[users@httpd] mod_authnz_ldap authentication of users stored in multiple OU's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] mod_authnz_ldap authentication of users stored in multiple OU's
From: Disorder <disorderr@xxxxxxxxx>
Date: Thu, 7 Sep 2006 14:24:39 +0200
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

Hi

Im currently running Apache 2.2 and have loaded Mod_authnz_ldap module to authenticate users against a microsoft active directory. I can succesfully bind to the LDAP server and authenticate a user as long as i specify a specific OU i.e if my AuthLDAPURL directive says

   AuthLDAPURL ldap://ms-m-dc:389/OU=Region1,DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)

But if i try

   AuthLDAPURL ldap://ms-m-dc:389/DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)

and search from the root i cant authenticate users and get the following error:

[Thu Sep 07 14:14:33 2006] [warn] [client 10.0.8.254] [480] auth_ldap authenticate: user testuser authentication failed; URI /bin/configure [ldap_search_ext_s() for user failed][Operations Error]
[Thu Sep 07 14:14:53 2006] [warn] [client 10.4.126.7] [480] auth_ldap authenticate: user testuser authentication failed; URI /bin/view/web [ldap_search_ext_s() for user failed][Operations Error]

Is this an issue with MS implementation of LDAP and the way it returns the results to Apache? or is it Apache? Or am i missing some config? I have read up on the mod and havent found any directives that can assist with this. I have also included a copy of my config related to Ldap Below.

The issue is we do not have all our users stored in the same OU, users are split according to region. Is there any way to add Multiple AuthLDAPURL directives? i have tried adding more but it just treats the last directive as the correct one and ignores anything prior to that. Are there any work arounds to make this work? Your help would be appreciated.

---Config---
AuthBasicProvider ldap

AuthzLDAPAuthoritative off

AuthType Basic

AuthName "Please Enter Your Network Username/Password"

AuthLDAPBindDN "CN=Your Name,OU=Users,OU=People,OU=Region1,DC=ZA,DC=Company,DC=net"

AuthLDAPBindPassword mypass

AuthLDAPURL ldap://ms-m-dc:389/OU=Region1,DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)

AuthLDAPGroupAttribute department

AuthLDAPGroupAttributeIsDN off

#   AuthLDAPRemoteUserIsDN on

require valid-user
---end---

Thanks

Prev by Date: Re: [users@httpd] Proxy Problem
Next by Date: Re: FW: [users@httpd] use the apache as a proxy server with caching
Previous by thread: [users@httpd] link to ab with ssl support
Next by thread: [users@httpd] No virt hosts but need suexec for directories
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]