apache mod_authnzldap against Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hey guys I am running CentOS 5 with httpd 2.2.3 
I am trying to configure mod_authnzldap authing against Active Directory and I 
have it working about 50% of the 
time. 
About 50% of the time this works with no issue, the rest of the time it fails. 
Sometimes it fails and notes the following in the error log:

[Mon Oct 22 15:58:03 2007] [debug] mod_authnz_ldap.c(373): [client 
10.XXX.XX.XXX] [13379] auth_ldap authenticate: using URL 
ldap://10.XX.XX.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*)
[Mon Oct 22 15:58:03 2007] [warn] [client 10.xxx.xx.xxx] [13379] auth_ldap 
authenticate: user special authentication failed; URI /logo.gif 
[ldap_search_ext_s() for user failed][Operations error]


Other times it printsthe following, but nothing after that (and CPU usage 
skyrockets to 100% of a single CPU) 
[Mon Oct 22 16:08:11 2007] [debug] mod_authnz_ldap.c(373): [client 
10.XX.XXX.XX] [13437] auth_ldap authenticate: using URL 
ldap://10.XX.X.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*)


In capturing the packets I see that it binds successfully several times and 
then tries to authenticate. The AD box returns:
LDAPMessage searchResDone(5) operationsError (00000000: LdapErr: 
DSID-0C090627, comment: In order to perform this operation a successful bind 
must be completed on the connection., data 0, vece) [0 results]

None of the binds that occur in the capture failed though. (all the bind 
responses reported success) 

The appropriate (anonymized) lines from httpd.conf are: 

<Location /logo.gif>    # <--- change path as needed
Order allow,deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthzLdapAuthoritative off
AuthName "BackupPC login"
AuthLDAPBindDN ldapb@xxxxxxxxxx
AuthLDAPBindPassword myformerlysecretpasswordpostedtoworld
AuthLDAPURL "ldap://10.XX.XX.XXX:389/DC=centos,DC=org?sAMAccountName?sub?
(objectClass=*)" NONE
require valid-user
</Location>


I have debug turned on. On startup I get: 

[root@backuppc httpd]# service httpd start
Starting httpd: [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(849): 
[13375] auth_ldap url parse: 
`ldap://10.XX.X.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*)'
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(858): [13375] auth_ldap 
url parse: Host: 10.XX.XX.XXX:389
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(860): [13375] auth_ldap 
url parse: Port: 389
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(862): [13375] auth_ldap 
url parse: DN: DC=centos,DC=org
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(864): [13375] auth_ldap 
url parse: attrib: sAMAccountName
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(866): [13375] auth_ldap 
url parse: scope: subtree
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(871): [13375] auth_ldap 
url parse: filter: (objectClass=*)
[Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(951): LDAP: auth_ldap not 
using SSL connections
                                                           [  OK  ]



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux