Re: ldap authentication not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm beginning to believe that the BindDN and BindPassword are incorrect, because it doesn't seem to matter what I type in there, I get the same results. I'm pretty sure I have the DN correct though.

We have an apache service account (account name is cu_apache) in the Users container under our domain coopfed.local. Does the DN seem right?

Tom Hart wrote:
Ok, I'm getting a bit closer. Here's what I have now.

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs">
   Options Indexes FollowSymLinks
   AllowOverride None
   Order deny,allow

   AuthType Basic
   AuthName "Testing LDAP Auth"
   AuthBasicProvider ldap
     #AuthLDAPAuthoritative on - still doesn't let apache start

   AuthLDAPUrl "ldap://server/?sAMAccountName";
   AuthLDAPBindDN "cn=cu_apache,cn=Users,dc=coopfed,dc=local"
   AuthLDAPBindPassword "********"

   Require valid-user

</Directory>

Now I get a login box, but when using the admin u/p I get this in error.log

[Thu Oct 04 13:57:10 2007] [warn] [client 192.168.1.207] [6764] auth_ldap authenticate: user administrator authentication failed; URI /test.php [LDAP: ldap_simple_bind_s() failed][Invalid Credentials] [Thu Oct 04 13:57:10 2007] [error] [client 192.168.1.207] user administrator: authentication failure for "/test.php": Password Mismatch

I know the login credentials are correct. Is there a better way to set up LDAPUrl or to see what's trying to authenticate where in the 2003 AD?

Tom Hart wrote:
As a follow-up I realized ldap-user is used to specifiy a certain user aka ldap-user "Joe Smith". However based on the fact that I'm not getting prompted for a u/p, and AuthLDAPAuthoritative is failing, I believe my problem lies deeper than that. I could be wrong of course, just trying to narrow down the search.

Tom Hart wrote:
Hi everybody. Thanks to the help of this list I managed to get the auth_ldap module loaded, but now I'm having a little trouble bringing this project to full fruition.

I'm not sure which part of this is failing, and unfortunately I can't seem to find where I can see any type of log info about ldap access attemps, whether they're even happening, or why apache won't start with AuthLDAPAuthoritative on.

Any ideas? Here's my main directory chunk from httpd.conf

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs">
   Options Indexes FollowSymLinks
   AllowOverride None
   Order allow,deny

   #AuthLDAPAuthoritative on - apache won't start with this enabled

   AuthType Basic
   AuthName "Testing LDAP Auth"
   AuthBasicProvider ldap

   AuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local";
   AuthLDAPBindDN "cn=tomhart,ou=people,dc=coopfed,dc=local"
   AuthLDAPBindPassword ********

   Require ldap-user

</Directory>

Also, I'm not sure how important this is but I'm using windows 2003 server.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux