Eric, I have no real answer but I am seeing the same thing with Apache 2.0.50, using the LDAP module to hook into a Lotus Notes LDAP service that requires Bind DN/password details. I use AuthLDAP all the time for our software, which is bundled with an LDAP that does not require Bind credentials with no problems. My problem comes from trying to hook an existing Lotus Notes LDAP into this system which does need bind credentials. Turning on debug logging in httpd.conf I see that errors are coming from the Microsoft LDAP SDK that the AuthLDAP module has been compiled against in our instance. I tried the Apache 1.3.x that our software used to bundle, where the AuthLDAP was pre-compiled with the old Netscape LDAP SDK libraries, and it works fine, so from what I am seeing and what you have reported I'm wondering if there is some issue / tweak required to get Apache 2's AuthLDAP module going againt LDAPs needing bind credentials. I understand there were a number of changes to AuthLDAP from Apache 1.3 to Apache 2. Has anyone had any success in this area? The only other thing I can think of in your case Eric is that doesn't AD server use different objectclasses in it's schema to store users than standard? Maybe these don't inherit the inetOrgPerson (or similar) standard object class? Could be way off the mark here though... Roy -----Original Message----- From: Eric Ladner [mailto:eric.ladner@xxxxxxxxx] Sent: 02 March 2005 20:53 To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] LDAP auth problems. I have an apache 2.0.52 server set up and I'm trying to get LDAP authentication working with a Win2K AD server. <Directory /opt/apache/htdocs/test_auth> #SetHandler ldap-status Order allow,deny Allow from all AuthLDAPEnabled on AuthLDAPAuthoritative on AuthName "Password Access" AuthLDAPBindDN cn=svc-loc-unix,OU=Services00,OU=Services,OU=LOCATION,OU=North%20America ,OU=Somewhere,dc=DOMAIN,dc=somewhere,dc=net AuthLDAPBindPassword mypassword AuthLDAPUrl ldap://server.somewhere.net/OU=LOCATION,OU=North%20America,OU=Somewhere, DC=DOMAIN,DC=somewhere,DC=net?cn?sub ) AuthType Basic require valid-user </Directory> All I'm getting back in the erorr log when I try an authentication is this: [Wed Mar 02 14:49:10 2005] [error] [client 10.0.0.5] user eric not found: /test_auth (of course, the names have been changed to protect the innocent). Anybody have any ideas? I've tried all kinds of different URL's on the AuthLDAPUrl line, too. -- Eric Ladner --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|