Eric,
Unless you've changed the default ports, Active Directory LDAP runs on
TCP port 389, not 386.
On 1/26/2009 9:19 AM, Weston, Eric wrote:
> Anyone have success doing Apache authentication against Active Directory?
>
> I'm working on this, and as expected, running into difficulties. Googling this problem returns all sorts of conflicting advice, as you might imagine.
>
> I'm using a Linux server, running Ubuntu 8.10, with Apache2, version 2.2.9 (Ubuntu).
>
> After considerable tweaking of the config file, I eventually got it so Apache did not complain about the syntax. When I browsed to the site, I received the usual Apache prompt for login credentials. When I submit my login credentials, the server returns a 500 Internal Server Error. Here's what shows up in the Apache error log:
>
> *********** Log entries ******************
> [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [540] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
> [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /
> [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [543] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
> [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico
> [Mon Jan 26 08:49:31 2009] [warn] [client 35.8.220.248] [545] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
> [Mon Jan 26 08:49:31 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico
> *********** End of log entries **************
>
> Seems that I am not getting Apache to bind to our AD. I suspect that I my configuration syntax is probably more geared for OpenLDAP, rather than AD. Here's the config code I'm using for this test instance (with certain sensitive fields xed out).
>
> <Directory />
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> AuthType Basic
> AuthName "Secure Area"
> AuthUserFile /dev/null
> AuthBasicAuthoritative Off
> AuthBasicProvider ldap
> AuthLDAPURL ldap://xxxxxx.lib.msu.edu:386/ou=staff,dc=lib,dc=msu,dc=edu?sAMAccountName
> AuthLDAPBindDN "cn=xxxxx, ou=users, dc=lib, dc=msu, dc=edu"
> AuthLDAPBindPassword "xxxxxxx"
> require valid-user
> </Directory>
>
> Thanks!
>
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Eric Weston, Information Technology Professional
> MSU Libraries Systems
> (517)432-6123 x229
>
--
Steven Foley <[log in to unmask]>
Systems Administrator <[log in to unmask]>
College of Engineering at Michigan State University
|