Re: [users@httpd] Apache 2.4 fails to call LDAP auth modules [solved]

[Ezra Taylor <ez...@gmail.com>]

All:

            I have the same issue.  We upgraded to Apache 2.4 from 2.2 and
now Apache is not even connecting to our LDAP server.  Our config is below.
 Your assistance is greatly appreciated.  Is there a way to trace Apache
attempting to connect to our LDAP server?  Thanks.

AuthType Basic
AuthName "Blue in the face Login"
AuthBasicProvider ldap
AuthLDAPURL ldap://blue.intheface.com:389/ou=People,dc=intheface,dc=com?uid
AuthLDAPBindDN "cn=admin,dc=intheface,dc=com"
AuthLDAPBindPassword *&^%$
Require valid-user






On Thu, Aug 22, 2013 at 3:36 PM, William Paredes <
bill.paredes@einstein.yu.edu> wrote:

>   *From:* Igor Cicimov [icicimov@gmail.com]
> *Sent:* Saturday, August 17, 2013 9:14 AM
> *To:* users
> *Subject:* Re: [users@httpd] Apache 2.4 fails to call LDAP auth modules
>
>
> On 16/08/2013 3:10 AM, "William Paredes" <bi...@einstein.yu.edu>
> wrote:
> >
> > Greetings!
> > It's been a few days that I'm struggling with this one:
> >
> > I don't get the authentication dialog window prompting for a user name &
> password when I enter an LDAP protected realm:
> >
> > <Directory /Library/Webserver/Documents/ldapProtected>
> >   AuthType Basic
> >   AuthBasicProvider ldap
> >   AuthName "Testing LDAP"
> >   AuthLDAPBindDN "CN=cn_name,OU=ou_account,DC=ad,DC=uds,DC=yu,DC=edu"
> >   AuthLDAPBindPassword "pwrd"
> >   AuthLDAPURL "ldap://ldap.address:389/DC=ad,DC=uds,DC=yu,DC=edu"
> >   Require ldap-user jones
> > </Directory>
> >
> > However, I do get the authentication dialog with a user file:
> >
> >  <Directory "/Library/WebServer/Documents/fileProtected">
> >     AuthType Basic
> >     AuthName "New Test Auth Required"
> >     AuthUserFile "/etc/htpasswd/.htpasswd"
> >     Require valid-user
> >     Options Indexes FollowSymLinks MultiViews
> >     AllowOverride AuthConfig
> >     Order allow,deny
> >     Allow from all
> >   </Directory>
> >
> > When I navigate to the LDAP protected directory I get into the directory
> without the authentication dialog.
> > When I navigate to the file protected directory I'm challenged with the
> authentication window.
> >
> > I built the following with the usual ./configure, make, sudo make
> install [no errors]:
> >
> > [apr 1.4.8]  ./configure --prefix=/usr/local/apr
> >
> > [apr-util 1.5.2]  ./configure --prefix=/usr/local/apr-util
> --with-apr=/usr/local/apr --with-ldap  --with-mysql=/usr/local/mysql
>  --with-ldap-lib=/usr/local/openldap/lib
> --with-ldap-include=/usr/local/openldap/include/
> >
> > [apache 2.4.6]  ./configure --enable-layout=MacMini
> --enable-modules=most --with-ssl=/usr --with-mpm-prefork --enable-ssl
> --enable-so --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util
> --enable-authnz-ldap --enable-ldap --with-ldap
> >
> > I've set the apache LogLevel to debug and LDAPLibraryDebug to 7 but they
> have not revealed anything useful other than the following when I access
> the LDAP realms without being challenged:
> >
> > mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626:
> authorization result of Require all granted: granted
> >
> > [Tue Aug 13 18:22:55.544690 2013] [authz_core:debug] [pid 60859:tid
> 4447301632] mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626:
> authorization result of <RequireAny>: granted
> >
> >
> > So how would I begin to trouble shoot this puzzle?
> > [OS X 10.8.4; 2.7GHz Intel Core i7; 16GB; mac mini desktop]
> >
>
> Start by confirming your ldap account is working outside apache using
> ldapsearch or ldapbind lets say. Have you done that? Have you confirmed the
> ldap connection works at all?
>
> > Thanks,
> > -bill
>
>
>  Thanks for the tip. I solved the problem by using Apache Directory
> Studio which indicated that I was using a bad AuthLDAPBindDN.
>
>  Regards,
> -bill
>
>


-- 
Ezra Taylor