Re: SECOND REQUEST: mod_authnz_ldap.so module

["Dmitri Colebatch" <dim@xxxxxxxxxxxxx>]

Hi Zac,

Not sure if you're still looking for this (I'm playing catch-up), but
this config snippet might provide something to compare against:

   AuthType Basic
   AuthName "LDAP Authentication"
   AuthLDAPUrl ldap://ldap/o=users?cn?sub?(objectclass=Person)
   AuthLDAPBindDN cn=readonly,o=admin
   AuthLDAPBindPassword nottelling
   require group cn=development_team,o=groups

We used AuthLDAPUrl where you have AuthLDAPURL, see if changing that
fixes your problem.

cheers,
dim


On 3/17/07, Zac Morris <zac@xxxxxxxxxxx> wrote:
> Hi,
>
> I need some help.  I've tried Goggle and some forums with no luck on this
> one...
>
> I've setup a win32 Apache 2.2.4 server, with the mod_authnz_ldap module.
> When I access a protected url I'm getting an Error 500 and the error.log
> shows:
>
> [Tue Mar 13 16:26:06 2007] [warn] [client 127.0.0.1] [5496] auth_ldap
> authenticate: user devuser authentication failed; URI
> /servframe/images/edit.gif [ldap_search_ext_s() for user failed][Protocol
> Error]
>
> I'm pointing at an OpenLDAP-2.2.23 repository (running on a different server
> on the same subnet).
>
>
> I've configured Tomcat in a similar way (pointing to the same ldap
> repository via the:
>     <Realm
> className="org.apache.catalina.realm.JNDIRealm" debug="99"
>                  connectionURL="ldap://192.168.1.2/";
>                  userBase="ou=people,o={domain here}"
>                  userSearch="(uid={0})"
>       />
>
> ...which is working just fine.
>
>
> From what few hints I'm finding online, it seems that the "protocol error"
> can be seen depending on which LDAP SDKS were used during the build of
> mod_authnz_ldap?  I've tried a couple different version of this library from
> various sources all with no luck, and I don't have the setup necessary to
> compile it on my own.
>
> Is ANYONE familiar with this problem, and is there a simple way to fix it?
>
> THANKS!
> -Zac
>
>
> P.S.  The relevant portion of httpd.conf
>
> <IfModule authnz_ldap_module>
>     LDAPSharedCacheSize 200000
>     LDAPCacheEntries 1024
>     LDAPCacheTTL 600
>     LDAPOpCacheEntries 1024
>     LDAPOpCacheTTL 600
> </IfModule>
> Alias /servframe "R:\servframe"
> <Directory "R:\servframe">
>      AllowOverride All
>      order allow,deny
>      allow from all
>      AuthName "servframe"
>      AuthType Basic
>      AuthBasicProvider ldap
>      AuthLDAPURL ldap://192.168.1.2:389/ou=people,o={domain
>  here}?uid?sub?(objectClass=*)
>      AuthzLDAPAuthoritative off
>      require valid-user
> </Directory>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx