Improve company productivity with a Business Account.Sign Up

x
?
Solved

Apache with ldap authentication

Posted on 2014-02-14
11
Medium Priority
?
411 Views
Last Modified: 2014-03-18
Hi,
I'm using a LDAP to authenticate user on an apache web site.
The configuration is working fine for about 80% of my user but for some, they can't be granted to access.
In apache error log I'm seeing :

[Thu Feb 13 16:53:16 2014] [warn] [client x.y.z.v] [17697] auth_ldap authenticate: user john.doe authentication failed; URI /test/ [ldap_simple_bind_s() to check user credentials failed][Other (e.g., implementation specific) error]

here is my apache location conf :
        AuthType Basic
        AuthName "Login"
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative Off
        AuthLDAPURL "ldaps://w.x.y.z:636/ou=people,o=myO?cn"
        AuthLDAPBindDN "cn=mybinding"
        AuthLDAPBindPassword "myPassword"
        require valid-user

Open in new window


I can't find a way to decode the error.
0
Comment
Question by:Sybux
  • 6
  • 5
11 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39860867
What LDAP server are you using?

Does it show any errors?
0
 

Author Comment

by:Sybux
ID: 39890596
Finally I've found the problem but I don't know how to correct it.

The problem was located in the password. Users with access problem got some special caracters in password like éàèç.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39890681
Which version of Apache?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:Sybux
ID: 39909330
Sorry for late delay, I was on vacation !

The version of apache is 2.2.14
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909448
You may want to try and newer level.  I am assuming you are having this problem:

https://issues.apache.org/jira/browse/KARAF-2476
0
 

Author Comment

by:Sybux
ID: 39909494
One new step in debug.

The problem seems to be Ubuntu :)

I've set the username and password that is not working as the bind user in my ldap_auth.

In vi, I can see the password like this 1234Tëst in stead of 1234Tëst which is seen if I open the file in my windows notepad.

Do you have any ideas ?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909702
How did you get the file from your Windows box to the Ubuntu box?

I would try using either sftp or standard FTP, but choose binary mode.

It looks like each box had different character encoding/language selected.
0
 

Author Comment

by:Sybux
ID: 39917099
No it's not a problem of file transfert. If I type the password 1234Tëst in the Apache prompt, it fails

but I type password 1234Tëst it works. So definitively it's a codepage problem but I can't figure where to correct it
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39917263
What language is Windows setup to use?

What language is Ubuntu setup to use?
0
 

Accepted Solution

by:
Sybux earned 0 total points
ID: 39928011
Finally, one of my engineer found the problem. It's a bug in apache 2.2.16 on module mod_authz_ldap.

It's corrected in patch 2.2.17.
0
 

Author Closing Comment

by:Sybux
ID: 39936342
Found ourselves
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Watch the software video of Kernel Import PST to Office 365 tools which can easily import PST and OST files to Office 365 for bulk mailboxes. The process of migration is simple and user can map source and destination mailboxes and easily import data…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question