[users@httpd] Apache 2 LDAP authentication against Apple Open Directory Server

Tue, 19 Jun 2007 16:36:04 -0700 

I am new to using mod_ldap and mod_auth_ldap to create an ACL for certain 
directories we want to limit access to. I've managed to get it working properly 
with OpenLDAP but we migrated to Apple's Open Directory Server on OSX, which 
from what I've read should act similar. This is not the case and I keep getting 
the following error in my Redhat EL4 Apache 2.0.55 error log whenever I try to 
login:

[Mon Jun 18 16:06:40 2007] [warn] [client 132.239.79.130] [18337] auth_ldap 
authenticate: user username authentication failed; URI /ldaptest/ 
[ldap_simple_bind_s() to check user credentials failed][Invalid credentials]

Here are the relevant sections in the httpd.conf:


LoadModule ldap_module modules/mod_ldap.so

LoadModule auth_ldap_module modules/mod_auth_ldap.so



....



<Directory "/www/docs/public/ldaptest">

        AuthType Basic

        AuthName "LDAP Test"

        AuthLDAPBindDN uid=adminuser,cn=users,dc=server,dc=ucsd,dc=edu

        AuthLDAPBindPassword secret

        AuthzLDAPAuthoritative off

        AuthLDAPURL 
ldap://server.ucsd.edu:389/cn=users,dc=server,dc=ucsd,dc=edu?uid

        AuthLDAPRemoteUserIsDN OFF

        require valid-user

</Directory>

No errors or warnings come up when the server is started and I don't see 
anything relevant on the OD log side, just the apache error above. Ideally I 
would like to authenticate with valid users and groups over an anonymous bind, 
but without the AuthLDAPBindDN it gives another error about [Invalid 
Credentials].

I've looked around online as much as I could, but I haven't found any other 
cases of GNU/Linux Apache2 servers using OSX OD server for an ACL. One solution 
that looks promising is using Apples mod_auth_apple, but I am unable to find 
the source code on the Darwin site for it to even attempt to compile it myself. 
The command ldapsearch works fine from the shell and I can query users 
anonymously or authenticated without any problems. If anyone has had any 
experience with this type of setup or could offer any help I would be most 
grateful, thank you.

Specifics:
Client Server: Redhat EL4 - Apache 2.0.55 - Standard install
LDAP Server: Apple OS X 10.4.9 - Open Directory Master - Directory Binding 
Enabled, SSL Enabled, All Hash and Authentication Methods checked

Micheal Waltz
System Administrator
UCSD Educational Computing
858-822-3959
http://meded.ucsd.edu/edcom

Reply via email to