Find the answer to your Linux question:
Results 1 to 9 of 9
httpd.conf <Directory /www/> #AllowOverride None #Order allow,deny #Allow from all AuthType Basic AuthName "Members Only" AuthBasicProvider ldap AuthLDAPURL ldap://***/o=*,dc=*dc=*?cn AuthLDAPBindDN "cn=Manager,dc=*,dc=*" AuthLDAPBindPassword {crypt}*** AuthzLDAPAuthoritative off require valid-user </Directory> .htaccess AuthName ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2007
    Posts
    5

    LDAP and Apache problem


    httpd.conf
    <Directory /www/>
    #AllowOverride None
    #Order allow,deny
    #Allow from all
    AuthType Basic
    AuthName "Members Only"
    AuthBasicProvider ldap
    AuthLDAPURL ldap://***/o=*,dc=*dc=*?cn
    AuthLDAPBindDN "cn=Manager,dc=*,dc=*"
    AuthLDAPBindPassword {crypt}***
    AuthzLDAPAuthoritative off
    require valid-user
    </Directory>

    .htaccess

    AuthName "Members Only"
    AuthType Basic
    AuthLDAPURL ldap://***/o=*,dc=*dc=*?cn
    Require valid-user

    I apache error log I receive: [Fri Mar 30 15:59:48 2007] [warn] [client 192.168.*.*] [4886] auth_ldap authenticate: user *** authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
    [Fri Mar 30 15:59:48 2007] [error] [client 192.168.1.*.*] user ***: authentication failure for "/": Password Mismatch


    Server version: Apache/2.2.3

    @(#) $OpenLDAP: slapd 2.3.27 (Oct 1 2006 16:34:13) $
    brewbuilder@ls20-bc2-14.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd

    LDIF of my user:

    dn: cn=test,o=Authorization,dc=*,dc=*
    uid: test
    objectClass: top
    objectClass: person
    objectClass: inetOrgPerson
    sn: test
    cn: test
    mail: test@test.com
    userPassword: test

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    this is mine, and my works completly from within httpd.conf with no .htaccess
    Code:
    <Location /relativefolder/>
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative Off
            AuthName "whateveryouwant"
        AuthLDAPURL "ldap://fqdn_of_ldap_server/ou=it,ou=departments,dc=fake,dc=fake,dc=com?sAMAccountName"
        AuthLDAPBindDN "fakeuser@fake.fake.com"
        AuthLDAPBindPassword "fakepassword"
        require valid-user
    </location>
    the relative folder determines what gets restricted http://fakeurl.com/relativefolder/

    one difference I see though is mine is using authnz modules and yours is not, not sure how much of a difference that makes though. Let me know if that helps or not.

  3. #3
    Just Joined!
    Join Date
    Apr 2007
    Posts
    5
    I try with this configuration:

    <Location /test/>
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative Off
    AuthName "whateveryouwant"
    AuthLDAPURL "ldap://ldap.*.*i/o=Authorization,dc=*,dc=*?cn"
    AuthLDAPBindDN "cn=Manager,dc=*,dc=*"
    AuthLDAPBindPassword "someone"
    require valid-user
    </location>

    [Fri Apr 20 19:59:19 2007] [warn] [client *] [925] auth_ldap authenticate: user Test authentication failed; URI /test/ [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
    [Fri Apr 20 19:59:19 2007] [error] [client *] user Test: authentication failure for "/test/": Password Mismatch

  4. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    try for the bindDN to use "youruser@your.domain.com" like I have above and see if it works.

  5. #5
    Just Joined!
    Join Date
    Apr 2007
    Posts
    5
    I try with this options but I always receive error 500:
    [Fri Apr 20 21:45:59 2007] [warn] [client 192.*.*.*] [1295] auth_ldap authenticate: user * authentication failed; URI /test/ [LDAP: ldap_simple_bind_s() failed][Invalid DN syntax]

    AuthLDAPBindDN "user@ldap.*.*"
    AuthLDAPBindDN "Manager@ldap.*.*"
    AuthLDAPBindDN "manager@ldap.*.*"
    AuthLDAPBindDN "Manager@192.*.*.*"

  6. #6
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    did you notice at the end of my ldap url, ?sAMAccountName

    that tells the ldap lookup what field to search for.

    I also assume that in your ldap structure the manager account you are searching for is not outside of o=Authorization,dc=*,dc=*

  7. #7
    Just Joined!
    Join Date
    Apr 2007
    Posts
    5
    Quote Originally Posted by jledhead
    try for the bindDN to use "youruser@your.domain.com" like I have above and see if it works.
    This not work

  8. #8
    Just Joined!
    Join Date
    Apr 2007
    Posts
    5
    When I try with user which is not in directory
    [Sat Apr 21 20:10:27 2007] [warn] [client *] [5189] auth_ldap authenticate: user * authentication failed; URI /test/ [User not found][No such object]
    [Sat Apr 21 20:10:27 2007] [error] [client *] user * not found: /test/

    When I try with user which is in directory
    [Sat Apr 21 20:13:21 2007] [warn] [client *] [5202] auth_ldap authenticate: user * authentication failed; URI /test/ [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
    [Sat Apr 21 20:13:21 2007] [error] [client *] user *: authentication failure for "/test/": Password Mismatch

  9. #9
    Just Joined!
    Join Date
    Mar 2010
    Posts
    1

    ldap authendtication faild with windows

    Please look at the error


    auth_ldap authenticate: user rk authentication failed; URI /twtest [LDAP: ldap_simple_bind_s() failed][Invalid credentials]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •