[EMAIL PROTECTED] Apache 2 on Windows
Just to let you know. The Apache Lounge is pulled down, because we have some (legal) issues. See http://www.apachelounge.com/ Sorry that we have to leave a lot of Windows users in the dark. Hopefully we can come back. I keep you informed. Steffen - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD
I'm trying to get Apache running on Windows to authenticate from the
windows AD of the server. (I got Apache on unix to do this using
mod_auth_pam). I was kind of expecting Apache on Windows to be easier
(?) but am stuck with mod_auth_ldap.
Has anyone got a simple example of doing this? Is there something other
than ldap that I've missed?
Thanks
David Barham
UGS
Httpd.conf has
Directory C:/temp/dbtest
AllowOverride None
Order allow,deny
Allow from all
AuthName DB area
AuthType basic
LDAP_Server {name of Windows DC}
LDAP_Port 389
LDAP_Debug on
Base_DN mydomainname as DC=foo, DC=bar
Bind_DN [EMAIL PROTECTED]
Bind_Pass my password
UID_Attr UserPrincipalName
#UID_Attr uid
require valid-user
/Directory
#
In error-log I see
[mod_auth_ldap.c] (1214) - MAKING NEW CONNECTION, try# 10, pid=6100
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] (1219) - cr-ld: 0xdc17e0, pid=6100
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1243)] - Setting connect timeout to: 4 seconds
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1256)] - Successfully set connection timeout to 4
seconds
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (760) ] - Using LDAP filter:
(UserPrincipalName={username typed into authentication dialog)
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - trying to bind with bind DN {Bind_DN username and
password (not shown)
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - Bound successfully with DN {Bind DN username and
password (not shown)
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - ldap_search_s() failed
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - Error: Can't connect to the LDAP server
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1298)] - Bind attempt# 10, cound not find DN for user
{username typed into authentication dialog with attr
UserPrincipalName
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1331)] - Tried to bind 10 times. Giving up.
I've tried various UID_Attr and settled on UserPrincipalName after using
LDAP to query AD and search for
Dn: CN=Barham\,
David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC={domain bit}
1 canonicalName: {domain
bit}/Regions/EMEA/Cambridge/CBUsers/Barham, David;
1 cn: Barham, David;
1 distinguishedName: CN=Barham\,
David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC=net{domain bit};
4 objectClass: top; person; organizationalPerson; user;
1 name: Barham, David;
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD
Check out mod_auth_sspi
Thanks,
Tatham Oddie
Fuel Advance - Ignite Your Idea
www.fueladvance.com
-Original Message-
From: Barham, David [mailto:[EMAIL PROTECTED]
Sent: Monday, 12 December 2005 9:59 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD
I'm trying to get Apache running on Windows to authenticate from the
windows AD of the server. (I got Apache on unix to do this using
mod_auth_pam). I was kind of expecting Apache on Windows to be easier
(?) but am stuck with mod_auth_ldap.
Has anyone got a simple example of doing this? Is there something other
than ldap that I've missed?
Thanks
David Barham
UGS
Httpd.conf has
Directory C:/temp/dbtest
AllowOverride None
Order allow,deny
Allow from all
AuthName DB area
AuthType basic
LDAP_Server {name of Windows DC}
LDAP_Port 389
LDAP_Debug on
Base_DN mydomainname as DC=foo, DC=bar
Bind_DN [EMAIL PROTECTED]
Bind_Pass my password
UID_Attr UserPrincipalName
#UID_Attr uid
require valid-user
/Directory
#
In error-log I see
[mod_auth_ldap.c] (1214) - MAKING NEW CONNECTION, try# 10, pid=6100
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] (1219) - cr-ld: 0xdc17e0, pid=6100
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1243)] - Setting connect timeout to: 4 seconds
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1256)] - Successfully set connection timeout to 4
seconds
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (760) ] - Using LDAP filter:
(UserPrincipalName={username typed into authentication dialog)
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - trying to bind with bind DN {Bind_DN username and
password (not shown)
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - Bound successfully with DN {Bind DN username and
password (not shown)
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - ldap_search_s() failed
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - Error: Can't connect to the LDAP server
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1298)] - Bind attempt# 10, cound not find DN for user
{username typed into authentication dialog with attr
UserPrincipalName
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1331)] - Tried to bind 10 times. Giving up.
I've tried various UID_Attr and settled on UserPrincipalName after using
LDAP to query AD and search for
Dn: CN=Barham\,
David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC={domain bit}
1 canonicalName: {domain
bit}/Regions/EMEA/Cambridge/CBUsers/Barham, David;
1 cn: Barham, David;
1 distinguishedName: CN=Barham\,
David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC=net{domain bit};
4 objectClass: top; person; organizationalPerson; user;
1 name: Barham, David;
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache 2 on Windows authentication against W2003-AD
Finally found the correct incantation for mod_auth_ldap against a
W2003AD. I hope this helps others. This was for Apache 2.0.29 and
mod_auth_ldap 2.12
David Barham
UGS
Directory C:/temp/dbtest
AllowOverride None
Order allow,deny
Allow from all
AuthName DB test area
AuthType basic
LDAP_Server dc_name.etc.com {a domain controller}
LDAP_Port 389
LDAP_Debug on
LDAP_Protocol_Version 3 {very important, wouldn't work without it}
Base_DN DC=net,DC=plm,DC=etc,DC=com
Bind_DN [EMAIL PROTECTED]
Bind_Pass {requires password}
UID_Attr sAMAccountName {I couldn't find another attribute that
matches 'username'}
#require user barhamd {just a list of users}
#require valid-user {anyone with a validated domain account}
Group_Attr member {default of UniqueMember didn't work with my Windows
AD}
require group
CN=GB-CBRTSD-GG,OU=CBGroups,OU=Cambridge,OU=EMEA,OU=Regions {member of a
particular group}
/Directory
-Original Message-
From: Tatham Oddie (Fuel Advance) [mailto:[EMAIL PROTECTED]
Sent: 12 December 2005 11:13
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] Apache 2 on Windows authentication against
W2003-AD
Check out mod_auth_sspi
Thanks,
Tatham Oddie
Fuel Advance - Ignite Your Idea
www.fueladvance.com
-Original Message-
From: Barham, David [mailto:[EMAIL PROTECTED]
Sent: Monday, 12 December 2005 9:59 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Apache 2 on Windows authentication against
W2003-AD
I'm trying to get Apache running on Windows to authenticate from the
windows AD of the server. (I got Apache on unix to do this using
mod_auth_pam). I was kind of expecting Apache on Windows to be easier
(?) but am stuck with mod_auth_ldap.
Has anyone got a simple example of doing this? Is there something other
than ldap that I've missed?
Thanks
David Barham
UGS
Httpd.conf has
Directory C:/temp/dbtest
AllowOverride None
Order allow,deny
Allow from all
AuthName DB area
AuthType basic
LDAP_Server {name of Windows DC}
LDAP_Port 389
LDAP_Debug on
Base_DN mydomainname as DC=foo, DC=bar
Bind_DN [EMAIL PROTECTED]
Bind_Pass my password
UID_Attr UserPrincipalName
#UID_Attr uid
require valid-user
/Directory
#
In error-log I see
[mod_auth_ldap.c] (1214) - MAKING NEW CONNECTION, try# 10, pid=6100
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] (1219) - cr-ld: 0xdc17e0, pid=6100
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1243)] - Setting connect timeout to: 4 seconds
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1256)] - Successfully set connection timeout to 4
seconds
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (760) ] - Using LDAP filter:
(UserPrincipalName={username typed into authentication dialog)
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - trying to bind with bind DN {Bind_DN username and
password (not shown)
[Mon Dec 12 10:44:26 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - Bound successfully with DN {Bind DN username and
password (not shown)
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - ldap_search_s() failed
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c] - Error: Can't connect to the LDAP server
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1298)] - Bind attempt# 10, cound not find DN for user
{username typed into authentication dialog with attr
UserPrincipalName
[Mon Dec 12 10:44:27 2005] [error] [client 134.244.154.125]
[mod_auth_ldap.c (1331)] - Tried to bind 10 times. Giving up.
I've tried various UID_Attr and settled on UserPrincipalName after using
LDAP to query AD and search for
Dn: CN=Barham\,
David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC={domain bit}
1 canonicalName: {domain
bit}/Regions/EMEA/Cambridge/CBUsers/Barham, David;
1 cn: Barham, David;
1 distinguishedName: CN=Barham\,
David,OU=CBUsers,OU=Cambridge,OU=EMEA,OU=Regions,DC=net{domain bit};
4 objectClass: top; person; organizationalPerson; user;
1 name: Barham, David;
-
The official User-To-User support forum of the Apache HTTP Server
Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server
Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support
