Solved

Apache with ldap authentication

Posted on 2014-02-14
11
397 Views
Last Modified: 2014-03-18
Hi,
I'm using a LDAP to authenticate user on an apache web site.
The configuration is working fine for about 80% of my user but for some, they can't be granted to access.
In apache error log I'm seeing :

[Thu Feb 13 16:53:16 2014] [warn] [client x.y.z.v] [17697] auth_ldap authenticate: user john.doe authentication failed; URI /test/ [ldap_simple_bind_s() to check user credentials failed][Other (e.g., implementation specific) error]

here is my apache location conf :
        AuthType Basic
        AuthName "Login"
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative Off
        AuthLDAPURL "ldaps://w.x.y.z:636/ou=people,o=myO?cn"
        AuthLDAPBindDN "cn=mybinding"
        AuthLDAPBindPassword "myPassword"
        require valid-user

Open in new window


I can't find a way to decode the error.
0
Comment
Question by:Sybux
  • 6
  • 5
11 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39860867
What LDAP server are you using?

Does it show any errors?
0
 

Author Comment

by:Sybux
ID: 39890596
Finally I've found the problem but I don't know how to correct it.

The problem was located in the password. Users with access problem got some special caracters in password like éàèç.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39890681
Which version of Apache?
0
 

Author Comment

by:Sybux
ID: 39909330
Sorry for late delay, I was on vacation !

The version of apache is 2.2.14
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909448
You may want to try and newer level.  I am assuming you are having this problem:

https://issues.apache.org/jira/browse/KARAF-2476
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Sybux
ID: 39909494
One new step in debug.

The problem seems to be Ubuntu :)

I've set the username and password that is not working as the bind user in my ldap_auth.

In vi, I can see the password like this 1234Tëst in stead of 1234Tëst which is seen if I open the file in my windows notepad.

Do you have any ideas ?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39909702
How did you get the file from your Windows box to the Ubuntu box?

I would try using either sftp or standard FTP, but choose binary mode.

It looks like each box had different character encoding/language selected.
0
 

Author Comment

by:Sybux
ID: 39917099
No it's not a problem of file transfert. If I type the password 1234Tëst in the Apache prompt, it fails

but I type password 1234Tëst it works. So definitively it's a codepage problem but I can't figure where to correct it
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39917263
What language is Windows setup to use?

What language is Ubuntu setup to use?
0
 

Accepted Solution

by:
Sybux earned 0 total points
ID: 39928011
Finally, one of my engineer found the problem. It's a bug in apache 2.2.16 on module mod_authz_ldap.

It's corrected in patch 2.2.17.
0
 

Author Closing Comment

by:Sybux
ID: 39936342
Found ourselves
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Magento error 9 71
DNS Question 7 61
php54-php-imap for redhat enterprise linux 7.2 1 73
whm high memory usage in processes 7 69
In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
A short film showing how OnPage and Connectwise integration works.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now