We are trying to setup a company intranet server (apache 2.2.3-4+etch5) so that
it is available outside our LAN. However, we want users to be prompted for a
username and password when they are coming from the outside. We want the
authentication to use our AD LDAP server. We have this configuration running on
another nearly identical Debian 4.0 server and it works fine. However when we
try this configuration on the new intranet server the LDAP authentication
fails. Here is the setup that works on the old server which we are attempting
to duplicate on the new server:
<Location "/">
Allow from 192.168.1.0/24
Satisfy Any
Order deny,allow
Deny from all
Require valid-user
AuthType basic
AuthName "INTRANET"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPBindDN "cn=apache_user,cn=Users,dc=company,dc=com"
AuthLDAPBindPassword "abcefg"
AuthLDAPUrl "ldap://192.168.1.2:389
192.168.1.3:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=*)"
</Location>
We have done a tcpdump and compared the packet dump of a login attempt on both
the old and new servers. The communication is nearly identical until the new
server starts looking for the user account in the forest and other areas of the
directory. If we add cn=Users to the AuthLDAPUrl line on the server then it
also works fine. However, not all of our users on in cn=Users.
Is there a way to get around this problem?
What could we have possibly done on the old server so that it works with the
above config?
Thank you!
Andrew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
