[EMAIL PROTECTED] Apache 2 on Windows
Just to let you know. The Apache Lounge is pulled down, because we have some (legal) issues. See http://www.apachelounge.com/ Sorry that we have to leave a lot of Windows users in the dark. Hopefully we can come back. I keep you informed. Steffen - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD
I'm trying to get Apache running on Windows to authenticate from the windows AD of the server. (I got Apache on unix to do this using mod_auth_pam). I was kind of expecting Apache on Windows to be easier (?) but am stuck with mod_auth_ldap. Has anyone got a simple example of doing this? Is there something other than ldap that I've missed? Thanks David Barham UGS Httpd.conf has Directory C:/temp/dbtest AllowOverride None Order allow,deny Allow from all AuthName DB area AuthType basic LDAP_Server {name of Windows DC} LDAP_Port 389 LDAP_Debug on Base_DN mydomainname as DC=foo, DC=bar Bind_DN [EMAIL PROTECTED] Bind_Pass my password UID_Attr UserPrincipalName #UID_Attr uid require valid-user /Directory # In error-log I see [mod_auth_ldap.c] (1214) - MAKING NEW CONNECTION, try# 10, pid=6100 [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] (1219) - cr-ld: 0xdc17e0, pid=6100 [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1243)] - Setting connect timeout to: 4 seconds [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1256)] - Successfully set connection timeout to 4 seconds [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (760) ] - Using LDAP filter: (UserPrincipalName={username typed into authentication dialog) [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - trying to bind with bind DN {Bind_DN username and password (not shown) [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - Bound successfully with DN {Bind DN username and password (not shown) [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - ldap_search_s() failed [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - Error: Can't connect to the LDAP server [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1298)] - Bind attempt# 10, cound not find DN for user {username typed into authentication dialog with attr UserPrincipalName [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1331)] - Tried to bind 10 times. Giving up. I've tried various UID_Attr and settled on UserPrincipalName after using LDAP to query AD and search for Dn: CN=Barham\, David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC={domain bit} 1 canonicalName: {domain bit}/Regions/EMEA/Cambridge/CBUsers/Barham, David; 1 cn: Barham, David; 1 distinguishedName: CN=Barham\, David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC=net{domain bit}; 4 objectClass: top; person; organizationalPerson; user; 1 name: Barham, David; - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD
Check out mod_auth_sspi Thanks, Tatham Oddie Fuel Advance - Ignite Your Idea www.fueladvance.com -Original Message- From: Barham, David [mailto:[EMAIL PROTECTED] Sent: Monday, 12 December 2005 9:59 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD I'm trying to get Apache running on Windows to authenticate from the windows AD of the server. (I got Apache on unix to do this using mod_auth_pam). I was kind of expecting Apache on Windows to be easier (?) but am stuck with mod_auth_ldap. Has anyone got a simple example of doing this? Is there something other than ldap that I've missed? Thanks David Barham UGS Httpd.conf has Directory C:/temp/dbtest AllowOverride None Order allow,deny Allow from all AuthName DB area AuthType basic LDAP_Server {name of Windows DC} LDAP_Port 389 LDAP_Debug on Base_DN mydomainname as DC=foo, DC=bar Bind_DN [EMAIL PROTECTED] Bind_Pass my password UID_Attr UserPrincipalName #UID_Attr uid require valid-user /Directory # In error-log I see [mod_auth_ldap.c] (1214) - MAKING NEW CONNECTION, try# 10, pid=6100 [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] (1219) - cr-ld: 0xdc17e0, pid=6100 [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1243)] - Setting connect timeout to: 4 seconds [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1256)] - Successfully set connection timeout to 4 seconds [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (760) ] - Using LDAP filter: (UserPrincipalName={username typed into authentication dialog) [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - trying to bind with bind DN {Bind_DN username and password (not shown) [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - Bound successfully with DN {Bind DN username and password (not shown) [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - ldap_search_s() failed [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - Error: Can't connect to the LDAP server [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1298)] - Bind attempt# 10, cound not find DN for user {username typed into authentication dialog with attr UserPrincipalName [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1331)] - Tried to bind 10 times. Giving up. I've tried various UID_Attr and settled on UserPrincipalName after using LDAP to query AD and search for Dn: CN=Barham\, David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC={domain bit} 1 canonicalName: {domain bit}/Regions/EMEA/Cambridge/CBUsers/Barham, David; 1 cn: Barham, David; 1 distinguishedName: CN=Barham\, David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC=net{domain bit}; 4 objectClass: top; person; organizationalPerson; user; 1 name: Barham, David; - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD
Finally found the correct incantation for mod_auth_ldap against a W2003AD. I hope this helps others. This was for Apache 2.0.29 and mod_auth_ldap 2.12 David Barham UGS Directory C:/temp/dbtest AllowOverride None Order allow,deny Allow from all AuthName DB test area AuthType basic LDAP_Server dc_name.etc.com {a domain controller} LDAP_Port 389 LDAP_Debug on LDAP_Protocol_Version 3 {very important, wouldn't work without it} Base_DN DC=net,DC=plm,DC=etc,DC=com Bind_DN [EMAIL PROTECTED] Bind_Pass {requires password} UID_Attr sAMAccountName {I couldn't find another attribute that matches 'username'} #require user barhamd {just a list of users} #require valid-user {anyone with a validated domain account} Group_Attr member {default of UniqueMember didn't work with my Windows AD} require group CN=GB-CBRTSD-GG,OU=CBGroups,OU=Cambridge,OU=EMEA,OU=Regions {member of a particular group} /Directory -Original Message- From: Tatham Oddie (Fuel Advance) [mailto:[EMAIL PROTECTED] Sent: 12 December 2005 11:13 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD Check out mod_auth_sspi Thanks, Tatham Oddie Fuel Advance - Ignite Your Idea www.fueladvance.com -Original Message- From: Barham, David [mailto:[EMAIL PROTECTED] Sent: Monday, 12 December 2005 9:59 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD I'm trying to get Apache running on Windows to authenticate from the windows AD of the server. (I got Apache on unix to do this using mod_auth_pam). I was kind of expecting Apache on Windows to be easier (?) but am stuck with mod_auth_ldap. Has anyone got a simple example of doing this? Is there something other than ldap that I've missed? Thanks David Barham UGS Httpd.conf has Directory C:/temp/dbtest AllowOverride None Order allow,deny Allow from all AuthName DB area AuthType basic LDAP_Server {name of Windows DC} LDAP_Port 389 LDAP_Debug on Base_DN mydomainname as DC=foo, DC=bar Bind_DN [EMAIL PROTECTED] Bind_Pass my password UID_Attr UserPrincipalName #UID_Attr uid require valid-user /Directory # In error-log I see [mod_auth_ldap.c] (1214) - MAKING NEW CONNECTION, try# 10, pid=6100 [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] (1219) - cr-ld: 0xdc17e0, pid=6100 [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1243)] - Setting connect timeout to: 4 seconds [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1256)] - Successfully set connection timeout to 4 seconds [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (760) ] - Using LDAP filter: (UserPrincipalName={username typed into authentication dialog) [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - trying to bind with bind DN {Bind_DN username and password (not shown) [Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - Bound successfully with DN {Bind DN username and password (not shown) [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - ldap_search_s() failed [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c] - Error: Can't connect to the LDAP server [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1298)] - Bind attempt# 10, cound not find DN for user {username typed into authentication dialog with attr UserPrincipalName [Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125] [mod_auth_ldap.c (1331)] - Tried to bind 10 times. Giving up. I've tried various UID_Attr and settled on UserPrincipalName after using LDAP to query AD and search for Dn: CN=Barham\, David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC={domain bit} 1 canonicalName: {domain bit}/Regions/EMEA/Cambridge/CBUsers/Barham, David; 1 cn: Barham, David; 1 distinguishedName: CN=Barham\, David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC=net{domain bit}; 4 objectClass: top; person; organizationalPerson; user; 1 name: Barham, David; - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support