[no subject]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Folks,

I am trying to integrate httpd with LDAP (Active Directory) but I am running into some trouble: Every time I try to login, here is what I see:

Tue Jul 05 09:23:50.471191 2016] [ssl:info] [pid 35839:tid 139644016523008] [client 10.204.1.1:51637] AH01964: Connection to child 66 established (server apachehost.my.com:443)
[Tue Jul 05 09:23:50.471383 2016] [ssl:debug] [pid 35839:tid 139644016523008] ssl_engine_kernel.c(2101): [client 10.204.1.1:51637] AH02043: SSL virtual host for servername apachehost.my.com found
[Tue Jul 05 09:23:50.487945 2016] [ssl:debug] [pid 35839:tid 139644016523008] ssl_engine_kernel.c(2028): [client 10.204.1.1:51637] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Tue Jul 05 09:23:50.488842 2016] [ssl:debug] [pid 35839:tid 139644016523008] ssl_engine_kernel.c(366): [client 10.204.1.1:51637] AH02034: Initial (No.1) HTTPS request received for child 66 (server apachehost.my.com:443)
[Tue Jul 05 09:23:50.488887 2016] [authz_core:debug] [pid 35839:tid 139644016523008] mod_authz_core.c(809): [client 10.204.1.1:51637] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Tue Jul 05 09:23:50.488899 2016] [authz_core:debug] [pid 35839:tid 139644016523008] mod_authz_core.c(809): [client 10.204.1.1:51637] AH01626: authorization result of Require ldap-group "CN=Architecture Team,OU=Groups,OU=Core,DC=my,DC=com": denied (no authenticated user yet)
[Tue Jul 05 09:23:50.488903 2016] [authz_core:debug] [pid 35839:tid 139644016523008] mod_authz_core.c(809): [client 10.204.1.1:51637] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Tue Jul 05 09:23:50.488925 2016] [authnz_ldap:debug] [pid 35839:tid 139644016523008] mod_authnz_ldap.c(516): [client 10.204.1.1:51637] AH01691: auth_ldap authenticate: using URL ldaps://my.com:636/DC=my,DC=com?sAMAccountNamei?sub?(objectclass=user)
[Tue Jul 05 09:23:50.546246 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1790): AH00925: initializing worker http://appserver.my.com:8500/ shared
[Tue Jul 05 09:23:50.546308 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1832): AH00927: initializing worker http://appserver.my.com:8500/ local
[Tue Jul 05 09:23:50.546358 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1867): AH00930: initialized pool in child 53629 for (appserver.my.com) min=0 max=25 smax=25
[Tue Jul 05 09:23:50.546381 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1790): AH00925: initializing worker proxy:reverse shared
[Tue Jul 05 09:23:50.546384 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1832): AH00927: initializing worker proxy:reverse local
[Tue Jul 05 09:23:50.546396 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1867): AH00930: initialized pool in child 53629 for (*) min=0 max=25 smax=25
[Tue Jul 05 09:23:50.546415 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1785): AH00924: worker http://appserver.my.com:8500/ shared already initialized
[Tue Jul 05 09:23:50.546425 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1827): AH00926: worker http://appserver.my.com:8500/ local already initialized
[Tue Jul 05 09:23:50.546624 2016] [mpm_event:debug] [pid 53629:tid 139644108920576] event.c(2096): AH02471: start_threads: Using epoll
[Tue Jul 05 09:23:50.587187 2016] [authnz_ldap:info] [pid 35839:tid 139644016523008] [client 10.204.1.1:51637] AH01695: auth_ldap authenticate: user testuser authentication failed; URI /ui [User not found][No such object]
[Tue Jul 05 09:23:50.587224 2016] [auth_basic:error] [pid 35839:tid 139644016523008] [client 10.204.1.1:51637] AH01618: user testuser not found: /ui
[Tue Jul 05 09:23:55.577658 2016] [ssl:debug] [pid 35839:tid 139643823490816] ssl_engine_io.c(1033): [remote 10.204.1.1:51637] AH02001: Connection closed to child 66 with standard shutdown (server apachehost.my.com:443)


And here is the configuration snippet from httpd.conf:

LDAPTrustedGlobalCert  CA_BASE64 /usr/local/apache2/conf/certs/ldapCert.pem
LDAPVerifyServerCert Off

<Location />
        AuthType Basic
        AuthLDAPBindDN "CN=ldap,OU=acct,DC=my,DC=com"
        AuthLDAPBindPassword ******
        AuthBasicProvider ldap
        AuthName "LDAP - login"
        Require valid-user
        Require ldap-group "CN=Architecture Team,OU=Groups,OU=Core,DC=my,DC=com"
        AuthLDAPRemoteUserAttribute uid
#RewriteEngine On
#RewriteCond %{LA-U:REMOTE_USER} (.+)
#RewriteRule .* - [E=RU:%1]
#RequestHeader set REMOTE_USER %{RU}e
</Location>

Any clues on what I am missing or how to go about debugging this issue?

Thanks in advance!


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux