RE: LDAP connection failure: what does "not authoritative" mean?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is ldapsearch working from the same server? There can be lots of issues with ssl and auth sff. 

> I'm trying to do basic authentication via LDAP to Active Directory.
> HTTPD logs this:
> 
> [Mon Nov 25 16:02:47.362939 2024] [authnz_ldap:debug] [pid 6205:tid
> 6205] mod_authnz_ldap.c(548): [client
> 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01691: auth_ldap
> authenticate: using URL
> ldap://ads.iu.edu/ou=Accounts,DC=ads,DC=iu,DC=edu?CN?one
> [Mon Nov 25 16:02:47.381431 2024] [authnz_ldap:debug] [pid 6205:tid
> 6205] mod_authnz_ldap.c(569): [client
> 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01694: auth_ldap
> authenticate: user mwood authentication failed; URI /nagios/ [LDAP:
> ldap_start_tls_s() failed][Connect error] (not authoritative)
> [Mon Nov 25 16:02:47.381449 2024] [auth_basic:error] [pid 6205:tid 6205]
> [client 2600:381:cb60:bf0:c6bb:b64d:24e:24da:46526] AH01618: user mwood
> not found: /nagios/
> 
> I don't know what it doesn't like about the connection.  The server's
> certificate checks out.  I've got LDAPTrustedGlobalCert set:
> 
> More configuration:
> 
>   LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/ca-certificates.crt
> 
>   AuthType basic
>   AuthBasicProvider ldap
>   AuthName "ADS"
> 
>   AuthLDAPURL "ldap://ads.iu.edu/ou=Accounts,DC=ads,DC=iu,DC=edu?CN?one";
> STARTTLS
>   AuthLDAPBindDN "CN={omitted},OU=Accounts,DC=ads,DC=iu,DC=edu"
>   AuthLDAPBindPassword "{omitted}"
>   AuthLDAPBindAuthoritative Off
>   AuthLDAPGroupAttribute  member
>   AuthLDAPRemoteUserAttribute CN
> 
>   <RequireAll>
>     Require ldap-group CN=IN-ULib-Admins,OU=IN-
> ADMINS,OU=IN,DC=ads,DC=iu,DC=edu
>     <RequireAny>
>       {a list of "Require ip"s}
>     </RequireAny>
>   </RequireAll>
> 
> What have I missed?
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux