Solved

Apache with ldap authentication

Posted on 2014-02-14
11
400 Views
Last Modified: 2014-03-18
Hi,
I'm using a LDAP to authenticate user on an apache web site.
The configuration is working fine for about 80% of my user but for some, they can't be granted to access.
In apache error log I'm seeing :

[Thu Feb 13 16:53:16 2014] [warn] [client x.y.z.v] [17697] auth_ldap authenticate: user john.doe authentication failed; URI /test/ [ldap_simple_bind_s() to check user credentials failed][Other (e.g., implementation specific) error]

here is my apache location conf :
        AuthType Basic
        AuthName "Login"
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative Off
        AuthLDAPURL "ldaps://w.x.y.z:636/ou=people,o=myO?cn"
        AuthLDAPBindDN "cn=mybinding"
        AuthLDAPBindPassword "myPassword"
        require valid-user

Open in new window


I can't find a way to decode the error.
0
Comment
Question by:Sybux
  • 6
  • 5
11 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39860867
What LDAP server are you using?

Does it show any errors?
0
 

Author Comment

by:Sybux
ID: 39890596
Finally I've found the problem but I don't know how to correct it.

The problem was located in the password. Users with access problem got some special caracters in password like éàèç.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39890681
Which version of Apache?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Sybux
ID: 39909330
Sorry for late delay, I was on vacation !

The version of apache is 2.2.14
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909448
You may want to try and newer level.  I am assuming you are having this problem:

https://issues.apache.org/jira/browse/KARAF-2476
0
 

Author Comment

by:Sybux
ID: 39909494
One new step in debug.

The problem seems to be Ubuntu :)

I've set the username and password that is not working as the bind user in my ldap_auth.

In vi, I can see the password like this 1234Tëst in stead of 1234Tëst which is seen if I open the file in my windows notepad.

Do you have any ideas ?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909702
How did you get the file from your Windows box to the Ubuntu box?

I would try using either sftp or standard FTP, but choose binary mode.

It looks like each box had different character encoding/language selected.
0
 

Author Comment

by:Sybux
ID: 39917099
No it's not a problem of file transfert. If I type the password 1234Tëst in the Apache prompt, it fails

but I type password 1234Tëst it works. So definitively it's a codepage problem but I can't figure where to correct it
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39917263
What language is Windows setup to use?

What language is Ubuntu setup to use?
0
 

Accepted Solution

by:
Sybux earned 0 total points
ID: 39928011
Finally, one of my engineer found the problem. It's a bug in apache 2.2.16 on module mod_authz_ldap.

It's corrected in patch 2.2.17.
0
 

Author Closing Comment

by:Sybux
ID: 39936342
Found ourselves
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question