Apache Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationApache Development
Reload this Page

Apache Active Directory Authentication Help

Discuss Apache Active Directory Authentication Help in the Apache Development forum on Dev Shed.
Apache Active Directory Authentication Help Apache Development forum discussing HTTP Server general topics, configuration, and modules. Apache is an open source web server that runs on multiple platforms.

Record onscreen activity, your voice & webcam video. Turn everyday presentations into HD-quality videos.

For perfectly clear screencasts every time.
At the IBM® developerWorks Developer Knowledge Center you'll find resources for FREE ekits, Tutorials, Webcasts, Trial Downloads and more.


We cover the world of technology like no one else, constantly updating you with the best information available on open source software, Microsoft technologies, hardware and news from around the world.

Try Camtasia Studio today!
Visit the IBM® Developer Knowledge Center today!
Sign up today!

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old June 4th, 2009, 09:16 AM
Webbgroup Webbgroup is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2000
Posts: 30 Webbgroup User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 23 m 35 sec
Reputation Power: 10
Apache Active Directory Authentication Help
Greetings everybody,

I am trying to authenticate users to a directory using Authz but am getting wacky results. I am either allowing everybody in who authenticates or authentication with a forbidden sign.

If I allow myself through "require user webb" it works perfectly.

<Location '/viewvc/testdirectory/'>
AuthType Basic
AuthName "Domain Credentials Required"
AuthzLDAPMethod ldap
AuthzLDAPServer ldap.example.com:389
AuthzLDAPLogLevel debug
AuthzLDAPBindDN "CN=ldap_query,OU=Service Accounts,OU=ISD,OU=GSO,DC=GSO,DC=Example,DC=com"
AuthzLDAPBindPassword "SECRET"
require group "CN=mygroup,OU=Groups,OU=Engineering,DC=gso,DC=example,DC=com"
#require valid-user
#require user webb
#Order allow,deny
#Allow from all
</Location>

The log results are below:

[webb@hostserver conf.d]$ sudo tail -f /var/log/httpd/error_log | grep 'client 192.168.0.5'
[Thu Jun 04 09:11:57 2009] [debug] mod_authnz_ldap.c(373): [client 192.168.0.5] [19097] auth_ldap authenticate: using URL ldap://ldap.Example.com:3268/DC=Example,DC=com?samAccountName?sub?(objectClass=*)
[Thu Jun 04 09:11:57 2009] [debug] mod_authnz_ldap.c(454): [client 192.168.0.5] [19097] auth_ldap authenticate: accepting webb
[Thu Jun 04 09:11:57 2009] [debug] mod_authnz_ldap.c(821): [client 192.168.0.5] [19097] auth_ldap authorise: declining to authorise
[Thu Jun 04 09:11:57 2009] [error] [client 192.168.0.5] [19097] search from 'CN=mygroup,OU=Groups,OU=Engineering,DC=gso,DC=example,DC=com' for '(member=(null))' returns -7 = 'Bad search filter'
Reply With Quote
  #2  
Old June 5th, 2009, 03:53 PM
Webbgroup Webbgroup is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2000
Posts: 30 Webbgroup User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 23 m 35 sec
Reputation Power: 10
Apparently, the parent directory permissions overrides the sub-directories on the server.

so if you have

/foo/1

Make sure you put the authz on /foo also before adding it to /foo/1
Reply With Quote
  #3  
Old June 11th, 2009, 03:40 PM
Webbgroup Webbgroup is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2000
Posts: 30 Webbgroup User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 23 m 35 sec
Reputation Power: 10
Ok here is my latest which authenticates me in. But now provides a 403 Forbidden page up.

I can get to the test page without the authentication, but with it it fails. The weird thing is that even with the forbidden message, nothing shows up in the error log or access log.

<Location '/test/'>
AuthType Basic
AuthName "Engineering Credentials Required"
AuthzLDAPMethod ldap
AuthzLDAPServer ldap.example.com:389
AuthzLDAPLogLevel debug
AuthzLDAPBindDN "CN=ldap_query,OU=Service Accounts,OU=ISD,OU=GSO,DC=GSO,DC=example,DC=com"
AuthzLDAPBindPassword SECRET
AuthzLDAPUserKey sAMAccountName
AuthzLDAPUserBase "DC=gso,DC=example,DC=com"
AuthzLDAPUserScope subtree
Require group CN=GSO-SVNDAVAuth,OU=GroupsENG,OU=Engineering,DC=gso,DC=example,DC=com
</Location>
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationApache Development > Apache Active Directory Authentication Help

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump




 Free IT White Papers!
 
How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.
 
Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.
 
Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.
 
Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.
 
Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 




© 2003-2009 by Developer Shed. All rights reserved. DS Cluster 5 Hosted by Hostway
Stay green...Green IT