Re: Confused about LDAP authentication with Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marc Patermann <hans.moser <at> ofd-sth.niedersachsen.de> writes:

>You mean the DN contains a component with a space in it!?
>ou=WCL user,dc=foo,dc=bar

Ah... 'ou'... I was using 'cn'.  The corrected search query works, as
demonstrated by the following perl script:

    #!/usr/bin/perl
    die "usage: $0 host domain username password\n" if @ARGV != 4;
    my ($host, $domain, $username, $password) = @ARGV;
    use Net::LDAP;
    my $ldap = new Net::LDAP($host) or die $@;
    my $mesg = $ldap->bind("$domain\\$username", password => $password);
    $mesg->code && die $mesg->error;
    $mesg = $ldap->search(base => 'ou=WCL Users,ou=WCL Logins,dc=wcl,dc=local',
                          filter => '(objectClass=*)');
    $mesg->code && die $mesg->error;
    $_->dump foreach $mesg->entries;

This spits out details of every user in the domain, with the sAMAccountName
being the user's login.

In httpd.conf I have

    <Location "/test_auth">
      AuthType Basic
      AuthName "Secure Area"
      AuthBasicProvider ldap
      AuthzLDAPAuthoritative   Off
      AuthLDAPURL "ldap://wcl-dc1:389/ou=WCL Users,ou=WCL
Logins,dc=wcl,dc=local?cn?sub"
      Require valid-user
    </Location>

I don't know what the extra '?cn?sub' at the end of the query string is for but
various examples have it so I cargo-culted it in.

When I try to fetch /test_auth/index.html I am prompted for a username and
password but the page that appears is blank.  The error log has

[Fri Feb 27 11:26:09 2009] [notice] child pid 18708 exit signal Segmentation
fault (11)

So I suppose I need to run Apache under the debugger, or make it generate a core
dump, to see where it's crashing.  Unless you can spot anything obvious from the
above.

-- 
Ed Avis <eda@xxxxxxxxxxxxx>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux