|
I have also tried to
install Apache2-AuthenMSAD-0.02 perl module: Inserting these lines
in /etc/apache2/sites-enabled/000-default: <Directory
/var/www/prova> # Authentication
Realm and Type (only Basic supported) AuthName
"Microsoft Active Directory Authentication" AuthType Basic # Authentication
method/handler PerlAuthenHandler
Apache2::AuthenMSAD # The Microsoft
Active Directory Domain Name must be set # The Active
Directory Server Name will default to the domain. PerlSetVar
MSADDomain MyDomain PerlSetVar
MSADServer MyKdcServer # Require lines can
be any of the following -- any user, one of a list require valid-user #require user joe
mary tom </Directory> But I have this error
on /var/log/apache2/error.log: [Mon Jun 23 11:47:07
2008] [error] access to /prova/index.html failed for “MyIP”,
reason: user - Active Directory Authen Failed I don’t know what
else to do . Ciao Da: I have tried with this conf: <Directory /var/www/prova> #LDAP Authentication
AllowOverride all
AuthName "Autenticazione utente"
AuthType Basic
#AuthLDAPEnabled on
Is
commented because if enabled I have an error when restart apache
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://gc2kwive01:389/dc=wind,dc=root,DC=it?sAMAccountName?sub?(objectClass=user)
AuthLDAPBindDN
"CN=*****,OU=Privileged,OU=Office,OU=Wind,DC=wind,DC=root,DC=it"
AuthLDAPBindPassword "My password"
require valid-user </Directory> also changing the port as you suggest, but I have thi error: [Fri Jun 20 09:43:00 2008] [warn] [client 10.73.5.119]
[26287] auth_ldap authenticate: user windroot\\***** authentication failed; URI
/prova/index.html [LDAP: ldap_simple_bind_s() failed][Invalid credentials] [Fri Jun 20 09:43:00 2008] [error] [client
10.73.5.119] user windroot\\*****: authentication failure for
"/prova/index.html": Password Mismatch Trying Generic and Simple with ldp (windows) I have
noticed this: res = ldap_simple_bind_s(ld, 'de filippo',
<unavailable>); // v.3 Error <49>: ldap_simple_bind_s() failed:
Credenziali non valide Server error: <empty> res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 128);
// v.3
{NtAuthIdentity: User=*****; Pwd= <unavailable>; domain = 'windroot'.} Authenticated as dn:'*****'. The problem is ldap_simple_bind_s ? If I try to bind via php5 with ldap_connect and
ldap_bind functions, all works fine ! Help me ! ________________________________________ Da: David Dyer-Bennet
[mailto:David.Dyer-Bennet@xxxxxxxxxxxxxxxxxxxx] Inviato: giovedì 19 giugno 2008 18.34 A: Oggetto: RE: Apache2 authenticating via
LDAP on Active Directory My question is how to authenticate apache2 via LDAP on
Active Directory. This is my configuration in
/etc/apache2/sites-enabled/000-default: # LDAP Authentication LDAPSharedCacheSize 200000 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600 <Location /prova>
Options Indexes FollowSymLinks
#AllowOverride None
order allow,deny
Allow from all
AuthType Basic
AuthName "Autenticazione utente"
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL
ldap://gc2kwive01:389/dc=wind,dc=root,DC=it?sAMAccountName?sub?(objectClass=user)
require valid-user </Location> But I have this error in /var/log/apache2/error.log: [Thu Jun 19 12:54:30 2008] [warn] [client 10.73.5.119]
[22817] auth_ldap authenticate: user windroot\\de filippo authentication
failed; URI /prova/index.html [User not found][No such object] [Thu Jun 19 12:54:30 2008] [crit] [client 10.73.5.119]
configuration error: couldn't check user. No user file?:
/prova/index.html I'm still fighting with some of my Active Directory
authentication needs, but I did get my subversion repository working correctly,
so maybe what I have here will help. AD needs you to bind before it lets you search.
Also, it sometimes segments the information weirdly and uses redirects weirdly,
so you sometimes have to use port 3268 which is a magic merged global view of
the directory. So here's what I have currently working, with obvious
secret stuff overwritten: AuthName " AuthType basic AuthLDAPEnabled on AuthLDAPURL "ldap://dc1.ourinternaldomain.local:3268/dc=pinerivercapital,dc=local?sAMAccountName?sub?(objectClass=user)(objectCategory=person)" # Suitable user with read access AuthLDAPBindDN
"CN=accounttobindwith,OU=Service Accounts,OU= AuthLDAPBindPassword
"itsasecret" # Non-Authoritative lets it also look in
.htpasswd; must config user file AuthLDAPAuthoritative off #AuthLDAPGroupAttributeIsDN on AuthUserFile /home/svn/access/users Require valid-user Le informazioni contenute in questo messaggio di posta elettronica e in ognieventuale documento allegato sono riservate, potrebbero essere coperte dalsegreto professionale e possono essere utilizzate esclusivamente daldestinatario sopra indicato. Ogni divulgazione o copia di questo messaggio odei suoi eventuali allegati non autorizzata, cosi' come ogni uso odivulgazione delle informazioni negli stessi contenute, sono da considerarsicome vietate e potrebbero costituire violazione delle normative iviapplicabili. Se ricevete questo messaggio per errore Vi preghiamo divolerci avvertire immediatamente tramite posta elettronica o telefonicamentee di cancellare il presente messaggio e ogni documento ad esso allegato dalVostro sistema. Vi informiamo che svolgiamo ogni attivita' finalizzata aproteggere la nostra rete da virus e non ci assumiamo alcuna responsabilita'in ordine a possibili virus che possano essere trasferiti con la presente mail.Grazie.*****************The information contained in this e-mail and in any file transmitted with itis confidential and may be privileged for the sole use of the designatedaddressee. Any unauthorized dissemination or copying of this e-mail or itsattachments, and any use or disclosure of any information contained in them,is strictly prohibited and may be illegal. If you are not the designatedaddressee, please notify the sender immediately by e-mail or by telephoneand delete this e-mail and any file transmitted with it from your system.We make every effort to keep our network free from viruses and take noresponsibility for any computer virus which might be transferred by way of thise-mail.Thank you.--- The contents of this message and its attachments, if any, are meant for the sole use of the intended recipient and may be confidential, privileged, or otherwise protected from disclosure. If you are not the intended recipient of this message or have received this message in error, please delete it, immediately alert the sender by reply e-mail, and do not read, disclose, distribute, or otherwise use the information contained herein. If this message was misdirected, neither Pine River nor its affiliates waives any confidentiality or privilege. Pine River retains and monitors e-mail communications sent through its network. This e-mail does not constitute or form part of any offer or invitation to sell, or the solicitation of an offer to purchase any investment and is provided for information purposes only. Pine River believes that the information it provides is accurate and complete as at the date of publication, but does not grant any warranty of such and neither Pine River nor its affiliates accepts any liability in respect of errors or omissions. Past performance is not necessarily a guide to future results. --- |
|