,o=groups

We used AuthLDAPUrl where you have AuthLDAPURL, see if changing that
fixes your problem.

cheers,
dim


On 3/17/07, Zac Morris <za...@zacwolf.com> wrote:
> Hi,
>
> I need some help.  I've tried Goggle and some forums with no luck on this
> one...
>
> I've setup a win32 Apache 2.2.4 server, with the mod_authnz_ldap module.
> When I access a protected url I'm getting an Error 500 and the error.log
> shows:
>
> [Tue Mar 13 16:26:06 2007] [warn] [client 127.0.0.1] [5496] auth_ldap
> authenticate: user devuser authentication failed; URI
> /servframe/images/edit.gif [ldap_search_ext_s() for user failed][Protocol
> Error]
>
> I'm pointing at an OpenLDAP-2.2.23 repository (running on a different server
> on the same subnet).
>
>
> I've configured Tomcat in a similar way (pointing to the same ldap
> repository via the:
>     <Realm
> className="org.apache.catalina.realm.JNDIRealm" debug="99"
>                  connectionURL="ldap://192.168.1.2/"
>                  userBase="ou=people,o={domain here}"
>                  userSearch="(uid={0})"
>       />
>
> ...which is working just fine.
>
>
> From what few hints I'm finding online, it seems that the "protocol error"
> can be seen depending on which LDAP SDKS were used during the build of
> mod_authnz_ldap?  I've tried a couple different version of this library from
> various sources all with no luck, and I don't have the setup necessary to
> compile it on my own.
>
> Is ANYONE familiar with this problem, and is there a simple way to fix it?
>
> THANKS!
> -Zac
>
>
> P.S.  The relevant portion of httpd.conf
>
> <IfModule authnz_ldap_module>
>     LDAPSharedCacheSize 200000
>     LDAPCacheEntries 1024
>     LDAPCacheTTL 600
>     LDAPOpCacheEntries 1024
>     LDAPOpCacheTTL 600
> </IfModule>
> Alias /servframe "R:\servframe"
> <Directory "R:\servframe">
>      AllowOverride All
>      order allow,deny
>      allow from all
>      AuthName "servframe"
>      AuthType Basic
>      AuthBasicProvider ldap
>      AuthLDAPURL ldap://192.168.1.2:389/ou=people,o={domain
>  here}?uid?sub?(objectClass=*)
>      AuthzLDAPAuthoritative off
>      require valid-user
> </Directory>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org