Eric, Unless you've changed the default ports, Active Directory LDAP runs on TCP port 389, not 386. On 1/26/2009 9:19 AM, Weston, Eric wrote: > Anyone have success doing Apache authentication against Active Directory? > > I'm working on this, and as expected, running into difficulties. Googling this problem returns all sorts of conflicting advice, as you might imagine. > > I'm using a Linux server, running Ubuntu 8.10, with Apache2, version 2.2.9 (Ubuntu). > > After considerable tweaking of the config file, I eventually got it so Apache did not complain about the syntax. When I browsed to the site, I received the usual Apache prompt for login credentials. When I submit my login credentials, the server returns a 500 Internal Server Error. Here's what shows up in the Apache error log: > > *********** Log entries ****************** > [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [540] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] > [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: / > [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [543] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] > [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico > [Mon Jan 26 08:49:31 2009] [warn] [client 35.8.220.248] [545] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] > [Mon Jan 26 08:49:31 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico > *********** End of log entries ************** > > Seems that I am not getting Apache to bind to our AD. I suspect that I my configuration syntax is probably more geared for OpenLDAP, rather than AD. Here's the config code I'm using for this test instance (with certain sensitive fields xed out). > > <Directory /> > Options Indexes FollowSymLinks MultiViews > AllowOverride None > Order allow,deny > allow from all > AuthType Basic > AuthName "Secure Area" > AuthUserFile /dev/null > AuthBasicAuthoritative Off > AuthBasicProvider ldap > AuthLDAPURL ldap://xxxxxx.lib.msu.edu:386/ou=staff,dc=lib,dc=msu,dc=edu?sAMAccountName > AuthLDAPBindDN "cn=xxxxx, ou=users, dc=lib, dc=msu, dc=edu" > AuthLDAPBindPassword "xxxxxxx" > require valid-user > </Directory> > > Thanks! > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Eric Weston, Information Technology Professional > MSU Libraries Systems > (517)432-6123 x229 > -- Steven Foley <[log in to unmask]> Systems Administrator <[log in to unmask]> College of Engineering at Michigan State University