You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Craig Jackson <CJ...@abbott-simses.com> on 2006/08/29 00:02:15 UTC
[users@httpd] LDAP authentication to dav folder
Samba with ldap backend authenticates samba users. An ldif example for a
user looks like this:
dn: uid=craig,ou=users,dc=abbott-simses,dc=com
uid: craig
sambaSID: sid id
sambaPrimaryGroupSID: grp id
displayName: Samba User
objectClass: sambaSamAccount
objectClass: account
structuralObjectClass: account
entryUUID: 9ae5c990-91c3-102a-8f9f-ce821b1d4ee9
creatorsName: cn=admin,dc=abbott-simses,dc=com
createTimestamp: 20060616203700Z
sambaPwdMustChange: 9223372036854775807
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
sambaPwdCanChange: 1155656650
sambaLMPassword: pass
sambaNTPassword: pass
sambaPwdLastSet: 1155656650
entryCSN: 20060815154410Z#000001#00#000000
modifiersName: cn=root,dc=abbott-simses,dc=com
modifyTimestamp: 20060815154410Z
I also want to set up apache webdav to the same user folders witjh ldap
authentication. But I get authentication error.
Here's the relevant part of apache2.conf from testing Debian
Alias /craig /hou-1/general/USERS/Craig
<Directory /craig>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location /craig>
DAV on
AllowOverride None
Satisfy all
SSLRequireSSL
Options Indexes MultiViews
AuthType Basic
AuthName "Abbott, Simses & Kuchler: Net Folders"
AuthLDAPEnabled on
AuthLDAPURL
ldap://127.0.0.1:389/ou=users,dc=abbott-simses,dc=com?uid??(objectclass=
*)
Require user craig
</Location>
The Apache log entry looks like this:
Access.log
192.168.193.30 - "" [28/Aug/2006:16:41:39 -0500] "PROPFIND /craig
HTTP/1.0" 401 401
Error.log
[Mon Aug 28 16:41:39 2006] [warn] [client 192.168.193.30] [3895]
auth_ldap authenticate: user authentication failed; URI /craig [User
not found][No such object]
Apache supplies a login prompt asking for user name and password. What
happens to the password? There is no password attribute for user craig.
Does apache compare passwords? There is no mention of user password in
the mod_auth_ldap help section. I think I need a hint here, because I'm
sure I'm missing something really simple.
Using Apache 2 on Debian testing.
Thanks,
Craig
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] LDAP authentication to dav folder
Posted by Craig Jackson <CJ...@abbott-simses.com>.
-----Original Message-----
From: Craig Jackson [mailto:CJackson@abbott-simses.com]
Sent: Monday, August 28, 2006 5:02 PM
To: users@httpd.apache.org
Subject: [users@httpd] LDAP authentication to dav folder
Samba with ldap backend authenticates samba users. An ldif example for a
user looks like this:
dn: uid=craig,ou=users,dc=abbott-simses,dc=com
uid: craig
sambaSID: sid id
sambaPrimaryGroupSID: grp id
displayName: Samba User
objectClass: sambaSamAccount
objectClass: account
structuralObjectClass: account
entryUUID: 9ae5c990-91c3-102a-8f9f-ce821b1d4ee9
creatorsName: cn=admin,dc=abbott-simses,dc=com
createTimestamp: 20060616203700Z
sambaPwdMustChange: 9223372036854775807
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
sambaPwdCanChange: 1155656650
sambaLMPassword: pass
sambaNTPassword: pass
sambaPwdLastSet: 1155656650
entryCSN: 20060815154410Z#000001#00#000000
modifiersName: cn=root,dc=abbott-simses,dc=com
modifyTimestamp: 20060815154410Z
I also want to set up apache webdav to the same user folders witjh ldap
authentication. But I get authentication error.
Here's the relevant part of apache2.conf from testing Debian
Alias /craig /hou-1/general/USERS/Craig
<Directory /craig>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location /craig>
DAV on
AllowOverride None
Satisfy all
SSLRequireSSL
Options Indexes MultiViews
AuthType Basic
AuthName "Abbott, Simses & Kuchler: Net Folders"
AuthLDAPEnabled on
AuthLDAPURL
ldap://127.0.0.1:389/ou=users,dc=abbott-simses,dc=com?uid??(objectclass=
*)
Require user craig
</Location>
The Apache log entry looks like this:
Access.log
192.168.193.30 - "" [28/Aug/2006:16:41:39 -0500] "PROPFIND /craig
HTTP/1.0" 401 401 Error.log [Mon Aug 28 16:41:39 2006] [warn] [client
192.168.193.30] [3895] auth_ldap authenticate: user authentication
failed; URI /craig [User not found][No such object]
Apache supplies a login prompt asking for user name and password. What
happens to the password? There is no password attribute for user craig.
Does apache compare passwords? There is no mention of user password in
the mod_auth_ldap help section. I think I need a hint here, because I'm
sure I'm missing something really simple.
Using Apache 2 on Debian testing.
Thanks,
Craig
---------------------------------------------------------------------
RESPONSE:
Problem has been solved by adding userPassword attribute to LDAP.
Craig
--------
In most areas of the universe one plus one is also known as two.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org