Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 05-14-2008, 04:13 PM   #1
Registered: Nov 2004
Location: Arizona
Distribution: Arch
Posts: 107

Rep: Reputation: 15
ldap apache auth issues

I'm trying to get ldap authentication working in apache. So far I have it connecting and looking up the user in openldap but for some reason it always says mismatched passwd?

So I set my ldap passwd just to make sure:
[root@****** kyle]# ldappasswd -D "cn=root,dc=*******,dc=internal" -W -H ldaps://*******.*******.internal -x "uid=kcorupe,ou=Users,dc=*******,dc=internal"
Enter LDAP Password: 
New password: fecEfe
Result: Success (0)

I see apache connecting to the openldap server:

>>> dnPrettyNormal: <uid=kcorupe,ou=Users,dc=corpedia,dc=internal>
=> ldap_bv2dn(uid=kcorupe,ou=Users,dc=corpedia,dc=internal,0)
<= ldap_bv2dn(uid=kcorupe,ou=Users,dc=corpedia,dc=internal)=0 
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=kcorupe,ou=Users,dc=corpedia,dc=internal)=0 
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=kcorupe,ou=users,dc=corpedia,dc=internal)=0 
<<< dnPrettyNormal: <uid=kcorupe,ou=Users,dc=corpedia,dc=internal>, <uid=kcorupe,ou=users,dc=corpedia,dc=internal>
do_bind: version=3 dn="uid=kcorupe,ou=Users,dc=corpedia,dc=internal" method=128
==> bdb_bind: dn: uid=kcorupe,ou=Users,dc=corpedia,dc=internal
send_ldap_result: conn=21 op=2 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=3 tag=97 err=49
ber_flush: 14 bytes to sd 18
connection_get(18): got connid=21
connection_read(18): checking for input on id=21
ber_get_next: tag 0x30 len 5 contents:
ber_get_next on fd 18 failed errno=0 (Success)
connection_read(18): input error=-2 id=21, closing.
connection_closing: readying conn=21 sd=18 for close
connection_close: deferring conn=21 sd=18
connection_resched: attempting closing conn=21 sd=18
connection_close: conn=21 sd=18

And this is all that I see in error_log for apache, and I have the debug level set:

[Wed May 14 13:05:49 2008] [warn] [client] [13123] auth_ldap authenticate: user kcorupe authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
[Wed May 14 13:05:49 2008] [error] [client] user kcorupe: authentication failure for "/": Password Mismatch
See, all it says is passwd mismatch, but I am supplying the correct passwd. and it is looking up the correct user in ldap.

Here is my apache config for that section:

<Location "/">
Order deny,allow
Deny from All
AuthName "LDAP Test"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPUrl ldap://*******.********.internal/ou=Users,dc=corpedia,dc=internal?uid
Require valid-user
Satisfy any
Old 05-16-2008, 04:34 AM   #2
Registered: Nov 2007
Location: South Australia
Distribution: Ubuntu 11.10
Posts: 81

Rep: Reputation: 23
Your Apache config looks OK. Almost certainly LDAP is having trouble. If you bump up the syslog debug level you should be able to see passwords and more detailed LDAP activity (you should have a "debug" log file in your syslog directory - is that where your second listing comes from?). LDAP can be tricky to get going - if you are using LDAP for login authentication check if you can login OK.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
OTRS and LDAP auth Ammad Linux - General 0 04-14-2008 03:56 PM
Apache 2 LDAP auth noir911 Linux - Server 1 02-24-2008 11:42 PM
LDAP auth with apache doesn't works in FC6 chithu Linux - Server 6 04-17-2007 04:45 AM
Enabling LDAP auth for Apache 2.0.55 HSukirman Linux - Software 3 06-07-2006 04:56 AM
Auth via LDAP on eDirectory jtweaker Linux - Networking 1 12-28-2004 09:18 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:45 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration