Re: Not able to authenticate Apache against OpenLDAP

[Bill MacAllister <whm@stanford.edu>]

--On Monday, August 24, 2009 01:36:40 AM -0700 Michael March <mmarch@gmail.com> wrote:

> Here is from my Apache error log:
>
> [Mon Aug 24 03:56:55 2009] [warn] [client 5.5.5.5] [26803] auth_ldap
> authenticate: user bob authentication failed; URI / [ldap_simple_bind_s() to
> check user credentials failed][Invalid credentials]
> [Mon Aug 24 03:56:55 2009] [error] [client 5.5.5.5] user bob: authentication
> failure for "/": Password Mismatch

Well, I still don't get why you think this is an OpenLDAP problem.  If the
bind is failing it should be in the ldap log.  But, it doesn't see like
you have matched up the Apache log with the ldap log unless the clocks are
your systems are off.

Bill

> On Mon, Aug 24, 2009 at 1:29 AM, Howard Chu <hyc@symas.com> wrote:
>
> > Michael March wrote:
> >
> > > I'm using Centos / RHEL 5.2 using the stock LDAP..  I'm trying to get
> > > Apache to authenicate with my LDAP server... Using other client software
> > > I can bind as the  user 'bob'.
> > >
> > > Here is my Apache config:
> >
> >  Here is the error from from OpenLDAP:
> > >
> >
> > In all of these log messages the result is consistently "err=0" which means
> > Success. So, I don't see any error here, seems to be a problem with your
> > Apache config.
> >
> >  Aug 24 03:57:06 localhost slapd[23856]: conn=2 fd=14 ACCEPT from
> > > IP=192.168.150.5:59041 <http://192.168.150.5:59041> (IP=0.0.0.0:389
> > > <http://0.0.0.0:389>)
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND
> > > dn="uid=root,ou=People,dc=acme,dc=com" method=128
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND
> > > dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 RESULT tag=97 err=0
> > > text=
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SRCH
> > > base="ou=People,dc=acme,dc=com" scope=2 deref=3
> > > filter="(&(objectClass=*)(uid=bob))"
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SEARCH RESULT
> > > tag=101 err=0 nentries=1 text=
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND anonymous
> > > mech=implicit ssf=0
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND
> > > dn="uid=bob,ou=People,dc=acme,dc=com" method=128
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND
> > > dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
> > > Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 RESULT tag=97 err=0
> > > text=
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 fd=17 ACCEPT from
> > > IP=192.168.150.5:59042 <http://192.168.150.5:59042> (IP=0.0.0.0:389
> > > <http://0.0.0.0:389>)
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND
> > > dn="uid=root,ou=People,dc=acme,dc=com" method=128
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND
> > > dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 RESULT tag=97 err=0
> > > text=
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SRCH
> > > base="ou=People,dc=acme,dc=com" scope=2 deref=3
> > > filter="(&(objectClass=*)(uid=bmason))"
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SEARCH RESULT
> > > tag=101 err=0 nentries=1 text=
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND anonymous
> > > mech=implicit ssf=0
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND
> > > dn="uid=bob,ou=People,dc=acme,dc=com" method=128
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND
> > > dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
> > > Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 RESULT tag=97 err=0
> > > text=



--

Bill MacAllister <whm@stanford.edu>
Systems Software Programmer, ITS Unix Systems, Stanford University