[rhn-users] httpd/mod_authz_ldap authentication against Active Directory
Alex Roberts
awroberts at armstrong.com
Wed Oct 5 13:53:43 UTC 2005
Is anyone using mod_authz_ldap to authenticate users using MS Active
Directory? Using ethereal, I can at least see that it's talking to AD.
I do an initial bind with an unprivileged user to search AD. It finds
the username I enter, but the authentication of that user fails after
that is my guess. Like it can't bind to AD again with provided user
credentials. Has anyone had any success with something like this?
The httpd error_log tells me this:
[Wed Oct 05 09:47:23 2005] [error] [client 10.10.10.1] [11371] filter:
(sAMAccountName=awrobert) base: dc=americas,dc=armstrong,dc=com, not
found
[Wed Oct 05 09:33:18 2005] [error] [client 10.10.10.1] [11271] basic
LDAP authentication of user 'awrobert' failed
Ethereal, AFAICT, however shows that it *did* find that user.
My mod_authz_ldap config is this:
<IfModule mod_authz_ldap.c>
<Location /chat>
AuthName "Web Chat"
AuthzLDAPLogLevel debug
AuthzLDAPEngine on
AuthzLDAPSetAuthorization on
AuthType Basic
AuthzLDAPServer "lccnsxxx.americas.armstrong.com:389"
AuthzLDAPUserBase "dc=americas,dc=armstrong,dc=com"
AuthzLDAPBindDN "cn=_anonymous,cn=Users,dc=americas,dc=armstrong,dc=com"
AuthzLDAPBindPassword "password"
AuthzLDAPUserKey sAMAccountName
AuthzLDAPUserScope subtree
require valid-user
Order deny,allow
</Location>
</IfModule>
Am I missing some parameter that would make this work?
TIA,
--
Alex Roberts
Infrastructure Analyst
Hostmaster
Red Hat Certified Technician
Armstrong World Industries
More information about the rhn-users
mailing list