You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Chris <at...@gmail.com> on 2008/02/25 05:06:15 UTC

[users@httpd] ldap/ AD user authentication error

I am trying to get Apache 2.2.4 on OpenSUSE 10.3 working with Active
Directory (AD) LDAP authentication for users. But everytime I try to
login I get a 403 error. I have ldap_module and authnz_ldap_module
enabled. And I am trying over both HTTP and HTTPS but the password
prompt comes back asking for user name & password again and again. I
did a tcpdump and can see packets going to the AD end but nothing is
coming back.

I have put AllowOverride All in /etc/apache2/default-server.conf and
also on /etc/apache2/vhosts.d/vhost-myserver-ssl.conf

Here's my /etc/apache2/vhosts.d/vhost-myserver-ssl.conf &
/etc/apache2/vhosts.d/vhost-myserver.conf

<Directory "/srv/www/htdocs/myserver/secret">
   AllowOverride All
   Options Indexes
   Order allow,deny
   Allow from all
   AuthUserFile /srv/www/htdocs/myserver/secret/.htaccess
</Directory>

Here's my /path/to/.htaccess

AuthName "Test"
AuthType Basic
AuthLDAPURL ldap://ad.myorg.org:389/ou=staff,ou=mkt,ou=locations,dc=myorg,dc=org
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
require valid-user

Could anyone tell me what I am doing wrong? Any help would be much
appreciated. Thanks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] ldap/ AD user authentication error

Posted by Krist van Besien <kr...@gmail.com>.

On Mon, Feb 25, 2008 at 5:06 AM, Chris <at...@gmail.com> wrote:
> I did a tcpdump and can see packets going to the AD end but nothing is
>  coming back.

Have you checked if you can use the AD server? Try authenticating
against it using an ldap command line client.


>  AuthName "Test"
>  AuthType Basic
>  AuthLDAPURL ldap://ad.myorg.org:389/ou=staff,ou=mkt,ou=locations,dc=myorg,dc=org
>  AuthBasicProvider ldap
>  AuthzLDAPAuthoritative off
>  require valid-user

Does your AD server allow anonymous binds? Most don't and in this case
you will need an LdapBindDN and LdapBindPassword directive.

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org