Apache AD / LDAP authentication issues.
by Gregory Machin
Hi.
Please advise if you can.
I'm trying to configure apache to authenticate to MS AD server 2008R2,
using LDAP.
I have created a user in AD that is member of "Users" and nothing
else. I can log into my workstation using this user with the password
I set.
My Apache configuration as follows :
# Basic authentication with LDAP against MS AD
AuthType Basic
AuthBasicProvider ldap
# AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter
# using this format: ldap://host:port/basedn?attribute?scope?filter
AuthLDAPURL "ldap://xxx.xxx.32.2:389
xxx.xxx.32.10:389/DC=ad,DC=mydom,DC=com?sAMAccountName?sub?(objectClass=*)"
NONE
# The LDAP bind username and password
AuthLDAPBindDN "CN=apache.serverapp04,CN=Users,DC=ad,DC=mydom,DC=com"
AuthLDAPBindPassword passwordxyz
# we want to allow authentication only through LDAP, no fallback
AuthzLDAPAuthoritative on
AuthUserFile /dev/null
# make sure REMOTE_USER is set to sAMAccountName
AuthLDAPRemoteUserAttribute sAMAccountName
# The name of this authentication realm
AuthName "Restricted Dir [Domain Account]"
# To authenticate single domain users, list them here
require ldap-user "greg.machin"
# to authenticate a domain group, specify the full DN
# AuthLDAPGroupAttributeIsDN on
#require ldap-group CN=acl_secure_exchange,OU=Global
Groups,OU=User,DC=frank4dd,DC=com
##### end LDAP #####
When I visit the site I get the expected login prompt, authentication
fails with my own account.
[Thu Dec 01 15:32:03 2011] [debug] mod_authnz_ldap.c(403): [client
xxx.xxx.69.196] [3471] auth_ldap authenticate: using URL
ldap://xxx.xxx.32.2:389
xxx.xxx.32.10:389/DC=ad,DC=mydom,DC=com?sAMAccountName?sub?(objectClass=*)
[Thu Dec 01 15:32:03 2011] [info] [client xxx.xxx.69.196] [3471]
auth_ldap authenticate: user greg authentication failed; URI / [LDAP:
ldap_simple_bind_s() failed][Invalid credentials]
[Thu Dec 01 15:32:03 2011] [error] [client xxx.xxx.69.196] user greg:
authentication failure for "/": Password Mismatch
This led me to an issue with the binddn configuration .. So I tried ldapseach
root@nzhmlwks0091:~# ldapsearch -h 192.168.32.2 -p 389 -D
"CN=apache.serverapp04,CN=Users,DC=ad,DC=mydom,DC=com" -w
"passwordxyz"
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1
So the problem is with the binddn , I configured the new user the same
as another user this is know to be working. A member of User and
"Domain Admins" (I don't want this user to have admin rites if I can
avoid it.)
What have I missed what should I change to get this working ?
Thanks
G
11 years, 9 months
- 2
- 1
Fedora15 : "Error activating XKB configuration" upon openbox,gnome log in
by ahmed ali
hi
i have this annoying problem , after i log in from KDM or GDM into
openbox or gnome , a message pop up saying : {
Error activating XKB configuration.
There can be various reasons for that.
If you report this situation as a bug, include the results of
• xprop -root | grep XKB
• gsettings get org.gnome.libgnomekbd.keyboard model
• gsettings get org.gnome.libgnomekbd.keyboard layouts
• gsettings get org.gnome.libgnomekbd.keyboard options
}
As requested :
$ xprop -root | grep XKB
_XKB_RULES_NAMES_BACKUP(STRING) = "evdev", "acer_laptop", "us,ara", "",
"terminate:ctrl_alt_bksp,terminate:ctrl_alt_bksp,grp:alt_shift_toggle"
_XKB_RULES_NAMES(STRING) = "evdev", "acer_laptop", "us,ara", "",
"terminate:ctrl_alt_bksp,terminate:ctrl_alt_bksp,grp:alt_shift_toggle"
==
$ gsettings get org.gnome.libgnomekbd.keyboard model
''
==
$ gsettings get org.gnome.libgnomekbd.keyboard layouts
['us\tqwerty']
==
$ gsettings get org.gnome.libgnomekbd.keyboard options
['terminate\tterminate:ctrl_alt_bksp']
==
note : i dont encounter this issue upon kde log in .
// further info :
X.org Log :
http://pastebin.com/dqN6kfgX
==
.x-session-errors :
http://pastebin.com/CWbnZYvK
==
/etc/sysconfig/keyboard :
http://pastebin.com/xEu8if1v
Ahmed .
11 years, 9 months
- 1
- 0
Help with "sudo yum update"
by Lucélio Gomes de Freitas
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi everybody,
I've never seen an error like this. Anybody helps?
=================================================================
[Lucelio@MAQ02 ~]$ uname -r
3.1.2-1.fc16.x86_64
[Lucelio@MAQ02 ~]$ sudo yum update
Plugins carregados: refresh-packagekit
Configurando o processo de atualização
Resolvendo dependências
- --> Executando verificação da transação
- ---> Package gtk2.i686 0:2.24.7-3.fc16 will be atualizado
- ---> Package gtk2.i686 0:2.24.8-2.fc16 will be an update
- ---> Package preupgrade.noarch 0:1.1.9-1.fc16 will be atualizado
- ---> Package preupgrade.noarch 0:1.1.10-1.fc16 will be an update
- --> Resolução de dependências finalizada
Error: Protected multilib versions: gtk2-2.24.8-2.fc16.i686 !=
gtk2-2.24.7-3.fc16.x86_64
[Lucelio@MAQ02 ~]$
=================================================================
So I can't update the system.
Thanks in advance.
- --
Lucélio Gomes de Freitas
ETFCSF-> U.G.F.-> P.U.C.(RJ)
Engº, Analista Suporte(Free Mind).
Email: aa.lucelio(a)gmail.com
Tel: 55 0XX 21 85964911
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iF4EAREIAAYFAk7WkLcACgkQENqGaHfBA/eC9gD9HEDn7ph5Km6BtnLouoriv3eW
NxOkqhVa9Jq68GnhnN4A/RuT2oabrYBkzyXoMbzBjFtvyuUAS/KM+PX4+0Ys+U0s
=0wn3
-----END PGP SIGNATURE-----
11 years, 9 months
- 5
- 22
passwordless sudo
by Hiisi
Hi, list!
I'm trying to set up passwordless sudo for myself. It's a shiny brand
new fresh-installed F16. During first boot I had been asked to create
a new user and put him to administrative group. I answered yes and
hence my user is able to run commands using sudo. However in
/etc/sudoers there's not a mention of my user. I've added the
following string to it:
hiisi ALL=(ALL) NOPASSWD: ALL
Apparently it has no effect - I have to enter password each time sudo
is invoked for the first time.
What the heck and how do I solve this mystery?
--
Hiisi.
Registered Linux User #487982. Be counted at: http://counter.li.org/
--
Spandex is a privilege, not a right.
11 years, 9 months
- 11
- 21