Authenticating to Active Directory

[Bluecrack]

All,

I'd be most greatful for any help on this problem. I have several Apache servers which have password protected content. I would like to be able to allow my users to authenticate to these areas using their Active Directory usernames and passwords.

I originally looked for a way to do this via RADIUS but finding none, went back to LDAP. I can now successfully authenticate to Active Directory over LDAP on tcp 389, but not over LDAPS (usually tcp 636).

The following error shows up in the apache error log:

[Fri Aug 29 14:01:07 2003] [warn] [client 127.0.0.1] [21087] auth_ldap authenticate: user syslog authentication failed; URI /ldaps [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

Yes, there is suppposedly and LDAPS connection on tcp 636 on the AD server.

Has anyone been able to use LDAPS in apache to authenticate to Active Directory?

bluecrack

 

[todd643]

i am having prob. getting apache 2.0.47 on win2k to talk
to Active Dir. Can you post your sample
setup (http.conf)
Thanks!

 

[todd643]

I am using the standard mod_auth_ldap.so
apache starts up fine with these debug msg

when i tried to login apache gets a hard crash on
memory violation

[Wed Oct 01 14:39:47 2003] [debug] mod_auth_ldap.c(760): [2876] auth_ldap url parse: Port: 389
[Wed Oct 01 14:39:47 2003] [debug] mod_auth_ldap.c(762): [2876] auth_ldap url parse: DN: o=MyCompany
[Wed Oct 01 14:39:47 2003] [debug] mod_auth_ldap.c(764): [2876] auth_ldap url parse: attrib: uid
[Wed Oct 01 14:39:47 2003] [debug] mod_auth_ldap.c(766): [2876] auth_ldap url parse: scope: base
[Wed Oct 01 14:39:47 2003] [debug] mod_auth_ldap.c(771): [2876] auth_ldap url parse: filter: (null)
[Wed Oct 01 14:39:47 2003] [debug] mod_auth_ldap.c(836): LDAP: auth_ldap not using SSL connections



<Location /MyApp>


#AuthType Basic
AuthLDAPURL &quot;ldap://mypdcserver:389/o=MyCompany?uid=&quot;
require user &quot;Foo&quot;

</Location>

 

[Bluecrack]

Here's my config:

LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so

Alias /ldap &quot;/var/

http://www/ldap&quot;

<Directory &quot;/var/

http://www/ldap&quot;>

Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthName &quot;LDAP Testing&quot;
AuthType Basic
AuthLDAPUrl &quot;ldap://ldap.company.com:389/dc=company,dc=com?samAccountName?sub?(objectCategory=person)(objectClass=User)&quot;
AuthLDAPBindDN &quot;CN=ldapaccount,OU=AnyOU,DC=company,DC=com&quot;
AuthLDAPBindPassword password
require group cn=Information Technology,cn=users,dc=company,dc=com
#require user muquit foo bar &quot;john doe&quot;
# require valid-user
#require roomnumber &quot;123 Center Building&quot;
#require filter &quot;(&(telephonenumber=1234)(roomnumber=123))&quot;
#require group cn=rcs,ou=Groups
</Directory>

Note: I have an account called &quot;ldapaccount&quot; in an OU called &quot;AnyOU&quot; which I created in Active Directory.

I was able to connect this way but have yet to get LDAPS working. I've actually put this project aside for now due to corporate restructuring. I'm still working on it on my own time, but that's quite limited right now.

Bluecrack

 

[bwilliam13]

I have no experience doing what you want to do...but maybe this will help:

http://tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/