Is ldapsearch working from the same server? There can be lots of issues with ssl and auth sff. > I'm trying to do basic authentication via LDAP to Active Directory. > HTTPD logs this: > > [Mon Nov 25 16:02:47.362939 2024] [authnz_ldap:debug] [pid 6205:tid > 6205] mod_authnz_ldap.c(548): [client > 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01691: auth_ldap > authenticate: using URL > ldap://ads.iu.edu/ou=Accounts,DC=ads,DC=iu,DC=edu?CN?one > [Mon Nov 25 16:02:47.381431 2024] [authnz_ldap:debug] [pid 6205:tid > 6205] mod_authnz_ldap.c(569): [client > 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01694: auth_ldap > authenticate: user mwood authentication failed; URI /nagios/ [LDAP: > ldap_start_tls_s() failed][Connect error] (not authoritative) > [Mon Nov 25 16:02:47.381449 2024] [auth_basic:error] [pid 6205:tid 6205] > [client 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01618: user mwood > not found: /nagios/ > > I don't know what it doesn't like about the connection. The server's > certificate checks out. I've got LDAPTrustedGlobalCert set: > > More configuration: > > LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/ca-certificates.crt > > AuthType basic > AuthBasicProvider ldap > AuthName "ADS" > > AuthLDAPURL "ldap://ads.iu.edu/ou=Accounts,DC=ads,DC=iu,DC=edu?CN?one" > STARTTLS > AuthLDAPBindDN "CN={omitted},OU=Accounts,DC=ads,DC=iu,DC=edu" > AuthLDAPBindPassword "{omitted}" > AuthLDAPBindAuthoritative Off > AuthLDAPGroupAttribute member > AuthLDAPRemoteUserAttribute CN > > <RequireAll> > Require ldap-group CN=IN-ULib-Admins,OU=IN- > ADMINS,OU=IN,DC=ads,DC=iu,DC=edu > <RequireAny> > {a list of "Require ip"s} > </RequireAny> > </RequireAll> > > What have I missed? > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx