I'm trying to do basic authentication via LDAP to Active Directory. HTTPD logs this: [Mon Nov 25 16:02:47.362939 2024] [authnz_ldap:debug] [pid 6205:tid 6205] mod_authnz_ldap.c(548): [client 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01691: auth_ldap authenticate: using URL ldap://ads.iu.edu/ou=Accounts,DC=ads,DC=iu,DC=edu?CN?one [Mon Nov 25 16:02:47.381431 2024] [authnz_ldap:debug] [pid 6205:tid 6205] mod_authnz_ldap.c(569): [client 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01694: auth_ldap authenticate: user mwood authentication failed; URI /nagios/ [LDAP: ldap_start_tls_s() failed][Connect error] (not authoritative) [Mon Nov 25 16:02:47.381449 2024] [auth_basic:error] [pid 6205:tid 6205] [client 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01618: user mwood not found: /nagios/ I don't know what it doesn't like about the connection. The server's certificate checks out. I've got LDAPTrustedGlobalCert set: More configuration: LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/ca-certificates.crt AuthType basic AuthBasicProvider ldap AuthName "ADS" AuthLDAPURL "ldap://ads.iu.edu/ou=Accounts,DC=ads,DC=iu,DC=edu?CN?one" STARTTLS AuthLDAPBindDN "CN={omitted},OU=Accounts,DC=ads,DC=iu,DC=edu" AuthLDAPBindPassword "{omitted}" AuthLDAPBindAuthoritative Off AuthLDAPGroupAttribute member AuthLDAPRemoteUserAttribute CN <RequireAll> Require ldap-group CN=IN-ULib-Admins,OU=IN-ADMINS,OU=IN,DC=ads,DC=iu,DC=edu <RequireAny> {a list of "Require ip"s} </RequireAny> </RequireAll> What have I missed? -- Mark H. Wood Lead Technology Analyst University Library Indiana University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 library.indianapolis.iu.edu
Attachment:
signature.asc
Description: PGP signature