You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by PM...@nypl.org on 2009/04/17 18:28:54 UTC

[users@httpd] mod_auth_ldap against AD issue

Greetings-

    I'm sure there is a more focused approach, but figure someone on this
list will have had this experience.

    I setup authLDAP to AD's LDAP on one of our boxes that is not running
winbind, with version 2.2.8 of apache.


Config Below-


        <Directory /var/www/brc>
                Order deny,allow
                Allow from All
                AuthName "AD Test"
                AuthType Basic
                AuthBasicProvider ldap
                AuthzLDAPAuthoritative on
                AuthUserFile /dev/null
                AuthLDAPURL
"ldap://ad01.home.net:389/DC=HOME,DC=NET?sAMAccountName?sub?(objectClass=*)"
                AuthLDAPBindDN "ldap_user@home.net"
                AuthLDAPBindPassword "secret"
                Require user peterm
        </Directory>

Yet it says:

[Fri Apr 17 12:18:58 2009] [error] [client 10.128.98.65] GROUP: peterm not
in required group(s).

I've tried various methods of failing the lookup just as a sanity check,
and everything looks just fine. Oddly, I have no group requirements in the
config at all....

Input is appreciated.


Thanks-

Peter J. Milanese, Senior Systems Engineer
Information Technology Group
The New York Public Library
peterm@nypl.org - 212.621.0203




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org