Re: Apache 2.4 fails to call LDAP auth modules [solved]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

All:

            I have the same issue.  We upgraded to Apache 2.4 from 2.2 and now Apache is not even connecting to our LDAP server.  Our config is below.  Your assistance is greatly appreciated.  Is there a way to trace Apache attempting to connect to our LDAP server?  Thanks.

AuthType Basic
AuthName "Blue in the face Login"
AuthBasicProvider ldap
AuthLDAPURL ldap://blue.intheface.com:389/ou=People,dc=intheface,dc=com?uid
AuthLDAPBindDN "cn=admin,dc=intheface,dc=com"
AuthLDAPBindPassword *&^%$    
Require valid-user






On Thu, Aug 22, 2013 at 3:36 PM, William Paredes <bill.paredes@xxxxxxxxxxxxxxx> wrote:
From: Igor Cicimov [icicimov@xxxxxxxxx]
Sent: Saturday, August 17, 2013 9:14 AM
To: users
Subject: Re: Apache 2.4 fails to call LDAP auth modules


On 16/08/2013 3:10 AM, "William Paredes" <bill.paredes@xxxxxxxxxxxxxxx> wrote:
>
> Greetings!
> It's been a few days that I'm struggling with this one:
>
> I don't get the authentication dialog window prompting for a user name & password when I enter an LDAP protected realm:
>
> <Directory /Library/Webserver/Documents/ldapProtected>
>   AuthType Basic
>   AuthBasicProvider ldap
>   AuthName "Testing LDAP"
>   AuthLDAPBindDN "CN=cn_name,OU=ou_account,DC=ad,DC=uds,DC=yu,DC=edu"
>   AuthLDAPBindPassword "pwrd"
>   AuthLDAPURL "ldap://ldap.address:389/DC=ad,DC=uds,DC=yu,DC=edu"
>   Require ldap-user jones
> </Directory>
>
> However, I do get the authentication dialog with a user file:
>
>  <Directory "/Library/WebServer/Documents/fileProtected">
>     AuthType Basic
>     AuthName "New Test Auth Required"
>     AuthUserFile "/etc/htpasswd/.htpasswd"
>     Require valid-user
>     Options Indexes FollowSymLinks MultiViews
>     AllowOverride AuthConfig
>     Order allow,deny
>     Allow from all
>   </Directory>
>
> When I navigate to the LDAP protected directory I get into the directory without the authentication dialog.
> When I navigate to the file protected directory I'm challenged with the authentication window.
>
> I built the following with the usual ./configure, make, sudo make install [no errors]:
>
> [apr 1.4.8]  ./configure --prefix=/usr/local/apr
>
> [apr-util 1.5.2]  ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap  --with-mysql=/usr/local/mysql  --with-ldap-lib=/usr/local/openldap/lib --with-ldap-include=/usr/local/openldap/include/
>
> [apache 2.4.6]  ./configure --enable-layout=MacMini --enable-modules=most --with-ssl=/usr --with-mpm-prefork --enable-ssl --enable-so --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-authnz-ldap --enable-ldap --with-ldap
>
> I've set the apache LogLevel to debug and LDAPLibraryDebug to 7 but they have not revealed anything useful other than the following when I access the LDAP realms without being challenged:
>
> mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626: authorization result of Require all granted: granted
>
> [Tue Aug 13 18:22:55.544690 2013] [authz_core:debug] [pid 60859:tid 4447301632] mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626: authorization result of <RequireAny>: granted
>
>
> So how would I begin to trouble shoot this puzzle?
> [OS X 10.8.4; 2.7GHz Intel Core i7; 16GB; mac mini desktop]
>

Start by confirming your ldap account is working outside apache using ldapsearch or ldapbind lets say. Have you done that? Have you confirmed the ldap connection works at all?

> Thanks,
> -bill


Thanks for the tip. I solved the problem by using Apache Directory Studio which indicated that I was using a bad AuthLDAPBindDN.


Regards,
-bill




--
Ezra Taylor
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux