You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chris <at...@gmail.com> on 2008/02/25 05:06:15 UTC
[users@httpd] ldap/ AD user authentication error
I am trying to get Apache 2.2.4 on OpenSUSE 10.3 working with Active
Directory (AD) LDAP authentication for users. But everytime I try to
login I get a 403 error. I have ldap_module and authnz_ldap_module
enabled. And I am trying over both HTTP and HTTPS but the password
prompt comes back asking for user name & password again and again. I
did a tcpdump and can see packets going to the AD end but nothing is
coming back.
I have put AllowOverride All in /etc/apache2/default-server.conf and
also on /etc/apache2/vhosts.d/vhost-myserver-ssl.conf
Here's my /etc/apache2/vhosts.d/vhost-myserver-ssl.conf &
/etc/apache2/vhosts.d/vhost-myserver.conf
<Directory "/srv/www/htdocs/myserver/secret">
AllowOverride All
Options Indexes
Order allow,deny
Allow from all
AuthUserFile /srv/www/htdocs/myserver/secret/.htaccess
</Directory>
Here's my /path/to/.htaccess
AuthName "Test"
AuthType Basic
AuthLDAPURL ldap://ad.myorg.org:389/ou=staff,ou=mkt,ou=locations,dc=myorg,dc=org
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
require valid-user
Could anyone tell me what I am doing wrong? Any help would be much
appreciated. Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ldap/ AD user authentication error
Posted by Krist van Besien <kr...@gmail.com>.
On Mon, Feb 25, 2008 at 5:06 AM, Chris <at...@gmail.com> wrote:
> I did a tcpdump and can see packets going to the AD end but nothing is
> coming back.
Have you checked if you can use the AD server? Try authenticating
against it using an ldap command line client.
> AuthName "Test"
> AuthType Basic
> AuthLDAPURL ldap://ad.myorg.org:389/ou=staff,ou=mkt,ou=locations,dc=myorg,dc=org
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off
> require valid-user
Does your AD server allow anonymous binds? Most don't and in this case
you will need an LdapBindDN and LdapBindPassword directive.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org