Solved

Apache with ldap authentication

Posted on 2014-02-14
11
403 Views
Last Modified: 2014-03-18
Hi,
I'm using a LDAP to authenticate user on an apache web site.
The configuration is working fine for about 80% of my user but for some, they can't be granted to access.
In apache error log I'm seeing :

[Thu Feb 13 16:53:16 2014] [warn] [client x.y.z.v] [17697] auth_ldap authenticate: user john.doe authentication failed; URI /test/ [ldap_simple_bind_s() to check user credentials failed][Other (e.g., implementation specific) error]

here is my apache location conf :
        AuthType Basic
        AuthName "Login"
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative Off
        AuthLDAPURL "ldaps://w.x.y.z:636/ou=people,o=myO?cn"
        AuthLDAPBindDN "cn=mybinding"
        AuthLDAPBindPassword "myPassword"
        require valid-user

Open in new window


I can't find a way to decode the error.
0
Comment
Question by:Sybux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39860867
What LDAP server are you using?

Does it show any errors?
0
 

Author Comment

by:Sybux
ID: 39890596
Finally I've found the problem but I don't know how to correct it.

The problem was located in the password. Users with access problem got some special caracters in password like éàèç.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39890681
Which version of Apache?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Sybux
ID: 39909330
Sorry for late delay, I was on vacation !

The version of apache is 2.2.14
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909448
You may want to try and newer level.  I am assuming you are having this problem:

https://issues.apache.org/jira/browse/KARAF-2476
0
 

Author Comment

by:Sybux
ID: 39909494
One new step in debug.

The problem seems to be Ubuntu :)

I've set the username and password that is not working as the bind user in my ldap_auth.

In vi, I can see the password like this 1234Tëst in stead of 1234Tëst which is seen if I open the file in my windows notepad.

Do you have any ideas ?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909702
How did you get the file from your Windows box to the Ubuntu box?

I would try using either sftp or standard FTP, but choose binary mode.

It looks like each box had different character encoding/language selected.
0
 

Author Comment

by:Sybux
ID: 39917099
No it's not a problem of file transfert. If I type the password 1234Tëst in the Apache prompt, it fails

but I type password 1234Tëst it works. So definitively it's a codepage problem but I can't figure where to correct it
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39917263
What language is Windows setup to use?

What language is Ubuntu setup to use?
0
 

Accepted Solution

by:
Sybux earned 0 total points
ID: 39928011
Finally, one of my engineer found the problem. It's a bug in apache 2.2.16 on module mod_authz_ldap.

It's corrected in patch 2.2.17.
0
 

Author Closing Comment

by:Sybux
ID: 39936342
Found ourselves
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Forward apache log to Syslog-NG 7 129
PHP Register global 21 117
Internal Server Error on 1&1 Apache Server running PERL 3 93
Centos webserver sending tons of spam 27 32
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question