httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From phi...@free.fr
Subject Re: [users@httpd] mod_authnz_ldap AuthLDAPURL problem
Date Fri, 19 Mar 2010 09:04:47 GMT
Hi,

when I run ldapsearch -x -W -D 'aduser' -H 'ldap://adserver:389' -b 'dc=iht,dc=com' '(&(objectclass=user)(!(objectclass=computer))(samaccountname=myname))'
samaccountname

tethereal displays the following:

LDAP MsgId=2 Search Request, Base DN=dc=abc,dc=com
LDAP MsgId=2 Search Entry, 1 result
LDAP MsgId=3 Unbind Request

When I use mod_authnz_ldap with the following line in my Apache httpd.conf file:

AuthLDAPURL "ldap://adserver:389/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))"
NONE

tethereal displays the following:

LDAP MsgId=2 Search Request, Base DN=dc=abc,dc=com
LDAP MsgId=2 Search Entry, 1 result
DNS Standard query AAAA ForestDnsZones.ABC.com
DNS Standard query response
DNS Standard query AAAA ForestDnsZones.ABC.com.abc.com
DNS Standard query response, No such name

In the first case, AD finds a user whose sAMAccountName is "myname", whereas, in the second
case, AD seems to get lost in the Root DSE (which contains the ForestDnsZones.ABC.com branch).

Has anyone run into this problem before?

p






----- Mail Original -----
De: "Eric Covener" <covener@gmail.com>
À: users@httpd.apache.org
Envoyé: Jeudi 18 Mars 2010 18:34:18 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm
/ Vienne
Objet: Re: [users@httpd] mod_authnz_ldap AuthLDAPURL problem

On Thu, Mar 18, 2010 at 1:25 PM,  <phiroc@free.fr> wrote:
> Hi,
>
> when I use the following AuthLDAPURL
>
> "ldap://adserver/ou=city1,dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))"
NONE
>
> I can authenticate any user in "ou" city1.
>
> If I replace the AuthLDPAURL by
>
> "ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))"
NONE
>
> I get an Apache 2.2 internal error and in the error log the following message:
>
> [debug] mod_authnz_ldap.c(379): [client xxxx] [8655] auth_ldap authenticate: using URL
ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))
> [info] [client xxxx] [8655] auth_ldap authenticate: user myusername authentication failed;
URI /test/ [ldap_search_ext_s() for user failed][Operations error]
>
> When I do ldapsearch ... -b 'dc=abc,dc=com' '(&(objectClass=user)(!(objectClass=computer))(samaccountname=myusername)',
the Active Directory server returns data, which seems to imply that there's something wrong
with the mod_authnz_ldap module, or with the way I set it up or use it.

Can you look at the differences on the wire via e.g. wireshark?  This
should make the difference in the search pretty easy to spot.



-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message