Problem autheticating Apache - LDAP - Active Directory using a AD group
Roderick Derks
redhat at r71.nl
Sat Nov 10 01:40:01 UTC 2007
Hi,
Maybe someone overhere can help me with this issue. I'm trying to authenticate an apache website against an Active Directory LDAP service. I already got it working properly when I want to check if a user is in a certain container in the AD. But I want to change authentication using an AD group because users from other containers also need access. I run into the problem that I can log in but I almost always get a webpage with an error message: "internal server error". After refreshing the page a lot of times I get to see the correct webpage. Then, after a couple of minutes, again the website shows an "internal server error" again. So something is going wrong, but I don't know what. It's strange cause authenticating users in a container works without any problems.
I'm not sure it's an apache configuration error but here is my config:
Group access (this one gives me problems):
<Directory "/usr/local/nagios/sbin">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative on
AuthName "Nagios Access"
AuthLDAPURL "ldap://ezhdc01:389/dc=elisabeth,dc=nl?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldap://ezhdc01:389/dc=elisabeth,dc=nl?sAMAccountName?sub?(objectCategory=person)"
AuthLDAPBindDN "cn=sa_nagios,ou=Service Accounts,ou=admins,dc=elisabeth,dc=nl"
AuthLDAPBindPassword "**********"
Require ldap-group cn=APP_Nagios,ou=Applicaties,ou=Groups,ou=EZH,dc=elisabeth,dc=nl
#Require valid-user
#AuthLDAPGroupAttributeIsDN on
</Directory>
Users in a certain container example (this one works alright and gives me no problem):
<Directory "/usr/local/nagios/sbin">
AuthzLDAPAuthoritative on
AuthName "Nagios Access"
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
Require valid-user
AuthLDAPURL "ldap://ezhdc01:389/ou=Users,ou=admins,dc=elisabeth,dc=nl?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "cn=sa_nagios,ou=Service Accounts,ou=admins,dc=elisabeth,dc=nl"
AuthLDAPBindPassword "***********"
</Directory>
More information about the redhat-list
mailing list