We have an apache service account (account name is cu_apache) in the Users container under our domain coopfed.local. Does the DN seem right?
Tom Hart wrote:
Ok, I'm getting a bit closer. Here's what I have now.<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs">Options Indexes FollowSymLinks AllowOverride None Order deny,allow AuthType Basic AuthName "Testing LDAP Auth" AuthBasicProvider ldap #AuthLDAPAuthoritative on - still doesn't let apache start AuthLDAPUrl "ldap://server/?sAMAccountName"; AuthLDAPBindDN "cn=cu_apache,cn=Users,dc=coopfed,dc=local" AuthLDAPBindPassword "********" Require valid-user </Directory>Now I get a login box, but when using the admin u/p I get this in error.log[Thu Oct 04 13:57:10 2007] [warn] [client 192.168.1.207] [6764] auth_ldap authenticate: user administrator authentication failed; URI /test.php [LDAP: ldap_simple_bind_s() failed][Invalid Credentials] [Thu Oct 04 13:57:10 2007] [error] [client 192.168.1.207] user administrator: authentication failure for "/test.php": Password MismatchI know the login credentials are correct. Is there a better way to set up LDAPUrl or to see what's trying to authenticate where in the 2003 AD?Tom Hart wrote:As a follow-up I realized ldap-user is used to specifiy a certain user aka ldap-user "Joe Smith". However based on the fact that I'm not getting prompted for a u/p, and AuthLDAPAuthoritative is failing, I believe my problem lies deeper than that. I could be wrong of course, just trying to narrow down the search.Tom Hart wrote:Hi everybody. Thanks to the help of this list I managed to get the auth_ldap module loaded, but now I'm having a little trouble bringing this project to full fruition.I'm not sure which part of this is failing, and unfortunately I can't seem to find where I can see any type of log info about ldap access attemps, whether they're even happening, or why apache won't start with AuthLDAPAuthoritative on.Any ideas? Here's my main directory chunk from httpd.conf<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs">Options Indexes FollowSymLinks AllowOverride None Order allow,deny #AuthLDAPAuthoritative on - apache won't start with this enabled AuthType Basic AuthName "Testing LDAP Auth" AuthBasicProvider ldap AuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local"; AuthLDAPBindDN "cn=tomhart,ou=people,dc=coopfed,dc=local" AuthLDAPBindPassword ******** Require ldap-user </Directory>Also, I'm not sure how important this is but I'm using windows 2003 server.---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|