On Tue, Oct 21, 2008 at 12:59 PM, Rodney Ramos <rodneyra@xxxxxxxxx> wrote: > I´m trying to use the mod_authnz_ldap module to authenticate the users in a > Microsoft AD LDAP Server, but I´m having a lot of problems. > > The only configuration that worked was: > > AuthName "XXXX" > AuthType Basic > AuthBasicProvider ldap > AuthLDAPUrl "ldap://ldapserver:3268/dc=domain,dc=com?cn" > AuthLDAPBindDN "ldap_bind_user" > AuthLDAPBindPassword "ldap_bind_psw" > AuthzLDAPAuthoritative off > Require valid-user > > Questions: > > 1) Why should we use the port 3268 instead of the default one, 389? On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP referrals. > > 2) Why must we set the AuthzLDAPAuthoritative directive to off? you don't need it for 2.2.6 and later > > The second problem occurred when I tried to make Apache authenticate the > users first in a LDAP server and after, if it doens´t find the user there, > in a flat file. So I add the follow line, before the "Require valid-user" > line: > > AuthUserFile /tmp/htpasswd.txt > > The problem is that Apache doesn´t try to use the flat file to authenticante > the users. It only uses the LDAP authenticate module, even though the > directive AuthzLDAPAuthoritative is set to off. You need to tell basic auth to look there: AuthBasicProvider ldap file -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx