Anyone have success doing Apache authentication against Active Directory?
I'm working on this, and as expected, running into difficulties. Googling this problem returns all sorts of conflicting advice, as you might imagine.
I'm using a Linux server, running Ubuntu 8.10, with Apache2, version 2.2.9 (Ubuntu).
After considerable tweaking of the config file, I eventually got it so Apache did not complain about the syntax. When I browsed to the site, I received the usual Apache prompt for login credentials. When I submit my login credentials, the server returns a 500 Internal Server Error. Here's what shows up in the Apache error log:
*********** Log entries ******************
[Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [540] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
[Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /
[Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [543] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
[Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico
[Mon Jan 26 08:49:31 2009] [warn] [client 35.8.220.248] [545] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
[Mon Jan 26 08:49:31 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico
*********** End of log entries **************
Seems that I am not getting Apache to bind to our AD. I suspect that I my configuration syntax is probably more geared for OpenLDAP, rather than AD. Here's the config code I'm using for this test instance (with certain sensitive fields xed out).
<Directory />
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
AuthType Basic
AuthName "Secure Area"
AuthUserFile /dev/null
AuthBasicAuthoritative Off
AuthBasicProvider ldap
AuthLDAPURL ldap://xxxxxx.lib.msu.edu:386/ou=staff,dc=lib,dc=msu,dc=edu?sAMAccountName
AuthLDAPBindDN "cn=xxxxx, ou=users, dc=lib, dc=msu, dc=edu"
AuthLDAPBindPassword "xxxxxxx"
require valid-user
</Directory>
Thanks!
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Eric Weston, Information Technology Professional
MSU Libraries Systems
(517)432-6123 x229
|