Authentication error: Apache 2 and MS 2003 Active Directory
Kenneth Holter
kenneho.ndu at gmail.com
Tue Sep 9 12:39:55 UTC 2008
Thanks for the quick reply.
I implemented your setup, and found that the web page's credentials dialogue
box no longer appears (before the dialogue box would appear, but
authentication would fail). Instead, the following error message is issued:
Internal server error:
The server encountered an internal error or misconfiguration and was unable
to complete your request.
The /var/log/httpd/error.log says this:
[Tue Sep 09 14:31:47 2008] [warn] [client 111.222.33
<http://10.53.65.212/>3.444]
[8127] auth_ldap authenticate: user kenneho authentication failed; URI /test
[ldap_search_ext_s() for user failed][Operations error], referer:
http://server.example.com/
Any ideas?
On 9/9/08, Roderick Derks <redhat at r71.nl> wrote:
>
> This is a working config for AD2003RC2 and Apache:
> Server version: Apache/2.2.6 (Unix)
> Server built: Sep 18 2007 09:40:44
>
> <Directory "/var/www/html/portdiscoverer">
>
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative on
> AuthName "Portdiscoverer Access"
>
> Options Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> Require valid-user
>
> AuthLDAPURL
> "ldap://ezhdc01:389/ou=Users,dc=domain,dc=nl?sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN
> "cn=user_with_no_specific_rights,ou=container,dc=domain,dc=nl"
> AuthLDAPBindPassword "password"
>
> </Directory>
>
> Hope It Helps, Good Luck
>
> Roderick
>
> ----- Original Message -----
> From: "Kenneth Holter" <kenneho.ndu at gmail.com>
> To: redhat-list at redhat.com
> Sent: 09 September 2008 14:11:17 o'clock (GMT+0100) Europe/Berlin
> Subject: Authentication error: Apache 2 and MS 2003 Active Directory
>
> Hi.
>
> I've tried to set up Apache 2 to authenticate users against MS 2003 Active
> Directory, but are getting this error:
>
> Mon Sep 08 14:16:03 2008] [error] [client xxx.xxx.xxx.xxx] access to
> /folder
> failed, reason: verification of user id 'kenneho' not configured, referer:
> http://host.example.com/
>
>
> This is from my httpd.conf:
>
> LoadModule ldap_module modules/mod_ldap.so
> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> ....
> AuthType Basic
> AuthName "Welcome!"
> AuthLDAPURL ldap://111.222.333.444:389/dc=example,dc=com?sAMAccountName
> AuthLDAPBindDN CN=user,OU=something,DC=example,DC=com
> AuthLDAPBindPassword secret
> Require vaild-user
>
>
> General ldapsearch using the bind DN and password seems to work fine:
>
> ldapsearch -x -D "CN=user,OU=something,DC=example,DC=com" -w secret
>
>
> On
>
> http://wiki.apache.org/httpd/ModAuthAndActiveDirectory2003?highlight=(active)%7C(directory)
> a problem with mod_auth_ldap and MS 2003 AD is described, but this doesn't
> seem to apply to my configuration.
>
>
> Any ideas on how to further debug this?
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list