Eric, "Users" in AD is a container not an OU, try this line: AuthLDAPBindDN "cn=xxxxx,cn=Users,dc=lib,dc=msu,dc=edu" Obviously replacing the x's with your bind username. On 1/26/2009 10:17 AM, Weston, Eric wrote: > -----Original Message----- > From: Steven Foley [mailto:[log in to unmask]] > Sent: Mon 1/26/2009 9:42 AM > To: Weston, Eric > Cc: [log in to unmask] > Subject: Re: [MSUNAG] Apache2 AD integration > > Eric, > Unless you've changed the default ports, Active Directory LDAP runs on > TCP port 389, not 386. > > > -- D'oh!!! Well, correcting that got rid of the 500 error. Thanks for spotting that, I would have overlooked that for days, I'm sure. I still have some other issues, it won't accept my credentials. Here's the new set of errors: > > [Mon Jan 26 10:07:27 2009] [warn] [client 35.8.220.248] [8253] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials] > [Mon Jan 26 10:07:27 2009] [error] [client 35.8.220.248] user westone: authentication failure for "/": Password Mismatch > [Mon Jan 26 10:07:41 2009] [warn] [client 35.8.220.248] [8253] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials] > [Mon Jan 26 10:07:41 2009] [error] [client 35.8.220.248] user westone: authentication failure for "/": Password Mismatch > [Mon Jan 26 10:08:02 2009] [warn] [client 35.8.220.248] [8254] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials] > [Mon Jan 26 10:08:02 2009] [error] [client 35.8.220.248] user westone: authentication failure for "/": Password Mismatch > > Maybe I need to use a different user to bind to AD. I'll try that next... > > > On 1/26/2009 9:19 AM, Weston, Eric wrote: >> Anyone have success doing Apache authentication against Active Directory? >> >> I'm working on this, and as expected, running into difficulties. Googling this problem returns all sorts of conflicting advice, as you might imagine. >> >> I'm using a Linux server, running Ubuntu 8.10, with Apache2, version 2.2.9 (Ubuntu). >> >> After considerable tweaking of the config file, I eventually got it so Apache did not complain about the syntax. When I browsed to the site, I received the usual Apache prompt for login credentials. When I submit my login credentials, the server returns a 500 Internal Server Error. Here's what shows up in the Apache error log: >> >> *********** Log entries ****************** >> [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [540] auth_ldap authenticate: user westone authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] >> [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: / >> [Mon Jan 26 08:49:28 2009] [warn] [client 35.8.220.248] [543] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] >> [Mon Jan 26 08:49:28 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico >> [Mon Jan 26 08:49:31 2009] [warn] [client 35.8.220.248] [545] auth_ldap authenticate: user westone authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] >> [Mon Jan 26 08:49:31 2009] [crit] [client 35.8.220.248] configuration error: couldn't check user. No user file?: /favicon.ico >> *********** End of log entries ************** >> >> Seems that I am not getting Apache to bind to our AD. I suspect that I my configuration syntax is probably more geared for OpenLDAP, rather than AD. Here's the config code I'm using for this test instance (with certain sensitive fields xed out). >> >> <Directory /> >> Options Indexes FollowSymLinks MultiViews >> AllowOverride None >> Order allow,deny >> allow from all >> AuthType Basic >> AuthName "Secure Area" >> AuthUserFile /dev/null >> AuthBasicAuthoritative Off >> AuthBasicProvider ldap >> AuthLDAPURL ldap://xxxxxx.lib.msu.edu:386/ou=staff,dc=lib,dc=msu,dc=edu?sAMAccountName >> AuthLDAPBindDN "cn=xxxxx, ou=users, dc=lib, dc=msu, dc=edu" >> AuthLDAPBindPassword "xxxxxxx" >> require valid-user >> </Directory> >> >> Thanks! >> >> >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >> Eric Weston, Information Technology Professional >> MSU Libraries Systems >> (517)432-6123 x229 >> > -- Steven Foley <[log in to unmask]> Systems Administrator <[log in to unmask]> College of Engineering at Michigan State University