You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Joffrey Bienvenue <he...@videotron.ca> on 2003/07/18 15:34:20 UTC

[users@httpd] Full DN with LDAP issue

Hello,

Can someone let me know how to configure apache to authenticate using a 
full distinguished name through LDAP?

If I use UIDs, I have no problems.   But I am trying to get users to 
login such as cn=username, ou=org unit, o=org

I even tried accessing an LDAP object using ldap://ldap_server/cn=user, 
ou=org_unit, o=org  at the browser URL  and this worked well.

I also tried by disabling the mod_unique_ID module to no avail.

Can someone direct me on how to achieve this ?

Regards,
Joffrey


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Full DN with LDAP issue

Posted by "John K. Sterling" <jo...@sterls.com>.

>-- Original Message --
>From: Joffrey Bienvenue <he...@videotron.ca>
>
>  If I am not mistaking, the configuration you are providing here is a

>specific user to bind to in order to scan the directory. What I am 
>looking for actually is having users, that will authenticate to a 
>secured web site, to specify their full DN when they authenticate rather

yup - that suggestion would not work for you.

>than using a UID (Unique ID).
>
>I am not sure it is possible to do this.  I was able with Netscape 
>FastTrack server but can not seem to make it work with apache...

one way to do this is to make sure there is a 'dn' attribute on the user
and simply change the attrib portion of the url from 'sAMAccountName' to
'dn' - then it should do a search for an attribute called 'dn' on the user
and match the passed in user name to that.

sterling



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Full DN with LDAP issue

Posted by Joffrey Bienvenue <he...@videotron.ca>.

  If I am not mistaking, the configuration you are providing here is a 
specific user to bind to in order to scan the directory. What I am 
looking for actually is having users, that will authenticate to a 
secured web site, to specify their full DN when they authenticate rather 
than using a UID (Unique ID).

I am not sure it is possible to do this.  I was able with Netscape 
FastTrack server but can not seem to make it work with apache...

Regards,
Joffrey



Jason Martens wrote:
>>Can someone let me know how to configure apache to authenticate using a 
>>full distinguished name through LDAP?
> 
> 
> Mine looks like this.  My LDAP server is Active Directory...
> 
> AuthLDAPBindDN "CN=A Username,OU=Active Directory
> OU,DC=some,DC=local,DC=domain"
> 
> AuthLDAPBindPassword somePassword
> 
> AuthLDAPURL ldap://127.0.0.1:7777/DC=some,DC=local,DC=domain?sAMAccountName?sub?
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Full DN with LDAP issue

Posted by Jason Martens <jm...@cityofevanston.org>.

> Can someone let me know how to configure apache to authenticate using a 
> full distinguished name through LDAP?

Mine looks like this.  My LDAP server is Active Directory...

AuthLDAPBindDN "CN=A Username,OU=Active Directory
OU,DC=some,DC=local,DC=domain"

AuthLDAPBindPassword somePassword

AuthLDAPURL ldap://127.0.0.1:7777/DC=some,DC=local,DC=domain?sAMAccountName?sub?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org