[users@httpd] LDAP Authentication Failure Gives 500 Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Apache 2.2.2 on Windows
I only want to authenticate using LDAP. I have configured the server and
it properly
authenticates using LDAP. Configuration of the directory and the list of
all installed
modules is below. The issue comes when the user does not enter the
proper credentials.
Not differentiating between a 500 error and a 401 error causes lots of
spurious support
requests. Characteristics:

* If you just hit enter without typing username or password you get the
default 500 error
* If you type a name not in the ldap directory you either get asked for 
  credentials again or you get a 401 error after 3 tries, this is
correct.
* If you type a valid username but no password you get a 500 error from
the 
  special error 500 response file defined in the application.
* If you type a valid username with a bad password you get the default
500 error.

All of the FAQ talk about ldap against Apache 1.3, which is very
different. 
It appears to me that mod_authnz_ldap (which cannot be authoritative) is
cool,
but mod_authz_user, which is supposed to be authoritative, is not,
allowing the 
Authentication request to pass down the chain to the next, nonexistent 
authentication provider, which fails. 

I tried including file authentication, providing a file with one user
created with
htpassword, no difference in operation.

Thanks in advance for any help.
Bill

------------------------------------------
Configuration
=============
<Directory "d:/data/plandb/public">
    Options MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthBasicProvider ldap
    #AuthUserFile "d:/data/passwords"
    AuthName "Motorola OneIT"
    AuthzLDAPAuthoritative off
    AuthzUserAuthoritative on
    AuthBasicAuthoritative On
    AuthLDAPURL
ldap://ids.mot.com:389/ou=People,ou=Intranet,dc=Motorola,dc=com?motguid?
sub?(objectClass=*)
    require valid-user 
</Directory>
------------------------------------------
Errors in error log
===================
[Thu May 18 14:41:53 2006] [warn] [client 127.0.0.1] [412] auth_ldap
authenticate: user  authentication failed; URI /plandb/pdb_tasks/list
[ldap_search_ext_s() for user failed][Filter Error]
[Thu May 18 16:00:54 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user  authentication failed; URI /plandb/pdb_tasks/list
[LDAP: ldap_simple_bind_s() failed][Unavailable]
[Thu May 18 16:01:41 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user harry authentication failed; URI
/plandb/pdb_tasks/list [User not found][No Such Object]
[Thu May 18 16:01:41 2006] [error] [client 10.5.36.71] user harry not
found: /plandb/pdb_tasks/list
[Thu May 18 16:01:42 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user harry authentication failed; URI
/plandb/pdb_tasks/list [User not found][No Such Object]
[Thu May 18 16:01:42 2006] [error] [client 10.5.36.71] user harry not
found: /plandb/pdb_tasks/list
[Thu May 18 16:01:45 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user richard authentication failed; URI
/plandb/pdb_tasks/list [User not found][No Such Object]
[Thu May 18 16:01:45 2006] [error] [client 10.5.36.71] user richard not
found: /plandb/pdb_tasks/list
[Thu May 18 16:02:52 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user richard authentication failed; URI
/plandb/pdb_tasks/list [User not found][No Such Object]
[Thu May 18 16:02:52 2006] [error] [client 10.5.36.71] user richard not
found: /plandb/pdb_tasks/list
[Thu May 18 16:02:56 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user cwt010 authentication failed; URI
/plandb/pdb_tasks/list [Empty password not allowed][Invalid Credentials]
[Thu May 18 16:03:49 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user cwt010 authentication failed; URI
/plandb/pdb_tasks/list [Empty password not allowed][Invalid Credentials]
[Thu May 18 16:04:06 2006] [warn] [client 10.5.36.71] [412] auth_ldap
authenticate: user cwt010 authentication failed; URI
/plandb/pdb_tasks/list [ldap_simple_bind_s() to check user credentials
failed][Invalid Credentials]
------------------------------------------
Modules
=======
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule ssl_module modules/mod_ssl.so

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux