RE: apache 2.2.4 and AD: authentication failed.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Looks like you can't acccess the resource.

See: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

The Authorization Phase
During the authorization phase, mod_authnz_ldap attempts to determine if
the user is authorized to access the resource. Many of these checks
require mod_authnz_ldap to do a compare operation on the LDAP server.
This is why this phase is often referred to as the compare phase.
mod_authnz_ldap accepts the following Require directives to determine if
the credentials are acceptable:

Dan Stusynski 

-----Original Message-----
From: Melanie Pfefer [mailto:melanie_pfefer@xxxxxxxxxxx] 
Sent: Friday, October 26, 2007 3:07 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  apache 2.2.4 and AD: authentication failed.

Hi again,

I changed the ldapurl and the logs changed to:

[Fri Oct 26 09:58:11 2007] [debug]
mod_authnz_ldap.c(376): [client 172.21.194.71] [13900] auth_ldap
authenticate: using URL
ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sAMAccountName?sub?
[Fri Oct 26 09:58:11 2007] [debug]
mod_authnz_ldap.c(475): [client 172.21.194.71] [13900] auth_ldap
authenticate: accepting mpfefer [Fri Oct 26 09:58:11 2007] [debug]
mod_authnz_ldap.c(847): [client 172.21.194.71] [13900] auth_ldap
authorise: authorisation denied


So in sum: authentication is ok. authorization is denied... What could
be the cause??

thanks.

--- Melanie Pfefer <melanie_pfefer@xxxxxxxxxxx> wrote:

> thanks Eric. No I need to bind to ldap:
> 
> ldapsearch -D "uk.siroe.com\mpfefer" -w password -h iceman -b 
> "ou=users,dc=uk,dc=siroe,dc=com"
> objectclass=*
> 
> 
> so I changed this:
> 
> AuthLDAPUrl
> ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sub?
> AuthLDAPBindDN "uk-siroe-com\mpfefer"
> AuthLDAPBindPassword "password"
> 
> 
> The logging changed:
> 
> [Thu Oct 25 22:25:29 2007] [warn] [client 172.21.194.71] [27608] 
> auth_ldap authenticate: user mpfefer authentication failed; URI / 
> [User not found][No such object] [Thu Oct 25 22:25:29 2007] [error] 
> [client 172.21.194.71] user mpfefer not found: /
> 
> --- Eric Covener <covener@xxxxxxxxx> wrote:
> 
> > On 10/25/07, Melanie Pfefer
> > <melanie_pfefer@xxxxxxxxxxx> wrote:
> > > The browser returns Internal server error
> > >
> > > The log file returns this error
> > >
> > > [Thu Oct 25 21:21:36 2007] [debug]
> > > mod_authnz_ldap.c(376): [client 172.21.194.71]
> > [14657]
> > > auth_ldap authenticate: using URL
> > >
> >
>
ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sAMAccountName?
> > > [Thu Oct 25 21:21:36 2007] [warn] [client 172.21.194.71] [14657] 
> > > auth_ldap authenticate:
> > user
> > > mpfefer authentication failed; URI /
> > > [ldap_search_ext_s() for user failed][Operations error]
> > 
> > Can't search for that userid anonymously? Might
> want
> > to try anonymous
> > via command line to find mpfefers DN
> > 
> > --
> > Eric Covener
> > covener@xxxxxxxxx
> > 
> >
>
---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server 
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for
> > more info.
> > To unsubscribe, e-mail:
> > users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest:
> > users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail:
> > users-help@xxxxxxxxxxxxxxxx
> > 
> > 
> 
> 
> 
>      
>
___________________________________________________________
> Yahoo! Answers - Got a question? Someone out there knows the answer. 
> Try it now.
> http://uk.answers.yahoo.com/
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest:
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail:
> users-help@xxxxxxxxxxxxxxxx
> 
> 



      ___________________________________________________________ 
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good
http://uk.promotions.yahoo.com/forgood/environment.html

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux