These are the modules: LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule ldap_module modules/util_ldap.so They are coming with the distribution of Apache 2.0.59 The anonymous bind works as well. How can I check the URL from command line? I will check now the link. Thank you, Iulian. -----Original Message----- From: Tony Stevenson [mailto:tony@xxxxxxxxxxx] Sent: Monday, June 18, 2007 5:40 PM To: Radulescu Iulian Subject: RE: RE: Apache 2.0.59 authnetication in OpenLdap On Mon, June 18, 2007 3:29 pm, Radulescu Iulian wrote: > Also, please note that the same configuration (just the server and the > port I changed), connecting to a Netscape Directory Server works like a > charm. :) > > I am using the modules which comes with apache 2.0.59 for LDAP. > > Ok, you have to tell Apache to bind to OpenLDAP using specific credentials, unless you allow anonymous binding to your LDAP Directory. Can you please state which modules you have loaded exactly as well. Have you read that link I gave you last time? It shows how to setup basic LDAP authentication, which would work fine in your scenario. Also, triple check your LDAP Auth URL, is that correct? Is that the same if you test from the command line of your server? Iulian, as as aside note please do not CC me directly on these emails as I will get two copies of them, and that is just plain annoying :) -- Tony > Thank you, > Iulian. > > > -----Original Message----- > From: Radulescu Iulian [mailto:Iulian.Radulescu@xxxxxxxxxxxxxxxxxx] > Sent: Monday, June 18, 2007 5:26 PM > To: users@xxxxxxxxxxxxxxxx; tony@xxxxxxxxxxx > Subject: RE: RE: Apache 2.0.59 authnetication in OpenLdap > > > Here it is: > > > <VirtualHost *:1571> > > > ErrorLog logs/host-1571-error.log > CustomLog logs/host-1571-access.log common > > > LogLevel debug > > > > <Location /> > Order Deny,Allow > Deny from all > Allow from 127 172 > > > AuthType Basic > AuthName "CONF" > > > AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)" > require valid-user > > </Location> > </VirtualHost> > > > -----Original Message----- > From: Tony Stevenson [mailto:tony@xxxxxxxxxxx] > Sent: Monday, June 18, 2007 5:24 PM > To: users@xxxxxxxxxxxxxxxx > Subject: Re: RE: Apache 2.0.59 authnetication in OpenLdap > > > Radulescu Iulian wrote: > >> Hello, >> > > ... > > >> >> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap >> authenticate: user fidesAdmin authentication failed; URI >> /servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol >> Error]/ >> >> >> / / >> >> >> I checked the ldap logs, and it seems the request does not reach the >> server. The machine is visible, I try to connect using LdapBrowser and > I > >> succedded it. Any ideas? >> >> >> >> Here is the configuration: >> >> >> >> >> AuthType Basic >> >> >> AuthName "CONF" >> >> >> >> >> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)" >> >> >> require valid-user >> >> >> > > Lulian, we would really need to see more of your Apache confiugration > that these few lines. Can you paste your entire vhost configuration, and > all related <directory> and <location> blocks that may apply? > > I am guessing you may not have configured Apache correctly, but would > like to see more of your config before suggesting any definitive answers. > Though you can read this page to get some ideas for yourself: > > > http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder > > > > -- > Tony > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|