Eric,
"Users" in AD is a container not an OU, try this line:
AuthLDAPBindDN "cn=xxxxx,cn=Users,dc=lib,dc=msu,dc=edu"
Obviously replacing the x's with your bind username.
On 1/26/2009 10:17 AM, Weston, Eric wrote:
> -----Original Message-----
> From: Steven Foley [mailto:[log in to unmask]]
> Sent: Mon 1/26/2009 9:42 AM
> To: Weston, Eric
> Cc: [log in to unmask]
> Subject: Re: [MSUNAG] Apache2 AD integration
>
> Eric,
> Unless you've changed the default ports, Active Directory LDAP runs on
> TCP port 389, not 386.
>
>
> -- D'oh!!! Well, correcting that got rid of the 500 error. Thanks for spotting that, I would have overlooked that for days, I'm sure. I still have some other issues, it won't accept my credentials. Here's the new set of errors:
>
> [Mon Jan 26 10:07:27 2009] [warn] [client 35.8.220.248] [8253] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Mon Jan 26 10:07:27 2009] [error] [client 35.8.220.248] user westone: authentication failure for "/": Password Mismatch
> [Mon Jan 26 10:07:41 2009] [warn] [client 35.8.220.248] [8253] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Mon Jan 26 10:07:41 2009] [error] [client 35.8.220.248] user westone: authentication failure for "/": Password Mismatch
> [Mon Jan 26 10:08:02 2009] [warn] [client 35.8.220.248] [8254] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Mon Jan 26 10:08:02 2009] [error] [client 35.8.220.248] user westone: authentication failure for "/": Password Mismatch
>
> Maybe I need to use a different user to bind to AD. I'll try that next...
>
>
> On 1/26/2009 9:19 AM, Weston, Eric wrote:
>> Anyone have success doing Apache authentication against Active Directory?
>>
>> I'm working on this, and as expected, running into difficulties. Googling this problem returns all sorts of conflicting advice, as you might imagine.
>>
>> I'm using a Linux server, running Ubuntu 8.10, with Apache2, version 2.2.9 (Ubuntu).
>>
>> After considerable tweaking of the config file, I eventually got it so Apache did not complain about the syntax. When I browsed to the site, I received the usual Apache prompt for login credentials. When I submit my login credentials, the server returns a 500 Internal Server Error. Here's what shows up in the Apache error log:
>>
>> *********** Log entries ******************
>> [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [540] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>> [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /
>> [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [543] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>> [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico
>> [Mon Jan 26 08:49:31 2009] [warn] [client 35.8.220.248] [545] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>> [Mon Jan 26 08:49:31 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico
>> *********** End of log entries **************
>>
>> Seems that I am not getting Apache to bind to our AD. I suspect that I my configuration syntax is probably more geared for OpenLDAP, rather than AD. Here's the config code I'm using for this test instance (with certain sensitive fields xed out).
>>
>> <Directory />
>> Options Indexes FollowSymLinks MultiViews
>> AllowOverride None
>> Order allow,deny
>> allow from all
>> AuthType Basic
>> AuthName "Secure Area"
>> AuthUserFile /dev/null
>> AuthBasicAuthoritative Off
>> AuthBasicProvider ldap
>> AuthLDAPURL ldap://xxxxxx.lib.msu.edu:386/ou=staff,dc=lib,dc=msu,dc=edu?sAMAccountName
>> AuthLDAPBindDN "cn=xxxxx, ou=users, dc=lib, dc=msu, dc=edu"
>> AuthLDAPBindPassword "xxxxxxx"
>> require valid-user
>> </Directory>
>>
>> Thanks!
>>
>>
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>> Eric Weston, Information Technology Professional
>> MSU Libraries Systems
>> (517)432-6123 x229
>>
>
--
Steven Foley <[log in to unmask]>
Systems Administrator <[log in to unmask]>
College of Engineering at Michigan State University
|