[Date Prev][Date Next] [Chronological] [Thread] [Top]

Not able to authenticate Apache against OpenLDAP



I'm using Centos / RHEL 5.2 using the stock LDAP..  I'm trying to get Apache to authenicate with my LDAP server... Using other client software I can bind as the  user 'bob'.

Here is my Apache config:

<VirtualHost *:443>  ServerName addressbook-stage.acme.com
  AllowEncodedSlashes on  ProxyPass / http://domu-140.acme.com/
  ProxyPassReverse / http://domu-140.acme.com/
  <Proxy *>
   allow from all
   </Proxy>
  <Location />    
  AuthType Basic
     AuthName "Login with your Acme ID"    
     #AuthLDAPEnabled on
     AuthBasicProvider ldap    
     AuthLDAPURL ldap://192.168.150.140:389/ou=People,dc=acme,dc=com
     AuthLDAPBindDN uid=root,ou=People,dc=acme,dc=com    
     AuthLDAPBindPassword passwd
     #require group cn=it,ou=groups,dc=acme,dc=com
     require valid-user bob
  </Location>
</VirtualHost>

Here is my LDAP config:

access to attrs=userPassword
        by anonymous auth
        by self write
        by * none


# private LDAP Addressbook is readable and writable for the owner only
access  to dn.regex="(.*,)?ou=Contacts,uid=([^,]+),ou=People,(.*)$"
        by dn.regex="uid=$2,ou=People,$3" write
        by * none

# global LDAP Addressbook is writable for all authenticated users
# This entry has to be _before_ any other entry that matches the contact
# tree eg. the * entry
access to dn.subtree="ou=Contacts,dc=acme,dc=com"
    by users write
    by users read

# The admin dn has full write access
access to *
        by users read
        by peername="IP=192\.168\.150\.5" read


Here is the error from from OpenLDAP:


Aug 24 03:57:06 localhost slapd[23856]: conn=2 fd=14 ACCEPT from IP=192.168.150.5:59041 (IP=0.0.0.0:389)
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 RESULT tag=97 err=0 text=
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SRCH base="ou=People,dc=acme,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=bob))"
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND anonymous mech=implicit ssf=0
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 RESULT tag=97 err=0 text=
Aug 24 03:57:37 localhost slapd[23856]: conn=3 fd=17 ACCEPT from IP=192.168.150.5:59042 (IP=0.0.0.0:389)
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 RESULT tag=97 err=0 text=
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SRCH base="ou=People,dc=acme,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=bmason))"
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND anonymous mech=implicit ssf=0
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 RESULT tag=97 err=0 text=



--
<admiral>

Michael F. March ----- mmarch@gmail.com
Ph: (415)462-1910 ---- Fax: (602)296-0400
P.O. Box 2254 ---- Phoenix, AZ 85002-2254
         "Seriously" - HSR