[users@httpd] mod_authnz_ldap authentication of users stored in multiple OU's
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hi
Im currently running Apache 2.2 and have loaded Mod_authnz_ldap module to authenticate users against a microsoft active directory. I can succesfully bind to the LDAP server and authenticate a user as long as i specify a specific OU
i.e if my AuthLDAPURL directive says
AuthLDAPURL ldap://ms-m-dc:389/OU=Region1,DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)
But if i try
AuthLDAPURL ldap://ms-m-dc:389/DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)
and search from the root i cant authenticate users and get the following error:
[Thu Sep 07 14:14:33 2006] [warn] [client 10.0.8.254] [480] auth_ldap authenticate: user testuser authentication failed; URI /bin/configure [ldap_search_ext_s() for user failed][Operations Error]
[Thu Sep 07 14:14:53 2006] [warn] [client 10.4.126.7] [480] auth_ldap authenticate: user testuser authentication failed; URI /bin/view/web [ldap_search_ext_s() for user failed][Operations Error]
Is this an issue with MS implementation of LDAP and the way it returns the results to Apache? or is it Apache? Or am i missing some config? I have read up on the mod and havent found any directives that can assist with this. I have also included a copy of my config related to Ldap Below.
The issue is we do not have all our users stored in the same OU, users are split according to region. Is there any way to add Multiple AuthLDAPURL directives? i have tried adding more but it just treats the last directive as the correct one and ignores anything prior to that. Are there any work arounds to make this work? Your help would be appreciated.
---Config---
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthType Basic
AuthName "Please Enter Your Network Username/Password"
AuthLDAPBindDN "CN=Your Name,OU=Users,OU=People,OU=Region1,DC=ZA,DC=Company,DC=net"
AuthLDAPBindPassword mypass
AuthLDAPURL ldap://ms-m-dc:389/OU=Region1,DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)
AuthLDAPGroupAttribute department
AuthLDAPGroupAttributeIsDN off
# AuthLDAPRemoteUserIsDN on
require valid-user
---end---
Thanks
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]