LDAP/APACHE Authentication

I am currently hosting an intranet web page on a linux (RHEL4.4) server. I needed to restrict access to a certain group, so I am authenticating Apache against our Active Directory. It is working perfectly for all of my 30+ users except for two. All user accounts are identical except for name. There are no messages in my /var/log/messages or /var/log/httpd/error_log that would give any hint. In fact, they appear to be authenticating properly, but receive a "You do not have permission to view..." in the browser. The site is located in /var/www/html/<site_name> and the owner of all files are Apache.Apache.

Here is the authentication from my /etc/httpd/conf/httpd.conf:

  Order allow,deny
    Allow from all
        AuthType Basic
        AuthName "INTRANET"
        AuthzLDAPMethod ldap
        AuthzLDAPServer <ldap_server_name>
        AuthzLDAPBindDN "cn=ldapuser,cn=Users,dc=<domain>,dc=<name>,dc=com"
        AuthzLDAPBindPassword "<password>"
        AuthzLDAPUserKey sAMAccountName
        AuthzLDAPUserBase "ou=<custom_OU>,dc=<domain>,dc=<name>,dc=com"
        AuthzLDAPUserScope subtree
        AuthzLDAPGroupBase "ou=<custom_group_OU>,dc=<domain>,dc=<name>,dc=com"
        AuthzLDAPGroupKey cn
        AuthzLDAPMemberKey member
        AuthzLDAPSetGroupAuth ldapdn
        require group <group_name>

As stated, the authentication works perfectly for ever user except for two and I cannot for the life of me figure out why they would be denied. Their AD accounts are exactly the same as the others.
powellchristopherAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
powellchristopherConnect With a Mentor Author Commented:
No solution yet.
0
 
giltjrCommented:
What I would suggest is to get some type of ldap browser and look at the accounts from a LDAP view.  I use Softerra LDAP Browser, v2.6 is free.  I believe that MS has a free LDAP browser also.


If ldap connection is not SSL'ed you can get wireshark (http://www.wireshark.org) and just do a packet capture of somebody that works and then one of the ids that does not work and Wireshark will show you the ldap calls and results.
0
 
giltjrCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.