[Freeipa-users] Problem using IPA for Apache LDAP Auth
David Taylor
david.taylor at speedcast.com
Thu Apr 3 01:49:29 UTC 2014
Hi All,
I'm having some issues with setting up ldap auth for an apache webserver. In short I have an IPA server that seems to be working correctly, it is currently acting and a central authentication server for our Linux server environment. What I'm trying to do is get LDAP Auth up for our web based services.
The test environment is all CentOS 6.5 with the following config
IPA server with an LDAP bind user set up as per http://www.freeipa.org/page/Apache_Group_Based_Authorization without the kerberos component.
There is a single web directory /var/www/html/webtest with a single index.htlm file and a .htaccess file with the following contents.
# Make sure you're using HTTPS, or anyone can read your LDAP password.
# SSLRequireSSL
Order deny,allow
Deny from All
AuthName "Example Authorisation"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPUrl "ldaps://ipa.example.com:636/dc=example,dc=com?uid"
AuthLDAPBindDN "uid=webapps,cn=sysaccounts,cn=etc, dc=example,dc=com"
AuthLDAPBindPassword "<password removed>"
Require valid-user
Satisfy any
---------------------------------------------------------------------------------------
When I try to access the web page I get a basic auth prompt and in the ipa server logs I get the following
[03/Apr/2014:12:26:22 +1100] conn=1689 fd=83 slot=83 SSL connection from 10.0.0.11 to 10.0.0.3
[03/Apr/2014:12:26:22 +1100] conn=1689 SSL 256-bit AES
[03/Apr/2014:12:26:22 +1100] conn=1689 op=0 BIND dn="uid=webapps,cn=sysaccounts,cn=etc,dc=example,dc=com" method=128 version=3
[03/Apr/2014:12:26:22 +1100] conn=1689 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=webapps,cn=sysaccounts,cn=etc, dc=example,dc=com"
[03/Apr/2014:12:26:22 +1100] conn=1689 op=1 SRCH base=" dc=example,dc=com" scope=2 filter="(&(objectClass=*)(uid=dtaylor))" attrs="uid"
[03/Apr/2014:12:26:22 +1100] conn=1689 op=1 RESULT err=0 tag=101 nentries=1 etime=0 notes=U
---------------------------------------------------------------------------------------
Any help is greatly appreciated.
Best regards
David Taylor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140403/f92746dc/attachment.htm>
More information about the Freeipa-users
mailing list