LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-11-2012, 02:19 PM   #1
cnelson
LQ Newbie
 
Registered: Aug 2010
Posts: 14

Rep: Reputation: 0
Apache AD/ldap worked with centos 5.6 not with centos 5.8


This works in 5.6 and it also works with unpatched 5.7, I think patching 5.7 breaks it.

Code:
<Directory "/var/www/html/tools">
        AuthType Basic
        AuthName "Users Only"
        AuthBasicProvider ldap
        #AuthzLDAPAuthoritative on
        AuthzLDAPAuthoritative off
        AuthLDAPURL "ldap://activedirectory.DOMAIN.com:389/DC=DOMAIN,DC=com?uid"
        AuthLDAPBindDN "cn=USERNAME,ou=Service Accounts,dc=DOMAIN,dc=com"
        AuthLDAPBindPassword PASSWORD
       Require ldap-group cn=Security,ou=Security Groups,ou=Groups,dc=DOMAIN,dc=com
       Require ldap-group cn=Linux Server - Read,ou=Security Groups,ou=Groups,dc=DOMAIN,dc=com
#       Satisfy any
</Directory>
I can get ldap auth to work on 5.8 when I do the following; But I can not look into groups, or anywhere besides Americas.
Code:
AuthLDAPURL "ldap://activedirectory.DOMAIN.com:389/DC=DOMAIN,DC=com?sAMAccountName?sub?(objectClass=*)"
Require valid-user
When I enable "Satisfy any", it never prompts and allows everyone.

Server hangs eventually getting a 500 error message, and the logs are not helpful only showing the bellow(but not always)

Code:
[Mon Jul 09 11:15:00 2012] [warn] [client 172.31.9.59] [16379] auth_ldap authenticate: user USERNAME authentication failed; URI /tools/ [ldap_search_ext_s() for user failed][Operations error]
Other info:

centos 5.8
Code:
# /bin/rpm -qa|grep ldap
openldap-2.3.43-25.el5
mod_authz_ldap-0.26-11.el5
openldap-devel-2.3.43-25.el5
apr-util-ldap-1.3.12-1.jason.1
openldap-clients-2.3.43-25.el5
nss_ldap-253-49.el5
openldap-2.3.43-25.el5
nss_ldap-253-49.el5
php-ldap-5.2.17-jason.2

# httpd -v
Server version: Apache/2.2.3
Server built:   Feb 23 2012 21:16:56
centos 5.7
Code:
# /bin/rpm -qa|grep ldap
mod_authz_ldap-0.26-11.el5
nss_ldap-253-42.el5
apr-util-ldap-1.3.12-1.jason.1
openldap-2.3.43-12.el5_6.7
nss_ldap-253-42.el5
openldap-2.3.43-12.el5_6.7

# httpd -v
Server version: Apache/2.2.21 (Unix)
Server built:   Sep 22 2011 17:34:16
Running in debug mode hasn't shown any more information. And the AD server isn't showing anything either.

Are there other configs Apache uses for ldap? Did they change how ldap works in those minor revision changes?

Thanks in advance!
 
Old 07-12-2012, 06:47 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
I would use a tool like wireshark / tshark to inspect the LDAP query on the wire and see what the response from AD actually is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS 5.6 DC with LDAP Backend - Cant populate LDAP Totenkopf Linux - Server 4 05-28-2012 10:40 PM
vnc on Centos 5.7 worked and then didn't after restart frznchckn Linux - Networking 6 11-06-2011 08:36 PM
how to use git auth by ldap and apache 2.2 on CentOS 5.5? phil_hou_cn Linux - Server 2 12-30-2010 02:03 AM
ldap on Centos joshua777 Linux - Networking 1 10-11-2010 04:33 AM
Apache with ldap authentication on CentOS kcorupe Linux - Server 1 05-14-2008 02:22 AM


All times are GMT -5. The time now is 10:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration