[Freeipa-users] Problem using IPA for Apache LDAP Auth

David Taylor david.taylor at speedcast.com
Thu Apr 3 01:49:29 UTC 2014 

Hi All,

                I'm having some issues with setting up ldap auth for an apache webserver. In short I have an IPA server that seems to be working correctly, it is currently acting and a central authentication server for our Linux server environment. What I'm trying to do is get LDAP Auth up for our web based services.

The test environment is all CentOS 6.5 with the following config



IPA server with an LDAP bind user set up as per http://www.freeipa.org/page/Apache_Group_Based_Authorization without the kerberos component.

There is a single web directory /var/www/html/webtest with a single index.htlm file and a .htaccess file with the following contents.



# Make sure you're using HTTPS, or anyone can read your LDAP password.

# SSLRequireSSL

Order deny,allow

Deny from All

AuthName "Example Authorisation"

AuthType Basic

AuthBasicProvider ldap

AuthzLDAPAuthoritative on

AuthLDAPUrl "ldaps://ipa.example.com:636/dc=example,dc=com?uid"

AuthLDAPBindDN "uid=webapps,cn=sysaccounts,cn=etc, dc=example,dc=com"

AuthLDAPBindPassword "<password removed>"

Require valid-user

Satisfy any



---------------------------------------------------------------------------------------

When I try to access the web page I get a basic auth prompt and in the ipa server logs I get the following



[03/Apr/2014:12:26:22 +1100] conn=1689 fd=83 slot=83 SSL connection from 10.0.0.11 to 10.0.0.3

[03/Apr/2014:12:26:22 +1100] conn=1689 SSL 256-bit AES

[03/Apr/2014:12:26:22 +1100] conn=1689 op=0 BIND dn="uid=webapps,cn=sysaccounts,cn=etc,dc=example,dc=com" method=128 version=3

[03/Apr/2014:12:26:22 +1100] conn=1689 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=webapps,cn=sysaccounts,cn=etc, dc=example,dc=com"

[03/Apr/2014:12:26:22 +1100] conn=1689 op=1 SRCH base=" dc=example,dc=com" scope=2 filter="(&(objectClass=*)(uid=dtaylor))" attrs="uid"

[03/Apr/2014:12:26:22 +1100] conn=1689 op=1 RESULT err=0 tag=101 nentries=1 etime=0 notes=U



---------------------------------------------------------------------------------------



Any help is greatly appreciated.



Best regards

David Taylor



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140403/f92746dc/attachment.htm>

More information about the Freeipa-users mailing list