Problem autheticating Apache - LDAP - Active Directory using a AD group

Roderick Derks redhat at r71.nl
Sat Nov 10 01:40:01 UTC 2007 

Hi,

Maybe someone overhere can help me with this issue. I'm trying to authenticate an apache website against an Active Directory LDAP service. I already got it working properly when I want to check if a user is in a certain container in the AD. But I want to change authentication using an AD group because users from other containers also need access. I run into the problem that I can log in but I almost always get a webpage with an error message: "internal server error". After refreshing the page a lot of times I get to see the correct webpage. Then, after a couple of minutes, again the website shows an "internal server error" again. So something is going wrong, but I don't know what. It's strange cause authenticating users in a container works without any problems. 

I'm not sure it's an apache configuration error but here is my config:

Group access (this one gives me problems):

<Directory "/usr/local/nagios/sbin">
   Options Indexes FollowSymLinks
   AllowOverride None
   Order allow,deny
   Allow from all

   AuthBasicProvider ldap
   AuthType Basic
   AuthzLDAPAuthoritative on
   AuthName "Nagios Access"
   AuthLDAPURL "ldap://ezhdc01:389/dc=elisabeth,dc=nl?sAMAccountName?sub?(objectClass=*)"
   #AuthLDAPURL "ldap://ezhdc01:389/dc=elisabeth,dc=nl?sAMAccountName?sub?(objectCategory=person)"
   AuthLDAPBindDN "cn=sa_nagios,ou=Service Accounts,ou=admins,dc=elisabeth,dc=nl"
   AuthLDAPBindPassword "**********"
   Require ldap-group cn=APP_Nagios,ou=Applicaties,ou=Groups,ou=EZH,dc=elisabeth,dc=nl
   #Require valid-user
   #AuthLDAPGroupAttributeIsDN on
</Directory>


Users in a certain container example (this one works alright and gives me no problem):

<Directory "/usr/local/nagios/sbin">
   AuthzLDAPAuthoritative on
   AuthName "Nagios Access"
   Options Indexes FollowSymLinks
   AllowOverride None
   Order allow,deny
   Allow from all
   Require valid-user
   AuthLDAPURL "ldap://ezhdc01:389/ou=Users,ou=admins,dc=elisabeth,dc=nl?sAMAccountName?sub?(objectClass=*)" 
   AuthLDAPBindDN "cn=sa_nagios,ou=Service Accounts,ou=admins,dc=elisabeth,dc=nl" 
   AuthLDAPBindPassword "***********" 
</Directory>

More information about the redhat-list mailing list