Apache 2 LDAP authentication against Apple Open Directory Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am new to using mod_ldap and mod_auth_ldap to create an ACL for certain directories we want to limit access to. I’ve managed to get it working properly with OpenLDAP but we migrated to Apple’s Open Directory Server on OSX, which from what I’ve read should act similar. This is not the case and I keep getting the following error in my Redhat EL4 Apache 2.0.55 error log whenever I try to login:

 

[Mon Jun 18 16:06:40 2007] [warn] [client 132.239.79.130] [18337] auth_ldap authenticate: user username authentication failed; URI /ldaptest/ [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]

 

Here are the relevant sections in the httpd.conf:

 

LoadModule ldap_module modules/mod_ldap.so

LoadModule auth_ldap_module modules/mod_auth_ldap.so

 

....

 

<Directory "/www/docs/public/ldaptest">

        AuthType Basic

        AuthName "LDAP Test"

        AuthLDAPBindDN uid=adminuser,cn=users,dc=server,dc=ucsd,dc=edu

        AuthLDAPBindPassword secret

        AuthzLDAPAuthoritative off

        AuthLDAPURL ldap://server.ucsd.edu:389/cn=users,dc=server,dc=ucsd,dc=edu?uid

        AuthLDAPRemoteUserIsDN OFF

        require valid-user

</Directory>

 

No errors or warnings come up when the server is started and I don’t see anything relevant on the OD log side, just the apache error above. Ideally I would like to authenticate with valid users and groups over an anonymous bind, but without the AuthLDAPBindDN it gives another error about [Invalid Credentials].

 

I’ve looked around online as much as I could, but I haven’t found any other cases of GNU/Linux Apache2 servers using OSX OD server for an ACL. One solution that looks promising is using Apples mod_auth_apple, but I am unable to find the source code on the Darwin site for it to even attempt to compile it myself. The command ldapsearch works fine from the shell and I can query users anonymously or authenticated without any problems. If anyone has had any experience with this type of setup or could offer any help I would be most grateful, thank you.

 

Specifics:

Client Server: Redhat EL4 – Apache 2.0.55 – Standard install

LDAP Server: Apple OS X 10.4.9 – Open Directory Master – Directory Binding Enabled, SSL Enabled, All Hash and Authentication Methods checked

 

Micheal Waltz
System Administrator
UCSD Educational Computing
858-822-3959
http://meded.ucsd.edu/edcom

 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux