You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Minson, John M Mr ARMY GUEST" <jo...@us.army.mil> on 2008/11/19 19:21:04 UTC
[users@httpd] mod_authnz_ldap
I'm trying to implement mod_authnz_ldap and get the following error
auth_ldap authorise: User DN not found, ldap_search_ext_s() for user failed
I have tried dozens of combinations of AuthLDAPUrl and AuthLDAPBindDN
Is there anyway to get it to display the 'User DN' its trying to use ?
apache has logging set to 'debug'
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_authnz_ldap
Posted by Eric Covener <co...@gmail.com>.
On Wed, Nov 19, 2008 at 2:06 PM, Minson, John M Mr ARMY GUEST
<jo...@us.army.mil> wrote:
> using 'snoop' I determined that the ldap module is using a uid that looks
> like this
>
> someuser@some.domain
>
> The 'someuser' portion is what is in lDAP .
>
> How do I pass just 'someuser' as the uid ?
That means your user is typing that into the browsers basic auth
prompt. Apache doesn't have a way to manipulate it before running the
ldap search -- does that full email address match some other attribute
in your LDAP?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_authnz_ldap
Posted by Eric Covener <co...@gmail.com>.
On Wed, Nov 19, 2008 at 1:21 PM, Minson, John M Mr ARMY GUEST
<jo...@us.army.mil> wrote:
> I'm trying to implement mod_authnz_ldap and get the following error
>
> auth_ldap authorise: User DN not found, ldap_search_ext_s() for user failed
>
> I have tried dozens of combinations of AuthLDAPUrl and AuthLDAPBindDN
>
> Is there anyway to get it to display the 'User DN' its trying to use ?
If you do an IP trace with wireshark, you'll see the formatted query
being sent to the ldap server.
I would guess that the problem is either:
1) The "attribute" in the AuthLDAPURL doesn't contain the same thing
as what you're feeding into the browser
2) if you added a "filter" to the end of AuthLDAPURL it may be
eliminating your result
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org