[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Authorization from Apache

To: Kannan Sivasankaran <Kannan_Sivasankaran@USSWI.COM>
Subject: Re: LDAP Authorization from Apache
From: "Kirk A. Turner-Rustin" <ktrustin@owu.edu>
Date: Fri, 2 Jan 2004 15:07:39 -0500 (EST)
Cc: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
In-reply-to: <229B8D0BEBF9D611A33B00B0D020512D7A93A5@tvmntex1.usswi.com>

On Fri, 2 Jan 2004, Kannan Sivasankaran wrote:

> Hi
> I am tring to get my apache directory authenticated by LDAP.
> 
[snip]
> 
> But when I "hardcoded" my username and password in the httpd.conf file its
> getting authenticated. The dialog box for username and password entry also
> not appearing.
> This how I "hardcoded" my username and password
> ----------------------------------------------------------------------------
> -------------------------------------------
> AuthType Basic
> AuthName LDAP
> AuthLDAPAuthoritative on
> AuthLDAPURL "ldap://10.10.1.125/ou=ustr_in,o=ustr?cn??(objectClass=*)"
> AuthLDAPBindDN cn=A354T1200,ou=ustr_in,o=ustr
> AuthLDAPBindPassword helloall
> require valid-user
> ----------------------------------------------------------------------------
> ----------------------------------------------
> 
[snip]
> 
> Anybody have any idea in the first case why the request string to LDAP
> server not getting correctly?

The AuthLDAPBindDN and BindPassword attributes cause auth_ldap to bind to
your LDAP directory as a non-anonymous user. In their absence, auth_ldap
binds anonymously. Therefore, I suspect that your ACLs are not allowing
anonymous binds from your Apache server, or are not allowing anonymous
auth against the userPassword attribute and anonymous read against the
cn attribute in the desired DIT branch.

If you are truly using auth_ldap and not mod_auth_ldap, I commend the
auth_ldap docs to your attention:

http://www.rudedog.org/auth_ldap/1.6/auth_ldap.html

as well as the auth_ldap mailing list:

http://www.rudedog.org/mailman/listinfo/auth_ldap

If not, I'm sure that there is similar available for mod_auth_ldap at
httpd.apache.org or thereabouts.

> 
> Also can anybody tell me what  conn:22 means in the above string, because
> when I checked the log I found that all correctly formed string has conn:22.
> But see my first request string it has conn:1. For non-correct strings the
> conn: number will differ like sometimes it will be conn:1 sometimes conn:2
> or conn:3 etc... But for all correct strings I can see conn:22 only.
> 

-- 
Kirk Turner-Rustin
Programmer/Analyst
Ohio Wesleyan University
http://www.owu.edu
ktrustin@owu.edu

Follow-Ups:
- Re: LDAP Authorization from Apache
  - From: Ace Suares <ace@suares.nl>

References:
- LDAP Authorization from Apache
  - From: Kannan Sivasankaran <Kannan_Sivasankaran@USSWI.COM>

Prev by Date: Re: LDBM or BDB ?
Next by Date: Re: LDAP Authorization from Apache
Index(es):
- Chronological
- Thread