Hi Folks, I am trying to integrate httpd with LDAP (Active Directory) but I am running into some trouble: Every time I try to login, here is what I see:
Tue Jul 05 09:23:50.471191 2016] [ssl:info] [pid 35839:tid 139644016523008] [client 10.204.1.1:51637] AH01964: Connection to child 66 established (server apachehost.my.com:443) [Tue Jul 05 09:23:50.471383 2016] [ssl:debug] [pid 35839:tid 139644016523008] ssl_engine_kernel.c(2101): [client 10.204.1.1:51637] AH02043: SSL virtual host for servername apachehost.my.com found [Tue Jul 05 09:23:50.487945 2016] [ssl:debug] [pid 35839:tid 139644016523008] ssl_engine_kernel.c(2028): [client 10.204.1.1:51637] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) [Tue Jul 05 09:23:50.488842 2016] [ssl:debug] [pid 35839:tid 139644016523008] ssl_engine_kernel.c(366): [client 10.204.1.1:51637] AH02034: Initial (No.1) HTTPS request received for child 66 (server apachehost.my.com:443) [Tue Jul 05 09:23:50.488887 2016] [authz_core:debug] [pid 35839:tid 139644016523008] mod_authz_core.c(809): [client 10.204.1.1:51637] AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [Tue Jul 05 09:23:50.488899 2016] [authz_core:debug] [pid 35839:tid 139644016523008] mod_authz_core.c(809): [client 10.204.1.1:51637] AH01626: authorization result of Require ldap-group "CN=Architecture Team,OU=Groups,OU=Core,DC=my,DC=com": denied (no authenticated user yet) [Tue Jul 05 09:23:50.488903 2016] [authz_core:debug] [pid 35839:tid 139644016523008] mod_authz_core.c(809): [client 10.204.1.1:51637] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [Tue Jul 05 09:23:50.488925 2016] [authnz_ldap:debug] [pid 35839:tid 139644016523008] mod_authnz_ldap.c(516): [client 10.204.1.1:51637] AH01691: auth_ldap authenticate: using URL ldaps:// my.com:636/DC=my,DC=com?sAMAccountNamei?sub?(objectclass=user) [Tue Jul 05 09:23:50.546246 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1790): AH00925: initializing worker http://appserver.my.com:8500/ shared [Tue Jul 05 09:23:50.546308 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1832): AH00927: initializing worker http://appserver.my.com:8500/ local [Tue Jul 05 09:23:50.546358 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1867): AH00930: initialized pool in child 53629 for (appserver.my.com) min=0 max=25 smax=25 [Tue Jul 05 09:23:50.546381 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1790): AH00925: initializing worker proxy:reverse shared [Tue Jul 05 09:23:50.546384 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1832): AH00927: initializing worker proxy:reverse local [Tue Jul 05 09:23:50.546396 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1867): AH00930: initialized pool in child 53629 for (*) min=0 max=25 smax=25 [Tue Jul 05 09:23:50.546415 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1785): AH00924: worker http://appserver.my.com:8500/ shared already initialized [Tue Jul 05 09:23:50.546425 2016] [proxy:debug] [pid 53629:tid 139644279056192] proxy_util.c(1827): AH00926: worker http://appserver.my.com:8500/ local already initialized [Tue Jul 05 09:23:50.546624 2016] [mpm_event:debug] [pid 53629:tid 139644108920576] event.c(2096): AH02471: start_threads: Using epoll [Tue Jul 05 09:23:50.587187 2016] [authnz_ldap:info] [pid 35839:tid 139644016523008] [client 10.204.1.1:51637] AH01695: auth_ldap authenticate: user testuser authentication failed; URI /ui [User not found][No such object] [Tue Jul 05 09:23:50.587224 2016] [auth_basic:error] [pid 35839:tid 139644016523008] [client 10.204.1.1:51637] AH01618: user testuser not found: /ui [Tue Jul 05 09:23:55.577658 2016] [ssl:debug] [pid 35839:tid 139643823490816] ssl_engine_io.c(1033): [remote 10.204.1.1:51637] AH02001: Connection closed to child 66 with standard shutdown (server apachehost.my.com:443) And here is the configuration snippet from httpd.conf: LDAPTrustedGlobalCert CA_BASE64 /usr/local/apache2/conf/certs/ldapCert.pem LDAPVerifyServerCert Off <Location /> AuthType Basic AuthLDAPBindDN "CN=ldap,OU=acct,DC=my,DC=com" AuthLDAPBindPassword ****** AuthBasicProvider ldap AuthName "LDAP - login" AuthLDAPURL "ldaps:// my.com:636/DC=my,DC=com?sAMAccountNamei?sub?(objectclass=user)" Require valid-user Require ldap-group "CN=Architecture Team,OU=Groups,OU=Core,DC=my,DC=com" AuthLDAPRemoteUserAttribute uid #RewriteEngine On #RewriteCond %{LA-U:REMOTE_USER} (.+) #RewriteRule .* - [E=RU:%1] #RequestHeader set REMOTE_USER %{RU}e </Location> Any clues on what I am missing or how to go about debugging this issue? Thanks in advance!
