Re: [users@httpd] Re: authentication problem with apache2 + ldap + active directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

perfect! it worked (2.0.55, 2.2.2 with bundled SUN LDAP SDK,
OpenLDAP). thank you so much for the tip!

the network trace looks exactly the way it should (no reference record
returned by AD).

reading up on global catalog does not make it obvious that i should
have used it, especially since other apps that rely on AD
authentication work fine against port 389, ignoring the references
(and we only have one domain).

just for the reference, this is my working 2.0.55 config:

-------------
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so

<IfModule mod_auth_ldap.c>
   <Location /test>
       AuthType Basic
       AuthName "LDAP test"
       AuthLDAPURL
ldap://ad.host.name.com:3268/DC=ABC,DC=DEF,DC=com?sAMAccountName
       AuthLDAPBindDN "CN=LDAPBindUsername,OU=Generic IDs,DC=ABC,DC=DEF,DC=com"
       AuthLDAPBindPassword BindUserPassword
       Require valid-user
   </Location>
</IfModule>
-------------


and 2.2.2:

-------------
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

<IfModule mod_authnz_ldap.c>
   <Location /test>
       AuthType Basic
       AuthName "LDAP test"
       AuthBasicProvider ldap
       AuthLDAPURL
ldap://ad.host.name.com:3268/DC=ABC,DC=DEF,DC=com?sAMAccountName
       AuthLDAPBindDN "CN=LDAPBindUsername,OU=Generic IDs,DC=ABC,DC=DEF,DC=com"
       AuthLDAPBindPassword BindUserPassword
       AuthzLDAPAuthoritative Off
       Require valid-user
   </Location>
</IfModule>
-------------

thanks again!

it works On 6/19/06, Fenlason, Josh <jfenlason@xxxxxxx> wrote:

Try using port 3268 (or port 3269 for ldaps).  It's some stupid thing
with AD global catalog or something like that.  I can't remember all the
details, but I think that should solve your problem.
,
Josh.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux