problem with mod_authnz_ldap with AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey guys I am running CentOS 5 with httpd 2.2.3 
I am trying to configure mod_authnzldap authing against Active Directory and I 
have it working about 50% of the 
time. 
About 50% of the time this works with no issue, the rest of the time it fails. 
Sometimes it fails and notes the following in the error log:

[Mon Oct 22 15:58:03 2007] [debug] mod_authnz_ldap.c(373): [client 
10.XXX.XX.XXX] [13379] auth_ldap authenticate: using URL 
ldap://10.XX.XX.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*)
[Mon Oct 22 15:58:03 2007] [warn] [client 10.xxx.xx.xxx] [13379] auth_ldap 
authenticate: user special authentication failed; URI /logo.gif 
[ldap_search_ext_s() for user failed][Operations error]


Other times it printsthe following, but nothing after that (and CPU usage 
skyrockets to 100% of a single CPU) 
[Mon Oct 22 16:08:11 2007] [debug] mod_authnz_ldap.c(373): [client 
10.XX.XXX.XX] [13437] auth_ldap authenticate: using URL 
ldap://10.XX.X.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*)


In capturing the packets I see that it binds successfully several times and 
then tries to authenticate. The AD box returns:
LDAPMessage searchResDone(5) operationsError (00000000: LdapErr: 
DSID-0C090627, comment: In order to perform this operation a successful bind 
must be completed on the connection., data 0, vece) [0 results]

None of the binds that occur in the capture failed though. (all the bind 
responses reported success) 

The appropriate (anonymized) lines from httpd.conf are: 

<Location /logo.gif>    # <--- change path as needed
Order allow,deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthzLdapAuthoritative off
AuthName "BackupPC login"
AuthLDAPBindDN ldapb@xxxxxxxxxx
AuthLDAPBindPassword myformerlysecretpasswordpostedtoworld
AuthLDAPURL "ldap://10.XX.XX.XXX:389/DC=centos,DC=org?sAMAccountName?sub?
(objectClass=*)" NONE
require valid-user
</Location>


I have debug turned on. On startup I get: 

[root@backuppc httpd]# service httpd start
Starting httpd: [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(849): 
[13375] auth_ldap url parse: 
`ldap://10.XX.X.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*)'
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(858): [13375] auth_ldap 
url parse: Host: 10.XX.XX.XXX:389
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(860): [13375] auth_ldap 
url parse: Port: 389
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(862): [13375] auth_ldap 
url parse: DN: DC=centos,DC=org
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(864): [13375] auth_ldap 
url parse: attrib: sAMAccountName
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(866): [13375] auth_ldap 
url parse: scope: subtree
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(871): [13375] auth_ldap 
url parse: filter: (objectClass=*)
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(951): LDAP: auth_ldap not 
using SSL connections
                                                           [  OK  ]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux