Hi, when I run ldapsearch -x -W -D 'aduser' -H 'ldap://adserver:389' -b 'dc=iht,dc=com' '(&(objectclass=user)(!(objectclass=computer))(samaccountname=myname))' samaccountname tethereal displays the following: LDAP MsgId=2 Search Request, Base DN=dc=abc,dc=com LDAP MsgId=2 Search Entry, 1 result LDAP MsgId=3 Unbind Request When I use mod_authnz_ldap with the following line in my Apache httpd.conf file: AuthLDAPURL "ldap://adserver:389/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" NONE tethereal displays the following: LDAP MsgId=2 Search Request, Base DN=dc=abc,dc=com LDAP MsgId=2 Search Entry, 1 result DNS Standard query AAAA ForestDnsZones.ABC.com DNS Standard query response DNS Standard query AAAA ForestDnsZones.ABC.com.abc.com DNS Standard query response, No such name In the first case, AD finds a user whose sAMAccountName is "myname", whereas, in the second case, AD seems to get lost in the Root DSE (which contains the ForestDnsZones.ABC.com branch). Has anyone run into this problem before? p ----- Mail Original ----- De: "Eric Covener" <covener@xxxxxxxxx> À: users@xxxxxxxxxxxxxxxx Envoyé: Jeudi 18 Mars 2010 18:34:18 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: mod_authnz_ldap AuthLDAPURL problem On Thu, Mar 18, 2010 at 1:25 PM, <phiroc@xxxxxxx> wrote: > Hi, > > when I use the following AuthLDAPURL > > "ldap://adserver/ou=city1,dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" NONE > > I can authenticate any user in "ou" city1. > > If I replace the AuthLDPAURL by > > "ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" NONE > > I get an Apache 2.2 internal error and in the error log the following message: > > [debug] mod_authnz_ldap.c(379): [client xxxx] [8655] auth_ldap authenticate: using URL ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer))) > [info] [client xxxx] [8655] auth_ldap authenticate: user myusername authentication failed; URI /test/ [ldap_search_ext_s() for user failed][Operations error] > > When I do ldapsearch ... -b 'dc=abc,dc=com' '(&(objectClass=user)(!(objectClass=computer))(samaccountname=myusername)', the Active Directory server returns data, which seems to imply that there's something wrong with the mod_authnz_ldap module, or with the way I set it up or use it. Can you look at the differences on the wire via e.g. wireshark? This should make the difference in the search pretty easy to spot. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|