RE: [users@httpd] LDAP Authorization with Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

With the exception of changing the user, domain name and password, this
was cut from a working ldap congfiguration.  Note the
validlogin@xxxxxxxxxxxxxxx  I could never get the full DN to work
properly.  This works like a charm.

Also, I use forestdnszones as the ldap server as it will pickup any
domain controller on the local site.  There are 14 in total.  If one
goes down it will just bind to the next.

<Location /securedir>
    AuthLDAPAuthoritative on
    AuthLDAPEnabled on

    AuthName "My Secure Access"
    AuthType Basic
    AuthLDAPBindDN  validlogin@xxxxxxxxxxxxxx
    AuthLDAPBindPassword somepassword
    AuthLDAPUrl
ldap://forestdnszones.yourdomain.com:389/ou=Users,dc=yourdomain,dc=com?s
amAccountName?sub?(objectClass=*)
    require valid-user

</Location>

> -----Original Message-----
> From: Jeremy Weiland [mailto:jweiland@xxxxxxxxxxxxxxxx]
> Sent: Thursday, July 14, 2005 9:50 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: [users@httpd] LDAP Authorization with Active Directory
> 
> Hi,
> 
> I'm trying to get Apache 2 to authenticate users with mod_auth_ldap
based
> on
> Active Directory settings.  I've got an LDAP browser on my computer
and
> can
> connect to the Win2k3 server perfectly, but for some reason when I
> authenticate over the website it brings Apache down with an error in
> wldap32.dll.  I have NO idea what's going on - any clue?
> 
> Say the word and I'll provide more details.  Here's my directory
settings
> in
> httpd.conf:
> 
> <Directory />
>       Options All ExecCGI -Indexes
>       Order allow,deny
>       Allow from all
> 
>       AuthLDAPAuthoritative on
> 
>       AuthType Basic
> 
>       AuthName "Restricted Area"
> 
>       AuthLDAPBindDN cn=Administrator,cn=Users,dc=alterthought,dc=com
> 
>       AuthLDAPBindPassword xxxxxx
> 
> 	#tried the both the string below and the one below that
>       # AuthLDAPURL
>
ldap://vulcan:389/cn=Users,dc=alterthought,dc=com?sAMAccountName?sub?(ob
je
> ct
> Class=*)
>       AuthLDAPURL
>
ldap://vulcan:389/cn=Users,dc=alterthought,dc=com?sAMAccountName?sub?(ob
je
> ct
> Class=User)
> 
>   require valid-user
> </Directory>
> 
> Thanks - I'm kind of a newbie to Apache but I just got thrown into
this,
> and
> I've been scouring the web like crazy for tips.  Posting here is a
last
> resort, and I do appreciate the help.
> ______________________________
> 
> Jeremy Weiland
> Systems Engineer
> 
> ALTERthought
> 4449 Cox Road
> Glen Allen, VA 23060
> 
> www.alterthought.com
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux