You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dan Buettner <da...@thelittlemacshop.com> on 2006/06/16 03:02:59 UTC
[users@httpd] Apache 2.0.55 on Win2003 crashes when attempting LDAP auth against
AD
I've been through Google and the online docs and release notes today,
and can't figure out how to solve this one.
I've got a Windows 2003 Server running Apache 2.0.55 and Active
Directory. I am attempting to to use Apache's mod_auth_ldap to control
access on a per-directory basis with .htaccess files, by authenticating
with LDAP against Active Directory.
When I access the protected directory, I get the expected authentication
dialog in my browser(s), and at that point Apache is still running on
the server. When I put in my username and password and submit, the
Apache service dies a few seconds later.
I am able to bind to AD using LDAP with PHP's functions for doing so,
and Apache does not crash. I'm also able to access AD with
"ldapbrowser", so I am confident my username, password, domain, etc.,
are correct. In any case I would not expect incorrect logon info to
crash the server process.
There are some notes in the release doc that 2.0.55 addressed some
issues with LDAP, but .56, .57 and .58 don't reference LDAP changes at all.
Here's my .htaccess file, with names changed to protect the innocent:
AuthType Basic
AuthName "LDAP Test"
AuthLDAPEnabled on
AuthLDAPUrl
ldap://home.mydomain.com/cn=Users,dc=mydomain,dc=com?sAMAccountName?sub
AuthLDAPBindDN "sAMAccountName=dbuettner,cn=Users,dc=mydomain,dc=com"
AuthLDAPBindPassword secret
require valid-user
A sample of the Apache log:
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(785): [5456]
auth_ldap url parse:
`ldap://home.mydomain.com/cn=Users,dc=mydomain,dc=com?sAMAccountName?sub'
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(806): [5456]
auth_ldap url parse: Host: home.mydomain.com
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(808): [5456]
auth_ldap url parse: Port: 389
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(810): [5456]
auth_ldap url parse: DN: cn=Users,dc=mydomain,dc=com
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(812): [5456]
auth_ldap url parse: attrib: sAMAccountName
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(814): [5456]
auth_ldap url parse: scope: subtree
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(819): [5456]
auth_ldap url parse: filter: (null)
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(884): LDAP: auth_ldap
not using SSL connections
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(337): [client
12.34.56.78] [5456] auth_ldap authenticate: using URL
ldap://home.mydomain.com/cn=Users,dc=mydomain,dc=com?sAMAccountName?sub
[Thu Jun 15 16:55:16 2006] [debug] mod_auth_ldap.c(342): [client
12.34.56.78] [5456] auth_ldap authenticate: ap_get_basic_auth_pw()
returns 401
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(785): [5456]
auth_ldap url parse:
`ldap://home.mydomain.com/cn=Users,dc=mydomain,dc=com?sAMAccountName?sub'
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(806): [5456]
auth_ldap url parse: Host: home.mydomain.com
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(808): [5456]
auth_ldap url parse: Port: 389
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(810): [5456]
auth_ldap url parse: DN: cn=Users,dc=mydomain,dc=com
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(812): [5456]
auth_ldap url parse: attrib: sAMAccountName
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(814): [5456]
auth_ldap url parse: scope: subtree
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(819): [5456]
auth_ldap url parse: filter: (null)
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(884): LDAP: auth_ldap
not using SSL connections
[Thu Jun 15 16:55:23 2006] [debug] mod_auth_ldap.c(337): [client
12.34.56.78] [5456] auth_ldap authenticate: using URL
ldap://home.mydomain.com/cn=Users,dc=mydomain,dc=com?sAMAccountName?sub
[Thu Jun 15 16:55:27 2006] [notice] Parent: child process exited with
status 3221225477 -- Restarting.
The Windows event logs only note that the Apache2 service exited - no
details.
Has anyone else encountered something like this? Suggestions welcomed.
Dan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.0.55 on Win2003 crashes when attempting
LDAP auth against AD
Posted by Dan Buettner <da...@thelittlemacshop.com>.
Thanks William - we use some 3rd party modules like php, python,
subversion. Not all of these are available as binaries for Windows &
Apache 2.2.2 yet.
Anything else we might be able to do with 2.0.x ?
Dan
William A. Rowe, Jr. wrote:
> Dan Buettner wrote:
>>
>> I've got a Windows 2003 Server running Apache 2.0.55 and Active
>> Directory. I am attempting to to use Apache's mod_auth_ldap to control
>> access on a per-directory basis with .htaccess files, by authenticating
>> with LDAP against Active Directory.
>
> I can't even run 2.0 ldap without a host of extra backported patches...
>
>> There are some notes in the release doc that 2.0.55 addressed some
>> issues with LDAP, but .56, .57 and .58 don't reference LDAP changes at
>> all.
>
> Grab Apache 2.2.2 - there's been major, major refactoring to get LDAP
> right,
> the sort of things that don't work out well for backporting to 2.0.x.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.0.55 on Win2003 crashes when attempting
LDAP auth against AD
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Dan Buettner wrote:
>
> I've got a Windows 2003 Server running Apache 2.0.55 and Active
> Directory. I am attempting to to use Apache's mod_auth_ldap to control
> access on a per-directory basis with .htaccess files, by authenticating
> with LDAP against Active Directory.
I can't even run 2.0 ldap without a host of extra backported patches...
> There are some notes in the release doc that 2.0.55 addressed some
> issues with LDAP, but .56, .57 and .58 don't reference LDAP changes at all.
Grab Apache 2.2.2 - there's been major, major refactoring to get LDAP right,
the sort of things that don't work out well for backporting to 2.0.x.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org