You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Luis Clemente <lu...@yahoo.com.br> on 2009/09/24 14:55:11 UTC
[users@httpd] Apache 2.2 + Ldap
Hi all,
Someone knows how I can setting the apache 2.2. server to authenticated in a Ldap server? Here is my httpd.conf Ldap configuration:
<Directory /var/www/html>
AuthBasicProvider ldap
AuthType basic
AuthLDAPURL "ldap://ldapserver.com:389/o=domain.com?mail"
AuthzLDAPAuthoritative on
AuthName "Please sign in with an Internet e-mail ID (IIP) which is in the Postman BlueGroup"
AuthLDAPGroupAttribute mail
Require group cn=postman,ou=memberlist,ou=compgroups
</Directory>
I think it is simple but I don't know what is happen. I use my email to authenticated it. If I use the wrong password, the follow message it appears:
[Tue Sep 22 17:07:32 2009] [warn] [client 9.6.113.47] [8449] auth_ldap authenticate: user luisecc@comp.com authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
[Tue Sep 22 17:07:32 2009] [error] [client 9.6.113.47] user luisecc@br.ibm.com: authentication failure for "/": Password Mismatch
But if I use the right password nether message it is showed and the authenticated it is not accept.
So anyone can help me? Someone knows how to do this?
Best regard's
Luis
____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2 + Ldap
Posted by Tom Evans <te...@googlemail.com>.
On Thu, 2009-09-24 at 05:55 -0700, Luis Clemente wrote:
> Hi all,
>
> Someone knows how I can setting the apache 2.2. server to authenticated in a Ldap server? Here is my httpd.conf Ldap configuration:
>
> <Directory /var/www/html>
> AuthBasicProvider ldap
> AuthType basic
> AuthLDAPURL "ldap://ldapserver.com:389/o=domain.com?mail"
> AuthzLDAPAuthoritative on
> AuthName "Please sign in with an Internet e-mail ID (IIP) which is in the Postman BlueGroup"
> AuthLDAPGroupAttribute mail
> Require group cn=postman,ou=memberlist,ou=compgroups
> </Directory>
>
> I think it is simple but I don't know what is happen. I use my email to authenticated it. If I use the wrong password, the follow message it appears:
>
> [Tue Sep 22 17:07:32 2009] [warn] [client 9.6.113.47] [8449] auth_ldap authenticate: user luisecc@comp.com authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
> [Tue Sep 22 17:07:32 2009] [error] [client 9.6.113.47] user luisecc@br.ibm.com: authentication failure for "/": Password Mismatch
>
> But if I use the right password nether message it is showed and the authenticated it is not accept.
>
> So anyone can help me? Someone knows how to do this?
>
> Best regard's
>
> Luis
>
This is how we have it set up:
AuthType Basic
AuthName "Foo"
AuthBasicProvider "ldap"
AuthLDAPURL "ldap://ldap/o=Foo?mail?sub?(accountActive=TRUE)"
AuthLDAPBindDN "cn=fooclient,ou=System Accounts,o=Foo"
AuthLDAPBindPassword "foopass"
AuthzLDAPAuthoritative "On"
Require valid-user
Require ldap-group cn=IT,ou=Groups,o=Foo
fooclient/foopass are credentials used to look up the user before
authenticating them, IIRC. It is required if your LDAP server disallows
anonymous binds. Probably what you are missing is that you need 'Require
ldap-group ...' not 'Require group ...'.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org