You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Long <DL...@Lynden.com> on 2011/01/03 19:50:54 UTC
[users@httpd] how to use ldap authentication
I am trying to use httpd 2.2.17 with ldap authentication but get "ldap initialization failed" message
Here is my configuration
I downloaded apr 1.4.2 and apr-util 1.3.10
For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
For apr util 1.3.10, I did "configure --prefix=/www/apache2/apr-util-httpd/ --with-apr=/www/apache2/apr-httpd/ --with-ldap"
For httpd-2.2.17
configure --enable-ldap --enable-authnz-ldap
All compiled and installed fine. In httpd.conf file I have following for my ldap authentication restricted folder.
AuthName "Staff Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://ldap.lynden.com:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
AuthzLDAPAuthoritative off
require valid-user
I can started httpd. But when I hit restricted folder. I still got error.
Here is my error_log, parser fine but ldap initialization failed. How do I test my apache ldap function? Or do I need to recompile my apr-util?
[Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293]
auth_ldap url parse:
`ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectCla
ss=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN:
ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter:
(objectClass=organizationalPerson), connection mode: not using SSL
[Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client
12.171.37.10] [293] auth_ldap authenticate: using URL
ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClas
s=organizationalPerson) [Wed Dec 29 15:37:12 2010] [info] [client
12.171.37.10] [293] auth_ldap authenticate: user dlong authentication
failed; URI /EMU [LDAP: ldap initialization failed][Unknown error]
Can someone help?
Thanks in advance.
David Long
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to use ldap authentication
Posted by David Long <DL...@Lynden.com>.
Hi Igor,
I am using Sun Sparc server. Solaris 10 (5/09).
I do not have LDAP SDK, I guess I need LDAP SDK to make it work.
Where do I put in LDAP SDK options?
Thanks
David Long
-----Original Message-----
From: Igor Galić [mailto:i.galic@brainsware.org]
Sent: Monday, January 03, 2011 4:30 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] how to use ldap authentication
----- "David Long" <DL...@Lynden.com> wrote:
> I am trying to use httpd 2.2.17 with ldap authentication but get "ldap
> initialization failed" message
> Here is my configuration
> I downloaded apr 1.4.2 and apr-util 1.3.10
What Platform/OS/Distro/Version
Which LDAP SDK?
> For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
>
> For apr util 1.3.10, I did "configure
> --prefix=/www/apache2/apr-util-httpd/
> --with-apr=/www/apache2/apr-httpd/ --with-ldap"
>
> For httpd-2.2.17
> configure --enable-ldap --enable-authnz-ldap
>
>
> All compiled and installed fine. In httpd.conf file I have following
> for my ldap authentication restricted folder.
>
> AuthName "Staff Only"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL
> ldap://ldap.lynden.com:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
> AuthzLDAPAuthoritative off
> require valid-user
>
>
> I can started httpd. But when I hit restricted folder. I still got
> error.
>
> Here is my error_log, parser fine but ldap initialization failed. How
> do I test my apache ldap function? Or do I need to recompile my
> apr-util?
>
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293]
> auth_ldap url parse:
> `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectCla
> ss=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN:
> ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter:
> (objectClass=organizationalPerson), connection mode: not using SSL
Should you be using SSL on this server?
What does ldapwhoami say? Or ldapsearch or simalar.
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client
> 12.171.37.10] [293] auth_ldap authenticate: using URL
> ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClas
> s=organizationalPerson)
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293]
> auth_ldap authenticate: user dlong authentication failed; URI /EMU
> [LDAP: ldap initialization failed][Unknown error]
This error is really unhelpful :-/
> Can someone help?
>
> Thanks in advance.
>
> David Long
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to use ldap authentication
Posted by Igor Galić <i....@brainsware.org>.
----- "David Long" <DL...@Lynden.com> wrote:
> I am trying to use httpd 2.2.17 with ldap authentication but get "ldap
> initialization failed" message
> Here is my configuration
> I downloaded apr 1.4.2 and apr-util 1.3.10
What Platform/OS/Distro/Version
Which LDAP SDK?
> For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
>
> For apr util 1.3.10, I did "configure
> --prefix=/www/apache2/apr-util-httpd/
> --with-apr=/www/apache2/apr-httpd/ --with-ldap"
>
> For httpd-2.2.17
> configure --enable-ldap --enable-authnz-ldap
>
>
> All compiled and installed fine. In httpd.conf file I have following
> for my ldap authentication restricted folder.
>
> AuthName "Staff Only"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL
> ldap://ldap.lynden.com:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
> AuthzLDAPAuthoritative off
> require valid-user
>
>
> I can started httpd. But when I hit restricted folder. I still got
> error.
>
> Here is my error_log, parser fine but ldap initialization failed. How
> do I test my apache ldap function? Or do I need to recompile my
> apr-util?
>
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293]
> auth_ldap url parse:
> `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectCla
> ss=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN:
> ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter:
> (objectClass=organizationalPerson), connection mode: not using SSL
Should you be using SSL on this server?
What does ldapwhoami say? Or ldapsearch or simalar.
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client
> 12.171.37.10] [293] auth_ldap authenticate: using URL
> ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClas
> s=organizationalPerson)
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293]
> auth_ldap authenticate: user dlong authentication failed; URI /EMU
> [LDAP: ldap initialization failed][Unknown error]
This error is really unhelpful :-/
> Can someone help?
>
> Thanks in advance.
>
> David Long
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org