[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP Authorization from Apache

To: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
Subject: LDAP Authorization from Apache
From: Kannan Sivasankaran <Kannan_Sivasankaran@USSWI.COM>
Date: Fri, 2 Jan 2004 13:26:04 +0530

Hi
I am tring to get my apache directory authenticated by LDAP.

In httpd.conf I wrote
----------------------------------------------------------------------------
-------------------------------------------
AuthType Basic
AuthName LDAP
AuthLDAPAuthoritative on
AuthLDAPURL "ldap://10.10.1.125/ou=ustr_in,o=ustr?cn??(objectClass=*)"
require valid-user
----------------------------------------------------------------------------
----------------------------------------------

I am getting the dialog box to enter username and password but I am not
getting authenticated. When I checked the LDAP log I found that the username
entered is not comming there in the request string to LDAP. I am getting
string like this
----------------------------------------------------------------------------
-------------------------------------------
DSAResolveName conn:1 for client [1;34m.tvmemail1.ustr.USTR_TREE.[0;0m
----------------------------------------------------------------------------
-------------------------------------------
The "tvmemail1" stuff is the computer name which LDAP is running. Above is
not the corect expected request string.




But when I "hardcoded" my username and password in the httpd.conf file its
getting authenticated. The dialog box for username and password entry also
not appearing.
This how I "hardcoded" my username and password
----------------------------------------------------------------------------
-------------------------------------------
AuthType Basic
AuthName LDAP
AuthLDAPAuthoritative on
AuthLDAPURL "ldap://10.10.1.125/ou=ustr_in,o=ustr?cn??(objectClass=*)"
AuthLDAPBindDN cn=A354T1200,ou=ustr_in,o=ustr
AuthLDAPBindPassword helloall
require valid-user
----------------------------------------------------------------------------
----------------------------------------------

When I checked the LDAP log I found the following string. This is correct
format of request string that should reach LDAP.
----------------------------------------------------------------------------
---------------------------------------------------------------
DSAResolveName conn:22 for client
[1;34m.A354T1200.USTR_IN.ustr.USTR_TREE.[0;0m
----------------------------------------------------------------------------
----------------------------------------------------------------


Anybody have any idea in the first case why the request string to LDAP
server not getting correctly?

Also can anybody tell me what  conn:22 means in the above string, because
when I checked the log I found that all correctly formed string has conn:22.
But see my first request string it has conn:1. For non-correct strings the
conn: number will differ like sometimes it will be conn:1 sometimes conn:2
or conn:3 etc... But for all correct strings I can see conn:22 only.

Follow-Ups:
- Re: LDAP Authorization from Apache
  - From: "Kent L. Nasveschuk" <kent@wareham.k12.ma.us>
- Re: LDAP Authorization from Apache
  - From: "Kirk A. Turner-Rustin" <ktrustin@owu.edu>

Prev by Date: Re: can slapcat dump dbb file which size larger than 9G?
Next by Date: Re: Apple's OpenDirectory
Index(es):
- Chronological
- Thread