Hello,we've migrated part of our apache auth to LDAP, but suddenly we receive errors like "Password Mismatch" while the user's password is correct.
In the log we can read:[Wed Dec 02 17:42:54 2009] [warn] [client <IP ADDRESS>] [3659] auth_ldap authenticate: user <user> authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid credentials] [Wed Dec 02 17:42:54 2009] [error] [client <IP ADDRESS>]] user <user>: authentication failure for "/": Password Mismatch
but if we use ldapsearch command to bind to the ldap servers, with the very same username & password the user can login successfully.
The httpd.conf ldap relevant entries are: # grep -i ldap /usr/local/apache/conf/httpd.conf LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LDAPVerifyServerCert Off LDAPTrustedMode STARTTLS LDAPSharedCacheSize 200000 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600 while the .htaccess we use is: AuthType Basic AuthName "<name>" AuthBasicProvider ldap AuthzLDAPAuthoritative Off AuthLDAPBindDN <uid for bind> AuthLDAPBindPassword <pwd> AuthLDAPURL ldaps://<server>/dc=ABC,dc=DEF?uid?sub?(objectClass=*) require ldap-group <CN for the auth group>The password mismatch for a user usually goes away after apache is restarted, but then other users (that were able to login before restart) start facing the login incorrect.
Could you please suggest what to do to resolve this really annoying problem? Thanks in advance, Sandro --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|