*Solved* Seems we may have suffered from a bug regarding using references in MS 2003 AD. What we did to get things going was to query the AD-server on port 3268, and make sure AuthzLDAPAuthoritative was set to "Off". Regards, Kenneth Holter On 9/9/08, Kenneth Holter <kenneho.ndu@xxxxxxxxx> wrote: > > Thanks for the quick reply. > > I implemented your setup, and found that the web page's credentials > dialogue box no longer appears (before the dialogue box would appear, but > authentication would fail). Instead, the following error message is issued: > > Internal server error: > > The server encountered an internal error or misconfiguration and was unable > to complete your request. > > The /var/log/httpd/error.log says this: > > [Tue Sep 09 14:31:47 2008] [warn] [client 111.222.33<http://10.53.65.212/>3.444] > [8127] auth_ldap authenticate: user kenneho authentication failed; URI /test > > [ldap_search_ext_s() for user failed][Operations error], referer: > http://server.example.com/ > Any ideas? > > > On 9/9/08, Roderick Derks <redhat@xxxxxx> wrote: >> >> This is a working config for AD2003RC2 and Apache: >> Server version: Apache/2.2.6 (Unix) >> Server built: Sep 18 2007 09:40:44 >> >> <Directory "/var/www/html/portdiscoverer"> >> >> AuthBasicProvider ldap >> AuthType Basic >> AuthzLDAPAuthoritative on >> AuthName "Portdiscoverer Access" >> >> Options Indexes FollowSymLinks >> AllowOverride None >> Order allow,deny >> Allow from all >> Require valid-user >> >> AuthLDAPURL >> "ldap://ezhdc01:389/ou=Users,dc=domain,dc=nl?sAMAccountName?sub?(objectClass=*)" >> AuthLDAPBindDN >> "cn=user_with_no_specific_rights,ou=container,dc=domain,dc=nl" >> AuthLDAPBindPassword "password" >> >> </Directory> >> >> Hope It Helps, Good Luck >> >> Roderick >> >> ----- Original Message ----- >> From: "Kenneth Holter" <kenneho.ndu@xxxxxxxxx> >> To: redhat-list@xxxxxxxxxx >> Sent: 09 September 2008 14:11:17 o'clock (GMT+0100) Europe/Berlin >> Subject: Authentication error: Apache 2 and MS 2003 Active Directory >> >> Hi. >> >> I've tried to set up Apache 2 to authenticate users against MS 2003 Active >> Directory, but are getting this error: >> >> Mon Sep 08 14:16:03 2008] [error] [client xxx.xxx.xxx.xxx] access to >> /folder >> failed, reason: verification of user id 'kenneho' not configured, referer: >> http://host.example.com/ >> >> >> This is from my httpd.conf: >> >> LoadModule ldap_module modules/mod_ldap.so >> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so >> .... >> AuthType Basic >> AuthName "Welcome!" >> AuthLDAPURL ldap://111.222.333.444:389/dc=example,dc=com?sAMAccountName >> AuthLDAPBindDN CN=user,OU=something,DC=example,DC=com >> AuthLDAPBindPassword secret >> Require vaild-user >> >> >> General ldapsearch using the bind DN and password seems to work fine: >> >> ldapsearch -x -D "CN=user,OU=something,DC=example,DC=com" -w secret >> >> >> On >> >> http://wiki.apache.org/httpd/ModAuthAndActiveDirectory2003?highlight=(active)%7C(directory) >> a problem with mod_auth_ldap and MS 2003 AD is described, but this doesn't >> seem to apply to my configuration. >> >> >> Any ideas on how to further debug this? >> >> >> Regards, >> Kenneth Holter >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
