Looks like you can't acccess the resource. See: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
The Authorization Phase During the authorization phase, mod_authnz_ldap attempts to determine if the user is authorized to access the resource. Many of these checks require mod_authnz_ldap to do a compare operation on the LDAP server. This is why this phase is often referred to as the compare phase. mod_authnz_ldap accepts the following Require directives to determine if the credentials are acceptable: Dan Stusynski -----Original Message----- From: Melanie Pfefer [mailto:[EMAIL PROTECTED] Sent: Friday, October 26, 2007 3:07 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] apache 2.2.4 and AD: authentication failed. Hi again, I changed the ldapurl and the logs changed to: [Fri Oct 26 09:58:11 2007] [debug] mod_authnz_ldap.c(376): [client 172.21.194.71] [13900] auth_ldap authenticate: using URL ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sAMAccountName?sub? [Fri Oct 26 09:58:11 2007] [debug] mod_authnz_ldap.c(475): [client 172.21.194.71] [13900] auth_ldap authenticate: accepting mpfefer [Fri Oct 26 09:58:11 2007] [debug] mod_authnz_ldap.c(847): [client 172.21.194.71] [13900] auth_ldap authorise: authorisation denied So in sum: authentication is ok. authorization is denied... What could be the cause?? thanks. --- Melanie Pfefer <[EMAIL PROTECTED]> wrote: > thanks Eric. No I need to bind to ldap: > > ldapsearch -D "uk.siroe.com\mpfefer" -w password -h iceman -b > "ou=users,dc=uk,dc=siroe,dc=com" > objectclass=* > > > so I changed this: > > AuthLDAPUrl > ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sub? > AuthLDAPBindDN "uk-siroe-com\mpfefer" > AuthLDAPBindPassword "password" > > > The logging changed: > > [Thu Oct 25 22:25:29 2007] [warn] [client 172.21.194.71] [27608] > auth_ldap authenticate: user mpfefer authentication failed; URI / > [User not found][No such object] [Thu Oct 25 22:25:29 2007] [error] > [client 172.21.194.71] user mpfefer not found: / > > --- Eric Covener <[EMAIL PROTECTED]> wrote: > > > On 10/25/07, Melanie Pfefer > > <[EMAIL PROTECTED]> wrote: > > > The browser returns Internal server error > > > > > > The log file returns this error > > > > > > [Thu Oct 25 21:21:36 2007] [debug] > > > mod_authnz_ldap.c(376): [client 172.21.194.71] > > [14657] > > > auth_ldap authenticate: using URL > > > > > > ldap://iceman/ou=users,dc=uk,dc=siroe,dc=com?sAMAccountName? > > > [Thu Oct 25 21:21:36 2007] [warn] [client 172.21.194.71] [14657] > > > auth_ldap authenticate: > > user > > > mpfefer authentication failed; URI / > > > [ldap_search_ext_s() for user failed][Operations error] > > > > Can't search for that userid anonymously? Might > want > > to try anonymous > > via command line to find mpfefers DN > > > > -- > > Eric Covener > > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server > > Project. > > See <URL:http://httpd.apache.org/userslist.html> > for > > more info. > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > " from the digest: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > ___________________________________________________________ > Yahoo! Answers - Got a question? Someone out there knows the answer. > Try it now. > http://uk.answers.yahoo.com/ > > --------------------------------------------------------------------- > The official User-To-User support forum of the > Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for > more info. > To unsubscribe, e-mail: > [EMAIL PROTECTED] > " from the digest: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > ___________________________________________________________ Want ideas for reducing your carbon footprint? Visit Yahoo! For Good http://uk.promotions.yahoo.com/forgood/environment.html --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
