We are trying to setup a company intranet server (apache 2.2.3-4+etch5) so that it is available outside our LAN. However, we want users to be prompted for a username and password when they are coming from the outside. We want the authentication to use our AD LDAP server. We have this configuration running on another nearly identical Debian 4.0 server and it works fine. However when we try this configuration on the new intranet server the LDAP authentication fails. Here is the setup that works on the old server which we are attempting to duplicate on the new server:
<Location "/">
Allow from 192.168.1.0/24
Satisfy Any
Order deny,allow
Deny from all
Require valid-user
AuthType basic
AuthName "INTRANET"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPBindDN "cn=apache_user,cn=Users,dc=company,dc=com"
AuthLDAPBindPassword "abcefg"
AuthLDAPUrl "ldap://192.168.1.2:389 192.168.1.3:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=*)"
</Location>
We have done a tcpdump and compared the packet dump of a login attempt on both the old and new servers. The communication is nearly identical until the new server starts looking for the user account in the forest and other areas of the directory. If we add cn=Users to the AuthLDAPUrl line on the server then it also works fine. However, not all of our users on in cn=Users.
Is there a way to get around this problem?
What could we have possibly done on the old server so that it works with the above config?
Thank you!
Andrew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|