Naveed27c
asked on
Configuration of Apache with LDAP on Widows 2003
Hi,
I want to configure the Apache 2.2.8 with MS LDAP and then will configure Subvesion 1.4.6 on Windows 2003 Platform.
I read the documention over the web but most of it is for Unix/Linux platform.
Can you please provide the detailed configuration of Apache with LDAP. I have installed the Apache 2.2.8 on Windows 2003 and following actions are done.
Following are the entries in httpd.conf file for Apache.
1.LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
2. LoadModule ldap_module modules/mod_ldap.so
3. Add the following
<Directory "C:\Program Files\Apache Software Foundation\Apache2.2\htdoc
AuthType Basic
AuthName Internal
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ldap.domain.com:38
Require valid-user
AuthLDAPBindDN "ou=LDAP Users & Groups,dc=domain,dc=com"
</Directory>
When I try to login to the Apache Server I am not getting authenticated by the LDAP Server and I found the following errors in the Apache Server's log file.
[Wed Jun 18 00:13:19 2008] [warn] [client localhost] [3588] auth_ldap authenticate: user myname authentication failed; URI / [ldap_search_ext_s() for user failed][Operations Error]
Where as the user 'myname' exists in the LDAP.
I want to configure the Apache 2.2.8 with MS LDAP and then will configure Subvesion 1.4.6 on Windows 2003 Platform.
I read the documention over the web but most of it is for Unix/Linux platform.
Can you please provide the detailed configuration of Apache with LDAP. I have installed the Apache 2.2.8 on Windows 2003 and following actions are done.
Following are the entries in httpd.conf file for Apache.
1.LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
2. LoadModule ldap_module modules/mod_ldap.so
3. Add the following
<Directory "C:\Program Files\Apache Software Foundation\Apache2.2\htdoc
AuthType Basic
AuthName Internal
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ldap.domain.com:38
Require valid-user
AuthLDAPBindDN "ou=LDAP Users & Groups,dc=domain,dc=com"
</Directory>
When I try to login to the Apache Server I am not getting authenticated by the LDAP Server and I found the following errors in the Apache Server's log file.
[Wed Jun 18 00:13:19 2008] [warn] [client localhost] [3588] auth_ldap authenticate: user myname authentication failed; URI / [ldap_search_ext_s() for user failed][Operations Error]
Where as the user 'myname' exists in the LDAP.
ASKER
Hi giltjr,
Thanks for your comments. I hope you can help me on this issue. There is some entry which I am not entering correctly. I need you help to put the entried for all the required parameters for LDAP configurations.
The user in LDAP is 'tester' and his password is 'a1234'. This user is created under a orgnizationalunit OU called 'Users'. DC=domain,DC=com . In LDAP the objectClass entries for usre 'tester' are 'top' and 'person'. I have already defined all the configuration in my post. Now in Apache httpd.conf file I have enter the following entries, Please correct me on this and also if you need any more info let me know. I really need this to work and stuck on this for whole one week. Also let me know if any permission issues are there.
This is on Windows.
<Directory "C:\Program Files\Apache Software Foundation\Apache2.2\htdoc
AuthType Basic
AuthName Internal
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://192.168.1.101:389/
Require valid-user
AuthLDAPBindDN "cn='tester',ou=Users,dc=d
</Directory>
But still getting same error. I dont know how to specify a valid user-id and password on the "AuthLDAPBindDN" statement.
Can you please send me a example configuration which is working and their corresponding entries in LDAP server so I can follow the same steps to setup this.
Thanks Guru
Naveed
Thanks for your comments. I hope you can help me on this issue. There is some entry which I am not entering correctly. I need you help to put the entried for all the required parameters for LDAP configurations.
The user in LDAP is 'tester' and his password is 'a1234'. This user is created under a orgnizationalunit OU called 'Users'. DC=domain,DC=com . In LDAP the objectClass entries for usre 'tester' are 'top' and 'person'. I have already defined all the configuration in my post. Now in Apache httpd.conf file I have enter the following entries, Please correct me on this and also if you need any more info let me know. I really need this to work and stuck on this for whole one week. Also let me know if any permission issues are there.
This is on Windows.
<Directory "C:\Program Files\Apache Software Foundation\Apache2.2\htdoc
AuthType Basic
AuthName Internal
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://192.168.1.101:389/
Require valid-user
AuthLDAPBindDN "cn='tester',ou=Users,dc=d
</Directory>
But still getting same error. I dont know how to specify a valid user-id and password on the "AuthLDAPBindDN" statement.
Can you please send me a example configuration which is working and their corresponding entries in LDAP server so I can follow the same steps to setup this.
Thanks Guru
Naveed
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks giltjr it worked for user tester after binding the password.
Now if there are 300 users in LDAP in OU 'Users' then how do I authenticate them. I mean to say that now how a common user part of my domain 'domain' get authenticated.
Thanks
Naveed
Now if there are 300 users in LDAP in OU 'Users' then how do I authenticate them. I mean to say that now how a common user part of my domain 'domain' get authenticated.
Thanks
Naveed
ASKER
Thanks again giltjr, every thing is working now. Great help.
Best Regards
Naveed
Best Regards
Naveed
Glad to see you have it working. I was out of town and did not have access to the Internet. To give a basic explanation of why it is working.
The way things normally use LDAP for authentication is they connect to the LDAP server either anonymously or with a "common" user-id. Then they do a "look-up" for the user you are attempting to verify. If that user-id exists, then they verify the password.
This is why once you got the correct user-id/password to connect to the LDAP server, everything worked. If you had users in a OU other than Users, then it gets a bit more complicated.
The way things normally use LDAP for authentication is they connect to the LDAP server either anonymously or with a "common" user-id. Then they do a "look-up" for the user you are attempting to verify. If that user-id exists, then they verify the password.
This is why once you got the correct user-id/password to connect to the LDAP server, everything worked. If you had users in a OU other than Users, then it gets a bit more complicated.
Which means you will need to specify a valid user-id and password on the "AuthLDAPBindDN" statement.