Authentication error: Apache 2 and MS 2003 Active Directory
Kenneth Holter
kenneho.ndu at gmail.com
Wed Sep 10 10:45:05 UTC 2008
*Solved*
Seems we may have suffered from a bug regarding using references in MS 2003
AD. What we did to get things going was to query the AD-server on port 3268,
and make sure AuthzLDAPAuthoritative was set to "Off".
Regards,
Kenneth Holter
On 9/9/08, Kenneth Holter <kenneho.ndu at gmail.com> wrote:
>
> Thanks for the quick reply.
>
> I implemented your setup, and found that the web page's credentials
> dialogue box no longer appears (before the dialogue box would appear, but
> authentication would fail). Instead, the following error message is issued:
>
> Internal server error:
>
> The server encountered an internal error or misconfiguration and was unable
> to complete your request.
>
> The /var/log/httpd/error.log says this:
>
> [Tue Sep 09 14:31:47 2008] [warn] [client 111.222.33<http://10.53.65.212/>3.444]
> [8127] auth_ldap authenticate: user kenneho authentication failed; URI /test
>
> [ldap_search_ext_s() for user failed][Operations error], referer:
> http://server.example.com/
> Any ideas?
>
>
> On 9/9/08, Roderick Derks <redhat at r71.nl> wrote:
>>
>> This is a working config for AD2003RC2 and Apache:
>> Server version: Apache/2.2.6 (Unix)
>> Server built: Sep 18 2007 09:40:44
>>
>> <Directory "/var/www/html/portdiscoverer">
>>
>> AuthBasicProvider ldap
>> AuthType Basic
>> AuthzLDAPAuthoritative on
>> AuthName "Portdiscoverer Access"
>>
>> Options Indexes FollowSymLinks
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>> Require valid-user
>>
>> AuthLDAPURL
>> "ldap://ezhdc01:389/ou=Users,dc=domain,dc=nl?sAMAccountName?sub?(objectClass=*)"
>> AuthLDAPBindDN
>> "cn=user_with_no_specific_rights,ou=container,dc=domain,dc=nl"
>> AuthLDAPBindPassword "password"
>>
>> </Directory>
>>
>> Hope It Helps, Good Luck
>>
>> Roderick
>>
>> ----- Original Message -----
>> From: "Kenneth Holter" <kenneho.ndu at gmail.com>
>> To: redhat-list at redhat.com
>> Sent: 09 September 2008 14:11:17 o'clock (GMT+0100) Europe/Berlin
>> Subject: Authentication error: Apache 2 and MS 2003 Active Directory
>>
>> Hi.
>>
>> I've tried to set up Apache 2 to authenticate users against MS 2003 Active
>> Directory, but are getting this error:
>>
>> Mon Sep 08 14:16:03 2008] [error] [client xxx.xxx.xxx.xxx] access to
>> /folder
>> failed, reason: verification of user id 'kenneho' not configured, referer:
>> http://host.example.com/
>>
>>
>> This is from my httpd.conf:
>>
>> LoadModule ldap_module modules/mod_ldap.so
>> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
>> ....
>> AuthType Basic
>> AuthName "Welcome!"
>> AuthLDAPURL ldap://111.222.333.444:389/dc=example,dc=com?sAMAccountName
>> AuthLDAPBindDN CN=user,OU=something,DC=example,DC=com
>> AuthLDAPBindPassword secret
>> Require vaild-user
>>
>>
>> General ldapsearch using the bind DN and password seems to work fine:
>>
>> ldapsearch -x -D "CN=user,OU=something,DC=example,DC=com" -w secret
>>
>>
>> On
>>
>> http://wiki.apache.org/httpd/ModAuthAndActiveDirectory2003?highlight=(active)%7C(directory)
>> a problem with mod_auth_ldap and MS 2003 AD is described, but this doesn't
>> seem to apply to my configuration.
>>
>>
>> Any ideas on how to further debug this?
>>
>>
>> Regards,
>> Kenneth Holter
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
More information about the redhat-list
mailing list