Hi, can you try with the standard ldap port 389 ? something like this: AuthLDAPURL "ldap://server:389/o=root?uid?sub?(objectClass=*)" Regards, Hermann Maurer ->-----Original Message----- ->From: Radulescu Iulian [mailto:Iulian.Radulescu@xxxxxxxxxxxxxxxxxx] ->Sent: Monday, June 18, 2007 4:47 PM ->To: users@xxxxxxxxxxxxxxxx ->Subject: RE: RE: Apache 2.0.59 authnetication ->in OpenLdap -> ->These are the modules: -> ->LoadModule auth_ldap_module modules/mod_auth_ldap.so ->LoadModule ldap_module modules/util_ldap.so -> ->They are coming with the distribution of Apache 2.0.59 -> ->The anonymous bind works as well. ->How can I check the URL from command line? -> ->I will check now the link. -> ->Thank you, ->Iulian. -> ->-----Original Message----- ->From: Tony Stevenson [mailto:tony@xxxxxxxxxxx] ->Sent: Monday, June 18, 2007 5:40 PM ->To: Radulescu Iulian ->Subject: RE: RE: Apache 2.0.59 authnetication ->in OpenLdap -> ->On Mon, June 18, 2007 3:29 pm, Radulescu Iulian wrote: ->> Also, please note that the same configuration (just the ->server and the ->> port I changed), connecting to a Netscape Directory Server ->works like ->a ->> charm. :) ->> ->> I am using the modules which comes with apache 2.0.59 for LDAP. ->> ->> -> ->Ok, you have to tell Apache to bind to OpenLDAP using specific ->credentials, unless you allow anonymous binding to your LDAP ->Directory. -> ->Can you please state which modules you have loaded exactly as well. -> ->Have you read that link I gave you last time? It shows how to setup ->basic ->LDAP authentication, which would work fine in your scenario. -> ->Also, triple check your LDAP Auth URL, is that correct? Is ->that the same ->if you test from the command line of your server? -> -> -> ->Iulian, as as aside note please do not CC me directly on ->these emails as ->I ->will get two copies of them, and that is just plain annoying :) -> -> ->-- ->Tony -> ->> Thank you, ->> Iulian. ->> ->> ->> -----Original Message----- ->> From: Radulescu Iulian [mailto:Iulian.Radulescu@xxxxxxxxxxxxxxxxxx] ->> Sent: Monday, June 18, 2007 5:26 PM ->> To: users@xxxxxxxxxxxxxxxx; tony@xxxxxxxxxxx ->> Subject: RE: RE: Apache 2.0.59 authnetication in ->OpenLdap ->> ->> ->> Here it is: ->> ->> ->> <VirtualHost *:1571> ->> ->> ->> ErrorLog logs/host-1571-error.log ->> CustomLog logs/host-1571-access.log common ->> ->> ->> LogLevel debug ->> ->> ->> ->> <Location /> ->> Order Deny,Allow ->> Deny from all ->> Allow from 127 172 ->> ->> ->> AuthType Basic ->> AuthName "CONF" ->> ->> ->> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)" ->> require valid-user ->> ->> </Location> ->> </VirtualHost> ->> ->> ->> -----Original Message----- ->> From: Tony Stevenson [mailto:tony@xxxxxxxxxxx] ->> Sent: Monday, June 18, 2007 5:24 PM ->> To: users@xxxxxxxxxxxxxxxx ->> Subject: Re: RE: Apache 2.0.59 authnetication in ->OpenLdap ->> ->> ->> Radulescu Iulian wrote: ->> ->>> Hello, ->>> ->> ->> ... ->> ->> ->>> ->>> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] ->[796] auth_ldap ->>> authenticate: user fidesAdmin authentication failed; URI ->>> /servlet/HtmlUiServlet [ldap_search_ext_s() for user ->failed][Protocol ->>> Error]/ ->>> ->>> ->>> / / ->>> ->>> ->>> I checked the ldap logs, and it seems the request does not ->reach the ->>> server. The machine is visible, I try to connect using LdapBrowser ->and ->> I ->> ->>> succedded it. Any ideas? ->>> ->>> ->>> ->>> Here is the configuration: ->>> ->>> ->>> ->>> ->>> AuthType Basic ->>> ->>> ->>> AuthName "CONF" ->>> ->>> ->>> ->>> ->>> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)" ->>> ->>> ->>> require valid-user ->>> ->>> ->>> ->> ->> Lulian, we would really need to see more of your Apache ->confiugration ->> that these few lines. Can you paste your entire vhost configuration, ->and ->> all related <directory> and <location> blocks that may apply? ->> ->> I am guessing you may not have configured Apache correctly, ->but would ->> like to see more of your config before suggesting any definitive ->answers. ->> Though you can read this page to get some ideas for yourself: ->> ->> ->> http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder ->> ->> ->> ->> -- ->> Tony ->> ->> ->> ->> ->--------------------------------------------------------------------- ->> The official User-To-User support forum of the Apache HTTP Server ->> Project. ->> See <URL:http://httpd.apache.org/userslist.html> for more info. ->> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx ->> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx ->> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ->> ->> ->> ->> ->--------------------------------------------------------------------- ->> The official User-To-User support forum of the Apache HTTP Server ->> Project. ->> See <URL:http://httpd.apache.org/userslist.html> for more info. ->> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx ->> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx ->> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ->> ->> ->> -> -> ->--------------------------------------------------------------------- ->The official User-To-User support forum of the Apache HTTP ->Server Project. ->See <URL:http://httpd.apache.org/userslist.html> for more info. ->To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx -> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx ->For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx -> -> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|