Re: mod_authnz_ldap module and Microsoft AD LDAP Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 21, 2008 at 12:59 PM, Rodney Ramos <rodneyra@xxxxxxxxx> wrote:
> I´m trying to use the mod_authnz_ldap module to authenticate the users in a
> Microsoft AD LDAP Server, but I´m having a lot of problems.
>
> The only configuration that worked was:
>
> AuthName "XXXX"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldapserver:3268/dc=domain,dc=com?cn";
> AuthLDAPBindDN "ldap_bind_user"
> AuthLDAPBindPassword "ldap_bind_psw"
> AuthzLDAPAuthoritative off
> Require valid-user
>
> Questions:
>
> 1) Why should we use the port 3268 instead of the default one, 389?

On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP
referrals.

>
> 2) Why must we set the AuthzLDAPAuthoritative directive to off?

you don't need it for 2.2.6 and later

>
> The second problem occurred when I tried to make Apache authenticate the
> users first in a LDAP server and after, if it doens´t find the user there,
> in a flat file. So I add the follow line, before the "Require valid-user"
> line:
>
> AuthUserFile /tmp/htpasswd.txt
>
> The problem is that Apache doesn´t try to use the flat file to authenticante
> the users. It only uses the LDAP authenticate module, even though the
> directive AuthzLDAPAuthoritative is set to off.

You need to tell basic auth to look there:

AuthBasicProvider ldap file




-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux