Authentication Apache in Active Directory 2003

Printable View

08-13-2008, 09:04 PM
unix

Authentication Apache in Active Directory 2003

I am trying to configure the Apache authentication in Active Directory
2003, but when you log, the following error occurs:

[Wed Aug 13 15:48:20 2008] [warn] [client 192.168.0.65] [15464]
auth_ldap authenticate: user svnteste authentication failed; URI /
[ldap_search_ext_s() for user failed][No such object]

My httpd.conf is

<Directory "/srv/httpd/htdocs">
AuthBasicProvider ldap
AuthType basic
AuthzLDAPAuthoritative Off
AuthName "SVN"
AuthLDAPURL "ldap://192.168.0.1:389/ou=Users,DC=company,DC=com?
sAMAccountName?sub?(objectCla
ss=person)"
AuthLDAPBindPassword 123456
Require valid-user
AuthLDAPBindDN "apache@company.com"

Someone has some idea of how to solve this problem?

Thanks.
08-13-2008, 09:30 PM
unix

Re: Authentication Apache in Active Directory 2003

brusso wrote:[color=blue]
>
> AuthLDAPURL "ldap://192.168.0.1:389/ou=Users,DC=company,DC=com?
>[/color]

Off the top of my head, isn't "Users" a built-in container object and
not an OU? Have you tried "cn=Users"?
08-13-2008, 10:06 PM
unix

Re: Authentication Apache in Active Directory 2003

On Aug 13, 6:30 pm, KR <kristian.rasmus...@broadpark.no.spam.com>
wrote:[color=blue]
> brusso wrote:
>[color=green]
> > AuthLDAPURL "ldap://192.168.0.1:389/ou=Users,DC=company,DC=com?[/color]
>
> Off the top of my head, isn't "Users" a built-in container object and
> not an OU? Have you tried "cn=Users"?[/color]

Ok, I tried with this option, but the error continues.

Changed the setting to the next,

AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative On
Require valid-user
AuthName "SVN"
AuthLDAPURL ldap://192.168.0.1:389/DC=company,DC=com?sAMAccountName?sub?(objectClass=*)
NONE
AuthLDAPBindDN "cn=apache,cn=users,dc=company,dc=com"
AuthLDAPBindPassword apach

But the error now is this

[Wed Aug 13 19:04:58 2008] [warn] [client 192.168.0.65] [16455]
auth_ldap authenticate: user svnteste authentication failed; URI /
[LDAP: ldap_simple_bind_s() failed][Invalid credentials]
[Wed Aug 13 19:04:58 2008] [error] [client 192.168.0.65] user
svnteste: authentication failure for "/": Password Mismatch

Someone has some idea of how to solve this problem?

Thanks.
08-14-2008, 03:52 AM
unix

Re: Authentication Apache in Active Directory 2003

brusso wrote:
[color=blue]
> On Aug 13, 6:30 pm, KR <kristian.rasmus...@broadpark.no.spam.com>
> wrote:[color=green]
>> brusso wrote:
>>[color=darkred]
>> > AuthLDAPURL "ldap://192.168.0.1:389/ou=Users,DC=company,DC=com?[/color]
>>
>> Off the top of my head, isn't "Users" a built-in container object and
>> not an OU? Have you tried "cn=Users"?[/color]
>
> Ok, I tried with this option, but the error continues.
>
> Changed the setting to the next,
>
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative On
> Require valid-user
> AuthName "SVN"
> AuthLDAPURL
> ldap://192.168.0.1:389/DC=company,DC=com?sAMAccountName?sub[/color]
(objectClass=*)[color=blue]
> NONE
> AuthLDAPBindDN "cn=apache,cn=users,dc=company,dc=com"
> AuthLDAPBindPassword apach
>
> But the error now is this
>
> [Wed Aug 13 19:04:58 2008] [warn] [client 192.168.0.65] [16455]
> auth_ldap authenticate: user svnteste authentication failed; URI /
> [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Wed Aug 13 19:04:58 2008] [error] [client 192.168.0.65] user
> svnteste: authentication failure for "/": Password Mismatch
>
> Someone has some idea of how to solve this problem?
>
> Thanks.[/color]

If you want SSO the way IIS does, try [url]http://modauthkerb.sourceforge.net/[/url]

I've been using it for years.

Andy