Hi, Eric. Thank you for your answers. I´ve tried to do what you said, setting the directive AuthBasicProvider as below:
AuthBasicProvider ldap file But the problem is the same. Apache doen´t check the flat file, as you can see in the log below: ================================================================= [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(849): [5053] auth_ldap url parse: `ldap://ldapserver:3268/dc=domain,dc=com?cn' [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(858): [5053] auth_ldap url parse: Host: ldapserver:3268 [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(860): [5053] auth_ldap url parse: Port: 3268 [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(862): [5053] auth_ldap url parse: DN: dc=domain,dc=com [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(864): [5053] auth_ldap url parse: attrib: cn [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(866): [5053] auth_ldap url parse: scope: base [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(871): [5053] auth_ldap url parse: filter: (null) [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(951): LDAP: auth_ldap not using SSL connections [Tue Oct 21 15:49:38 2008] [debug] mod_authnz_ldap.c(373): [client 10.10.10.10] [5053] auth_ldap authenticate: using URL ldap://ldapserver:3268/dc=domain,dc=com?cn, referer: http://webserver [Tue Oct 21 15:49:38 2008] [warn] [client 10.10.10.10] [5053] auth_ldap authenticate: user admin authentication failed; URI /std/cgi-bin/login.cgi [ldap_simple_bind_s() to check user credentials failed][Invalid credentials], referer: http://webserver [Tue Oct 21 15:49:38 2008] [error] [client 10.10.10.10] user admin: authentication failure for "/std/cgi-bin/login.cgi": Password Mismatch, referer: http://webserver ================================================================= I´ve forgotten to send the Apache version: Installed Packages Name : httpd Arch : i386 Version: 2.2.3 Release: 11.el5_1.3 Size : 2.8 M Repo : installed Summary: Apache HTTP Server It is installed in a Red Hat Linux Server release 5.2. Thank you again. Rodney. On Tue, Oct 21, 2008 at 3:27 PM, Eric Covener <[EMAIL PROTECTED]> wrote: > On Tue, Oct 21, 2008 at 12:59 PM, Rodney Ramos <[EMAIL PROTECTED]> wrote: > > I´m trying to use the mod_authnz_ldap module to authenticate the users in > a > > Microsoft AD LDAP Server, but I´m having a lot of problems. > > > > The only configuration that worked was: > > > > AuthName "XXXX" > > AuthType Basic > > AuthBasicProvider ldap > > AuthLDAPUrl "ldap://ldapserver:3268/dc=domain,dc=com?cn"; > > AuthLDAPBindDN "ldap_bind_user" > > AuthLDAPBindPassword "ldap_bind_psw" > > AuthzLDAPAuthoritative off > > Require valid-user > > > > Questions: > > > > 1) Why should we use the port 3268 instead of the default one, 389? > > On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP > referrals. > > > > > 2) Why must we set the AuthzLDAPAuthoritative directive to off? > > you don't need it for 2.2.6 and later > > > > > The second problem occurred when I tried to make Apache authenticate the > > users first in a LDAP server and after, if it doens´t find the user > there, > > in a flat file. So I add the follow line, before the "Require valid-user" > > line: > > > > AuthUserFile /tmp/htpasswd.txt > > > > The problem is that Apache doesn´t try to use the flat file to > authenticante > > the users. It only uses the LDAP authenticate module, even though the > > directive AuthzLDAPAuthoritative is set to off. > > You need to tell basic auth to look there: > > AuthBasicProvider ldap file > > > > > -- > Eric Covener > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
