[rhn-users] httpd/mod_authz_ldap authentication against Active Directory

Wed Oct 5 13:53:43 UTC 2005

Is anyone using mod_authz_ldap to authenticate users using MS Active
Directory? Using ethereal, I can at least see that it's talking to AD.
I do an initial bind with an unprivileged user to search AD. It finds
the username I enter, but the authentication of that user fails after
that is my guess. Like it can't bind to AD again with provided user
credentials. Has anyone had any success with something like this?

The httpd error_log tells me this:
[Wed Oct 05 09:47:23 2005] [error] [client 10.10.10.1] [11371] filter:
(sAMAccountName=awrobert) base: dc=americas,dc=armstrong,dc=com, not
found
[Wed Oct 05 09:33:18 2005] [error] [client 10.10.10.1] [11271] basic
LDAP authentication of user 'awrobert' failed

Ethereal, AFAICT, however shows that it *did* find that user.

My mod_authz_ldap config is this:

<IfModule mod_authz_ldap.c>

   <Location /chat>

           AuthName "Web Chat"
           AuthzLDAPLogLevel debug
           AuthzLDAPEngine on
           AuthzLDAPSetAuthorization on
           AuthType Basic
           AuthzLDAPServer "lccnsxxx.americas.armstrong.com:389"
           AuthzLDAPUserBase "dc=americas,dc=armstrong,dc=com"
           AuthzLDAPBindDN "cn=_anonymous,cn=Users,dc=americas,dc=armstrong,dc=com"
           AuthzLDAPBindPassword "password"
           AuthzLDAPUserKey sAMAccountName
           AuthzLDAPUserScope subtree
           require valid-user
           Order deny,allow

   </Location>
</IfModule>

Am I missing some parameter that would make this work?

TIA,

-- 
Alex Roberts
Infrastructure Analyst
Hostmaster
Red Hat Certified Technician
Armstrong World Industries