You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Luis Clemente <lu...@yahoo.com.br> on 2009/09/24 14:55:11 UTC

[users@httpd] Apache 2.2 + Ldap

Hi all,

   Someone knows how I can setting the apache 2.2. server to authenticated in a Ldap server? Here is my httpd.conf Ldap configuration:

<Directory /var/www/html>
  AuthBasicProvider ldap
  AuthType      basic
  AuthLDAPURL   "ldap://ldapserver.com:389/o=domain.com?mail"
  AuthzLDAPAuthoritative on
  AuthName      "Please sign in with an Internet e-mail ID (IIP) which is in the Postman BlueGroup"
  AuthLDAPGroupAttribute mail
  Require       group cn=postman,ou=memberlist,ou=compgroups
</Directory>

   I think it is simple but I don't know what is happen. I use my email to authenticated it. If I use the wrong password, the follow message it appears:

[Tue Sep 22 17:07:32 2009] [warn] [client 9.6.113.47] [8449] auth_ldap authenticate: user luisecc@comp.com authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
[Tue Sep 22 17:07:32 2009] [error] [client 9.6.113.47] user luisecc@br.ibm.com: authentication failure for "/": Password Mismatch

   But if I use the right password nether message it is showed and the authenticated it is not accept.

   So anyone can help me? Someone knows how to do this?

Best regard's

Luis


      ____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache 2.2 + Ldap

Posted by Tom Evans <te...@googlemail.com>.

On Thu, 2009-09-24 at 05:55 -0700, Luis Clemente wrote:
> Hi all,
> 
>    Someone knows how I can setting the apache 2.2. server to authenticated in a Ldap server? Here is my httpd.conf Ldap configuration:
> 
> <Directory /var/www/html>
>   AuthBasicProvider ldap
>   AuthType      basic
>   AuthLDAPURL   "ldap://ldapserver.com:389/o=domain.com?mail"
>   AuthzLDAPAuthoritative on
>   AuthName      "Please sign in with an Internet e-mail ID (IIP) which is in the Postman BlueGroup"
>   AuthLDAPGroupAttribute mail
>   Require       group cn=postman,ou=memberlist,ou=compgroups
> </Directory>
> 
>    I think it is simple but I don't know what is happen. I use my email to authenticated it. If I use the wrong password, the follow message it appears:
> 
> [Tue Sep 22 17:07:32 2009] [warn] [client 9.6.113.47] [8449] auth_ldap authenticate: user luisecc@comp.com authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
> [Tue Sep 22 17:07:32 2009] [error] [client 9.6.113.47] user luisecc@br.ibm.com: authentication failure for "/": Password Mismatch
> 
>    But if I use the right password nether message it is showed and the authenticated it is not accept.
> 
>    So anyone can help me? Someone knows how to do this?
> 
> Best regard's
> 
> Luis
> 

This is how we have it set up:

AuthType Basic
AuthName "Foo"
AuthBasicProvider "ldap"
AuthLDAPURL "ldap://ldap/o=Foo?mail?sub?(accountActive=TRUE)"
AuthLDAPBindDN "cn=fooclient,ou=System Accounts,o=Foo"
AuthLDAPBindPassword "foopass"
AuthzLDAPAuthoritative "On"
Require valid-user
Require ldap-group cn=IT,ou=Groups,o=Foo

fooclient/foopass are credentials used to look up the user before
authenticating them, IIRC. It is required if your LDAP server disallows
anonymous binds. Probably what you are missing is that you need 'Require
ldap-group ...' not 'Require group ...'.

Cheers

Tom



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org