You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dafydd Blaidd <da...@midrealm.org> on 2006/04/27 19:54:19 UTC

[users@httpd] Having trouble doing group authentication with LDAP

I am trying to do LDAP authentication to require group membership.  I can 
successfully authenticate using 'require valid-user' and 'require user 
xxxx' but if I use 'require group dn=ldap,ou=Groups,dc=example,dc=com' I 
get an Internal Server Error.  The following error is recorded in the 
error_log:

[Thu Apr 27 10:07:28 2006] [crit] Group query failed!

I set the loglevel to debug and get this:

[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(66): version 1.6.0: Trying to parse an url `ldap://localhost:389/ou=People,dc=example,dc=com?uid?sub'
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(87): Url parse: Host: localhost
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(89): Url parse: Port: 389
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(91): Url parse: DN: ou=People,dc=example,dc=com
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(93): Url parse: Attrib: uid
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(95): Url parse: Scope: subtree
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(100): Url parse: Filter: (null)
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap_config.c(147): {13516} not requesting secure LDAP
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(481): [client 198.97.67.59] {13516} Entering ldap_authenticate_basic_user
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(306): [client 198.97.67.59] {13516} Entering auth_ldap_find_connection
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(499): [client 198.97.67.59] {13516} authenticate: using URL ldap://localhost:389/ou=People,dc=example,dc=com?uid?sub
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(433): [client 198.97.67.59] {13516} inserting `ldap://localhost:389/ou=People,dc=example,dc=com?uid?sub' into URL cache
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(552): [client 198.97.67.59] {13516} entry for `XXXXXXXXXX' is not in the cache
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(145): [client 198.97.67.59] {13516} Entering auth_ldap_connect_to_server
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(165): [client 198.97.67.59] {13516} Opening connection to ldap server(s) `localhost'
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(168): [client 198.97.67.59] {13516} LDAP OP: init
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(262): [client 198.97.67.59] {13516} Binding to server `localhost' as (null)/(null)
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(272): [client 198.97.67.59] {13516} LDAP OP: simple bind
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(578): [client 198.97.67.59] {13516} Peforming a search (scope=2) with filter (&(objectclass=*)(uid=XXXXXXXXXX))
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(582): [client 198.97.67.59] {13516} LDAP OP: search
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(629): [client 198.97.67.59] {13516} DN returned from search is uid=XXXXXXXXXX,ou=People,dc=example,dc=com
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(649): [client 198.97.67.59] {13516} Validating user `uid=XXXXXXXXXX,ou=People,dc=example,dc=com' via bind
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(658): [client 198.97.67.59] {13516} LDAP OP: simple bind
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(681): [client 198.97.67.59] {13516} authenticate: accepting
[Thu Apr 27 10:07:28 2006] [debug] auth_ldap.c(684): [client 198.97.67.59] {13516} Adding user `uid=XXXXXXXXXX,ou=People,dc=example,dc=com' to the cache
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1442): Making group query with auth_table=[mysql_auth], auth_user_field=[username], esc_user=[XXXXXXXXXX], esc_group=[cn=ldap,ou=Group,dc=example,dc=com], auth_group_field=[groups], where_clause=[]
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1449): Group query created; [SELECT count(*) FROM mysql_auth WHERE username='XXXXXXXXXX' and FIND_IN_SET('cn=ldap,ou=Group,dc=example,dc=com',groups)]
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1192): sec->dbh in (null) is
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1199): Ordinary query
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1204): No DB connection open - firing one up
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1096): Opening DB connection for (null)
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1165): Persistent in (null) is 1
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1212): Correctly opened a new DB connection
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1216): Running query: [SELECT count(*) FROM mysql_auth WHERE username='XXXXXXXXXX' and FIND_IN_SET('cn=ldap,ou=Group,dc=example,dc=com',groups)]
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1222): Query maybe-failed: Unknown column 'groups' in 'where clause' (1054), lastchance=0
[Thu Apr 27 10:07:28 2006] [debug] mod_auth_mysql.c(1225): Error numbers of interest are 2006 (SG) and 2013 (SL)
[Thu Apr 27 10:07:28 2006] [crit] Group query failed!

I am using mod_auth_mysql extensively throughout the site.

The .htaccess file looks like this:

AuthName "LDAP test directory"
AuthType basic
AuthLDAPAuthoritative off
AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN on
AuthLDAPRemoteUserIsDN on
AuthLDAPURL ldap://localhost:389/ou=People,dc=example,dc=com?uid?sub
require group cn=ldap,ou=Group,dc=example,dc=com


--

Dave Majors
dafydd@midrealm.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org