You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Joffrey Bienvenue <he...@videotron.ca> on 2003/07/18 15:34:20 UTC
[users@httpd] Full DN with LDAP issue
Hello,
Can someone let me know how to configure apache to authenticate using a
full distinguished name through LDAP?
If I use UIDs, I have no problems. But I am trying to get users to
login such as cn=username, ou=org unit, o=org
I even tried accessing an LDAP object using ldap://ldap_server/cn=user,
ou=org_unit, o=org at the browser URL and this worked well.
I also tried by disabling the mod_unique_ID module to no avail.
Can someone direct me on how to achieve this ?
Regards,
Joffrey
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Full DN with LDAP issue
Posted by "John K. Sterling" <jo...@sterls.com>.
>-- Original Message --
>From: Joffrey Bienvenue <he...@videotron.ca>
>
> If I am not mistaking, the configuration you are providing here is a
>specific user to bind to in order to scan the directory. What I am
>looking for actually is having users, that will authenticate to a
>secured web site, to specify their full DN when they authenticate rather
yup - that suggestion would not work for you.
>than using a UID (Unique ID).
>
>I am not sure it is possible to do this. I was able with Netscape
>FastTrack server but can not seem to make it work with apache...
one way to do this is to make sure there is a 'dn' attribute on the user
and simply change the attrib portion of the url from 'sAMAccountName' to
'dn' - then it should do a search for an attribute called 'dn' on the user
and match the passed in user name to that.
sterling
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Full DN with LDAP issue
Posted by Joffrey Bienvenue <he...@videotron.ca>.
If I am not mistaking, the configuration you are providing here is a
specific user to bind to in order to scan the directory. What I am
looking for actually is having users, that will authenticate to a
secured web site, to specify their full DN when they authenticate rather
than using a UID (Unique ID).
I am not sure it is possible to do this. I was able with Netscape
FastTrack server but can not seem to make it work with apache...
Regards,
Joffrey
Jason Martens wrote:
>>Can someone let me know how to configure apache to authenticate using a
>>full distinguished name through LDAP?
>
>
> Mine looks like this. My LDAP server is Active Directory...
>
> AuthLDAPBindDN "CN=A Username,OU=Active Directory
> OU,DC=some,DC=local,DC=domain"
>
> AuthLDAPBindPassword somePassword
>
> AuthLDAPURL ldap://127.0.0.1:7777/DC=some,DC=local,DC=domain?sAMAccountName?sub?
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Full DN with LDAP issue
Posted by Jason Martens <jm...@cityofevanston.org>.
> Can someone let me know how to configure apache to authenticate using a
> full distinguished name through LDAP?
Mine looks like this. My LDAP server is Active Directory...
AuthLDAPBindDN "CN=A Username,OU=Active Directory
OU,DC=some,DC=local,DC=domain"
AuthLDAPBindPassword somePassword
AuthLDAPURL ldap://127.0.0.1:7777/DC=some,DC=local,DC=domain?sAMAccountName?sub?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org