Hi again,
I changed the ldapurl and the logs changed to:
[Fri Oct 26 09:58:11 2007] [debug]
mod_authnz_ldap.c(376): [client 172.21.194.71] [13900]
auth_ldap authenticate: using URL
ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sAMAccountName?sub?
[Fri Oct 26 09:58:11 2007] [debug]
mod_authnz_ldap.c(475): [client 172.21.194.71] [13900]
auth_ldap authenticate: accepting mpfefer
[Fri Oct 26 09:58:11 2007] [debug]
mod_authnz_ldap.c(847): [client 172.21.194.71] [13900]
auth_ldap authorise: authorisation denied
So in sum: authentication is ok. authorization is
denied... What could be the cause??
thanks.
--- Melanie Pfefer <melanie_pfefer@xxxxxxxxxxx> wrote:
> thanks Eric. No I need to bind to ldap:
>
> ldapsearch -D "uk.siroe.com\mpfefer" -w password -h
> iceman -b "ou=users,dc=uk,dc=siroe,dc=com"
> objectclass=*
>
>
> so I changed this:
>
> AuthLDAPUrl
> ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sub?
> AuthLDAPBindDN "uk-siroe-com\mpfefer"
> AuthLDAPBindPassword "password"
>
>
> The logging changed:
>
> [Thu Oct 25 22:25:29 2007] [warn] [client
> 172.21.194.71] [27608] auth_ldap authenticate: user
> mpfefer authentication failed; URI / [User not
> found][No such object]
> [Thu Oct 25 22:25:29 2007] [error] [client
> 172.21.194.71] user mpfefer not found: /
>
> --- Eric Covener <covener@xxxxxxxxx> wrote:
>
> > On 10/25/07, Melanie Pfefer
> > <melanie_pfefer@xxxxxxxxxxx> wrote:
> > > The browser returns Internal server error
> > >
> > > The log file returns this error
> > >
> > > [Thu Oct 25 21:21:36 2007] [debug]
> > > mod_authnz_ldap.c(376): [client 172.21.194.71]
> > [14657]
> > > auth_ldap authenticate: using URL
> > >
> >
>
ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sAMAccountName?
> > > [Thu Oct 25 21:21:36 2007] [warn] [client
> > > 172.21.194.71] [14657] auth_ldap authenticate:
> > user
> > > mpfefer authentication failed; URI /
> > > [ldap_search_ext_s() for user failed][Operations
> > > error]
> >
> > Can't search for that userid anonymously? Might
> want
> > to try anonymous
> > via command line to find mpfefers DN
> >
> > --
> > Eric Covener
> > covener@xxxxxxxxx
> >
> >
>
---------------------------------------------------------------------
> > The official User-To-User support forum of the
> > Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for
> > more info.
> > To unsubscribe, e-mail:
> > users-unsubscribe@xxxxxxxxxxxxxxxx
> > " from the digest:
> > users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail:
> > users-help@xxxxxxxxxxxxxxxx
> >
> >
>
>
>
>
>
___________________________________________________________
> Yahoo! Answers - Got a question? Someone out there
> knows the answer. Try it
> now.
> http://uk.answers.yahoo.com/
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest:
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail:
> users-help@xxxxxxxxxxxxxxxx
>
>
___________________________________________________________
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good http://uk.promotions.yahoo.com/forgood/environment.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|